Assessment of a Vulnerability in Iterative Servers Enabling Low-Rate DoS Attacks

  • Gabriel Maciá-Fernández
  • Jesús E. Díaz-Verdejo
  • Pedro García-Teodoro
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4189)


In this work, a vulnerability in iterative servers is described and exploited. The vulnerability is related to the possibility of acquiring some statistics about the time between two consecutive service responses generated by the server under the condition that the server has always requests to serve. By exploiting this knowledge, an intruder is able to carry out a DoS attack characterized by a relatively low-rate traffic destined to the server. Besides the presentation of the vulnerability, an implementation of the attack has been simulated and tested in a real environment. The results obtained show an important impact in the performance of the service provided by the server to legitimate users (DoS attack) while a low effort, in terms of volume of generated traffic, is necessary for the attacker. Besides, this attack compares favourably with a naive (brute-force) attack with the same traffic rate. Therefore, the proposed attack would easily pass through most of current IDSs, designed to detect high volumes of traffic.


Service Time Intrusion Detection System Round Trip Time Legitimate User Request Packet 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Computer Security Institute and Federal Bureau of Investigation: CSI/FBI Computer crime and security survey 2001, CSI (March 2001), Available from:
  2. 2.
    Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)CrossRefGoogle Scholar
  3. 3.
    Williams, M.: Ebay, amazon, hit by attacks, 02/09/00. IDG News Service 02/09/00 (2000) (visited, 18.10.2000),
  4. 4.
    CERT Coordination Center. Denial of Service attacks. Available at:
  5. 5.
    Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial of Service activity. In: Proceedings of the USENIX Security Symposium, Washington, DC, USA, pp. 9–22 (2001)Google Scholar
  6. 6.
    Ferguson, P., Senie, D.: Network ingress filtering: defeating Denial of Service attacks which employ IP source address spoofing. In: RFC 2827 (2001)Google Scholar
  7. 7.
    Global Incident analysis Center: Special Notice - Egress filtering. Available from:
  8. 8.
    Geng, X., Whinston, A.B.: Defeating Distributed Denial of Service attacks. IEEE IT Professional 2(4), 36–42 (2000)CrossRefGoogle Scholar
  9. 9.
    Weiler, N.: Honeypots for Distributed Denial of Service. In: Proceedings of the Eleventh IEEE International Workshops Enabling Technologies: Infrastructure for Collaborative Enterprises 2002, Pitsburgh, PA, USA, June 2002, pp. 109–114 (2002)Google Scholar
  10. 10.
    Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers Univ. (March 2000)Google Scholar
  11. 11.
    Talpade, R.R., Kim, G., Khurana, S.: NOMAD: Traffic-based network monitoring framework for anomaly detection. In: Proc. of IEEE Symposium on Computers and Communications, pp. 442–451 (1999)Google Scholar
  12. 12.
    Cabrera, J., et al.: Proactive detection of distributed denial of service attacks using MIB traffic variables - a feasibility study. In: Proc. of the IFIP/IEEE International Symposium on Integrated Network Management (2001)Google Scholar
  13. 13.
    Mirkovic, J., Prier, G., Reiher, P.: Attacking DDoS at the source. In: Proc.of ICNP 2002, pp. 312–321 (2002)Google Scholar
  14. 14.
    Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Networks 44(5), 643–666 (2004)CrossRefGoogle Scholar
  15. 15.
    Kuzmanovic, A., Knightly, E.: Low rate TCP-targeted denial of service attacks (The shrew vs. the mice and elephants). In: Proc. ACM SIGCOMM 2003, August 2003, pp. 75–86 (2003)Google Scholar
  16. 16.
    SANS Institute: NAPTHA: A new type of Denial of Service Attack. Available at:
  17. 17.
    Adas, A.: Traffic models in broadband networks. IEEE commun. Mag. 35(7), 82–89 (1997)CrossRefGoogle Scholar
  18. 18.
    Izquierdo, M., Reeves, D.: A survey of statistical source models for variable-bit-rate compressed video. In: Multimedia systems, pp. 199–213. Springer, Berlin (1999)Google Scholar
  19. 19.
    Walpole, R.E., Myers, R.H., Myers, S.L.: Probability and Statistics for Engineers and Scientists, 6th edn. Prentice Hall College Div. (1997) ISBN: 0138402086Google Scholar
  20. 20.
    Fall, K., Varadhan, K.: The ns manual, Available at:
  21. 21.
    D’Agostino, R., Stephens, M.: Goodness-of-Fit Techniques. Marcel Dekker, Inc. (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Gabriel Maciá-Fernández
    • 1
  • Jesús E. Díaz-Verdejo
    • 1
  • Pedro García-Teodoro
    • 1
  1. 1.Dep. of Signal Theory, Telematics and CommunicationsUniversity of GranadaGranada(Spain)

Personalised recommendations