Internet Scale DoS Attacks

Abstract

Internet scale DoS attack is a new evolution of conventional flooding DoS attack with the inspiration of shutting down the Internet due to its vulnerable infrastructure. Past DoS attacks directly attacked the victim, usually a single host. Consequently, defences were designed to identify the excessive traffic or filter illegitimate traffic. From the early two thousand, Internet scale DoS attacks started to appear. They aimed to disable highly connected routers or large links with a legitimate action in the form of low-rate traffic or high-rate wanted traffic with protocol messages that are unfiltered by congestion control. The latter can be more devastating due to its global impact therefore attracts the attention of researchers and some applications are now available. The goal of this paper is to introduce Internet scale DoS attack and to survey its theoretical underpinnings and experimental applications. Several attacking techniques will be presented, as well as their effects on the connectivity of the Internet. A comparison will be carried out among them to expose their pros and cons in order to study the possibility of their integration via usage of several botnets for destroying the Internet connectivity. Our discussion aims to clarify new directions that DoS, DoS defence and Internet design research can follow.

Keywords

• Internet topology, complex networks, communication system security, routing protocols, TCPIP

Original Research Paper

Abstract

References

1. M. Handley and E. Rescorla, “Internet Denial-of-Service Considerations,” RFC 4732, 2006.
2. (2000) Yahoo on Trail of Site Hackers. [Online]. Available: http://www.wired.com/techbiz/media/news/2000/02/34221
3. (2002) Powerful attack cripples majority of key Internet computers. [Online]. Available: http://www.securityfocus.com/news/1400
4. (2010) Operation Payback cripples MasterCard site in revenge for WikiLeaks ban. [Online]. Available: http://www.theguardian.com/media/2010/dec/08/operation-payback-mastercard-website-wikileaks
5. (2013) DDoS: Lessons from Phase 2 Attacks. [Online]. Available: http://www.bankinfosecurity.com/ddos-attacks-lessons-from-phase-2-a-5420/op-1
6. H. F. Lipson, “Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy,” CERT Coordination Center, 2002.
7. J. Mirkovic and P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms,” in Proc. ACM SIGCOMM, 2004.
8. N. Long and R. Thomas, “Trends in Denial of Service Attack Technology,” CERT Coordination Center, 2001.

9. (1997) CERT/CC Denial of Service. [Online]. Available: http://www.cert.org/tech_tips/denial_of_service.html
10. W. Stallings and L. Brown, Computer Security: Principles and Practice, Pearson, 2008.
11. C. Douligeris and A. Mitrokotsa, “DDoS attacks and defense mechanisms: classification and state-of-the-art,” Computer Networks, 2004.
12. M. Abliz, “Internet Denial of Service Attacks and Defense Mechanisms,” University of Pittsburgh, Department of Computer Science, Technical Report, 2011.
13. (2010) Perhaps the First DoS Attack. [Online]. Available: http://www.platohistory.org/blog/2010/02/perhaps-the-first-denial-of-service-attack.html
14. K. Scarfone and K. Masone, “Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology,” National Institute of Standards and Technology, 2008.
15. (2013) RioRey Taxonomy of DDoS Attacks. [Online]. Available: https://riorey.com/x-resources/2013/RioRey_Taxonomy_DDoS_Attacks_2.4_2013.pdf
16. (1996) CERT Advisory CA-1996-01 UDP Port Denial-of-Service Attack. [Online]. Available: http://www.cert.org/advisories/CA-1996-01.html
17. B. K. Lokesh, “Denial of Service Attacks - DDOS, SMURF, FRAGGLE, TRINOO,” 2001.
18. (1996) CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks. [Online]. Available: http://www.cert.org/advisories/CA-1996-21.html
19. T. Peng, C. Leckie, and K. Ramamohanarao, “Survey of Network Based Defense Mechanisms Countering the DoS and DDoS Problems,” in Proc. ACM-CSUR, 2007.
20. G. Malkin, “Internet Users’ Glossary,” RFC 1983, 1996.
21. J. Postel, “Internet Control Message Protocol,” RFC 792, 1981.
22. H. Burch, “Tracing Anonymous Packets to Their Approximate source,” in Proc. 14th Systems Administration Conference, 2000.
23. J. Postel, “Transmission Control Protocol,” RFC 793, 1981.
24. J. Postel, “User Datagram Protocol,” RFC 768, 1980.
25. Y. Rehkter, T. Li, S. Hares, “A Border Gateway Protocol 4,” RFC 4271, 2006.
26. J. Nazario, “Black Energy DDoS Bot Analysis,” Arbor Networks, 2007.
27. M. V. Steen, Graph Theory and Complex Networks, 2010.
28. A. L. Barabasi and E. Bonabeau, “Scale-Free Networks,” Scientific American, 2003.
29. M. Faloutsos, P. Faloutsos, and C. Faloutsos, “On power-law relationships of the Internet Topology,” National Science Foundation, 1999.
30. R. Albert, H. Jeong, and A.-L. Barabasi, “Error and Attack Tolerance of Complex Networks,” Nature, 2003.
31. S. Tauro, C. Palmer, G. Siganos, and M. Faloutsos, “A Simple Conceptual Model for the Internet Topology,” National Science Foundation, 2001.
32. (2013) The Internet Map. [Online]. Available: http://internet-map.net/
33. D. Magoni, “Tearing Down the Internet,” IEEE Journal on Selected Areas in Communications, 2003.
34. (2013) NetSizer: Internet growth forecasting tool. [Online]. Available: http://www.netsizer.com/
35. A. Kuzmanovic and E. Knightly, “Low Rate TCP Targeted Denial of Service Attacks,” in Proc. SIGCOMM, 2003.
36. V. Paxson, M. Allman, J. Chu, and M. Sargent, “Computing TCP’s Retransmission Timer,” RFC 6298, 2011.
37. J. Hawkinson and T. Bates, “Guidelines for creation, selection, and registration of an Autonomous System,” RFC 1930, 1996.
38. G. Malkin, “RIP Version 2,” RFC 2453, 1998.
39. J. Moy, “OSPF Version 2,” RFC 2328, 1998.
40. L. L. Peterson, B. S. Davie, Computer Networks, Morgan Kaufmann Publishers, 2010.
41. M. Schuchard, Y. Vasserman, A. Mohaisen, D. F. Kune, N. Hopper, and Y. Kim, “Losing Control of the Internet: Using the Data Plane to attack to Control Plane,” in Proc. NDSS, ACM, 2010.
42. K. Sriram, D. Montgomery, O. Borchert, O. Kim, and D. R Kuhn, “Study of BGP Peering Session Attacks and Their Impacts on Routing Performance,” IEEE Journal on Selected Areas in Communications: Special issue on High-Speed Network Security, 2006.
43. F. Wang, Z. M. Mao, J. Wang, L. Gao, and R. Bush, “A Measurement Study on the Impact of Routing Events on End to End Internet Path Performance,” in Proc. SIGCOMM, 2006.
44. Y. Zhang, Z. M. Mao, and J. Wang, “Low Rate TCP Targeted DoS Attack Disrupts Internet Routing,” in Proc. 14th Annual Network and Distributed System Security Symposium, 2007.
45. C. Labovitz, A. Ahuja and F. Jahanian, “Experimental Study of Internet Stability and Wide-Area Network Failures,” National Science Foundation, 1999.
46. C. Labovitz, R. Malan, and F. Jahanian, “Internet Routing Instability,” IEEE/ACM Transactions on Networking, 1998.
47. A. Shaikh, L. Kalampoukas, R. Dube, and A. Varma, “Routing Stability in Congested Networks: Experimentation and Analysis,” in Proc. ACM SIGCOMM, 2000.
48. (2013) BGP Routing Table Analysis. [Online]. Available: http://bgp.potaroo.net/
49. (2013) BGP Instability Report. [Online]. Available: http://bgpupdates.potaroo.net/instability/bgpupd.html
50. A. Studer and A. Perrig, “The Coremelt Attack,” in Proc. ESORICS, 2010.
51. S. Savage, N. Cardwell, D. Wetherall, and T. Anderson, “TCP Congestion Control with a Misbehaving Receiver,” National Science Foundation, USENIX, 1999.
52. (2013) CAIDA: As relationships dataset. [Online]. Available: http://www.caida.org/data/as-relationships/
53. M. Schuchard, “Stormcaller Simulator,” 2010.