Slow TCAM Exhaustion DDoS Attack

  • Túlio A. Pascoal
  • Yuri G. Dantas
  • Iguatemi E. Fonseca
  • Vivek Nigam
Conference paper

DOI: 10.1007/978-3-319-58469-0_2

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 502)
Cite this paper as:
Pascoal T.A., Dantas Y.G., Fonseca I.E., Nigam V. (2017) Slow TCAM Exhaustion DDoS Attack. In: De Capitani di Vimercati S., Martinelli F. (eds) ICT Systems Security and Privacy Protection. SEC 2017. IFIP Advances in Information and Communication Technology, vol 502. Springer, Cham

Abstract

Software Defined Networks (SDN) facilitate network management by decoupling the data plane which forwards packets using efficient switches from the control plane by leaving the decisions on how packets should be forwarded to a (centralized) controller. However, due to limitations on the number of forwarding rules a switch can store in its TCAM memory, SDN networks have been subject to saturation and TCAM exhaustion attacks where the attacker is able to deny service by forcing a target switch to install a great number of rules. An underlying assumption is that these attacks are carried out by sending a high rate of unique packets. This paper shows that this assumption is not necessarily true and that SDNs are vulnerable to Slow TCAM exhaustion attacks (Slow-TCAM). We analyse this attack arguing that existing defenses for saturation and TCAM exhaustion attacks are not able to mitigate Slow-TCAM due to its relatively low traffic rate. We then propose a novel defense called SIFT based on selective strategies demonstrating its effectiveness against the Slow-TCAM attack.

Keywords

DDoS attacks SDN Low-Rate attacks Selective defenses 

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  • Túlio A. Pascoal
    • 1
  • Yuri G. Dantas
    • 2
  • Iguatemi E. Fonseca
    • 1
  • Vivek Nigam
    • 1
    • 3
  1. 1.Federal University of ParaíbaJoão PessoaBrazil
  2. 2.TU DarmstadtDarmstadtGermany
  3. 3.fortissMunichGermany

Personalised recommendations