LoRDAS: A Low-Rate DoS Attack against Application Servers

Maciá-Fernández, Gabriel; Díaz-Verdejo, Jesús E.; García-Teodoro, Pedro; de Toro-Negro, Francisco

doi:10.1007/978-3-540-89173-4_17

Gabriel Maciá-Fernández¹⁸,
Jesús E. Díaz-Verdejo¹⁸,
Pedro García-Teodoro¹⁸ &
…
Francisco de Toro-Negro¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5141))

Included in the following conference series:

International Workshop on Critical Information Infrastructures Security

1251 Accesses
10 Citations

Abstract

In a communication network, there always exist some specific servers that should be considered a critical infrastructure to be protected, specially due to the nature of the services that they provide. In this paper, a low-rate denial of service attack against application servers is presented. The attack gets advantage of known timing mechanisms in the server behaviour to wisely strike ON/OFF attack waveforms that cause denial of service, while the traffic rate sent to the server is controlled, thus allowing to bypass defense mechanisms that rely on the detection of high rate traffics. First, we determine the conditions that a server should present to be considered a potential victim of this attack. As an example, the persistent HTTP server case is presented, being the procedure for striking the attack against it described. Moreover, the efficiency achieved by the attack is evaluated in both simulated and real environments, and its behaviour studied according to the variations on the configuration parameters. The aim of this work is to denounce the feasibility of such attacks in order to motivate the development of defense mechanisms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

CERT coordination Center. Denial of Service Attacks, http://www.cert.org/tech_tips/denial_of_service.html
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Article Google Scholar
Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial of Service. Attack and Defense Mechanisms. Prentice-Hall, Englewood Cliffs (2004)
Google Scholar
Kuzmanovic, A., Knightly, E.: Low Rate TCP-targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants). In: Proc. ACM SIGCOMM 2003, August 2003, pp. 75–86 (2003)
Google Scholar
Maciá-Fernández, G., Díaz-Verdejo, J.E., García-Teodoro, P.: Assessment of a Vulnerability in Iterative Servers Enabling Low-Rate DoS Attacks. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 512–526. Springer, Heidelberg (2006)
Chapter Google Scholar
Siris, V.A., Papagalou, F.: Application of anomaly detection algorithms for detecting SYN flooding attacks. Computer Communications 29(9), 1433–1442 (2006)
Article Google Scholar
Huang, Y., Pullen, J.: Countering denial of service attacks using congestion triggered packet sampling and filtering. In: Proceedings of the 10th International Conference on Computer Communications and Networks (2001)
Google Scholar
Gil, T.M., Poleto, M.: MULTOPS: a data-structure for bandwidth attack detection. In: Proceedings of 10th USENIX Security Symposium (2001)
Google Scholar
Zaki, M.J., Li, W., Parthasarathy, S.: Customized dynamic load balancing for a network of workstations. In: Fifth IEEE International Symposium on High Performance Distributed Computing (HPDC-5 1996), pp. 282–291 (1996)
Google Scholar
Liu, Z., Niclausse, N., Jalpa-Villanueva, C.: Traffic model and performance evaluation of Web servers. Performance Evaluation 46(2-3), 77–100 (2001)
Article MATH Google Scholar
Song, T.T.: Fundamentals of Probability and Statistics for Engineers. John Wiley, Chichester (2004)
Google Scholar
Network Simulator 2, http://www.isi.edu/nsnam/ns/
Fielding, R., Irvine, U.C., Gettys, J., Mogul, J., Frystyk, H., Berners-Lee, T.: RFC2068, Hypertext Transfer Protocol - HTTP/1.1, Network Working Group (January 1997)
Google Scholar

Download references

Author information

Authors and Affiliations

Dpt. of Signal Theory, Telematics and Communications, University of Granada, c/ Daniel Saucedo Aranda, s/n, 18071, Granada, Spain
Gabriel Maciá-Fernández, Jesús E. Díaz-Verdejo, Pedro García-Teodoro & Francisco de Toro-Negro

Authors

Gabriel Maciá-Fernández
View author publications
You can also search for this author in PubMed Google Scholar
Jesús E. Díaz-Verdejo
View author publications
You can also search for this author in PubMed Google Scholar
Pedro García-Teodoro
View author publications
You can also search for this author in PubMed Google Scholar
Francisco de Toro-Negro
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, University of Malaga, 29071, Málaga, Spain
Javier Lopez
Hochschule Technik und Architektur Luzern (HTA), Bodenhofstraße 29, 6005, Luzern, Switzerland
Bernhard M. Hämmerli

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Maciá-Fernández, G., Díaz-Verdejo, J.E., García-Teodoro, P., de Toro-Negro, F. (2008). LoRDAS: A Low-Rate DoS Attack against Application Servers. In: Lopez, J., Hämmerli, B.M. (eds) Critical Information Infrastructures Security. CRITIS 2007. Lecture Notes in Computer Science, vol 5141. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89173-4_17

Download citation

DOI: https://doi.org/10.1007/978-3-540-89173-4_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89095-9
Online ISBN: 978-3-540-89173-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics