Abstract
In this work, a vulnerability in iterative servers is described and exploited. The vulnerability is related to the possibility of acquiring some statistics about the time between two consecutive service responses generated by the server under the condition that the server has always requests to serve. By exploiting this knowledge, an intruder is able to carry out a DoS attack characterized by a relatively low-rate traffic destined to the server. Besides the presentation of the vulnerability, an implementation of the attack has been simulated and tested in a real environment. The results obtained show an important impact in the performance of the service provided by the server to legitimate users (DoS attack) while a low effort, in terms of volume of generated traffic, is necessary for the attacker. Besides, this attack compares favourably with a naive (brute-force) attack with the same traffic rate. Therefore, the proposed attack would easily pass through most of current IDSs, designed to detect high volumes of traffic.
Chapter PDF
References
Computer Security Institute and Federal Bureau of Investigation: CSI/FBI Computer crime and security survey 2001, CSI (March 2001), Available from: http://www.gocsi.com
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Williams, M.: Ebay, amazon, buy.com hit by attacks, 02/09/00. IDG News Service 02/09/00 (2000) (visited, 18.10.2000), http://www.nwfusion.com/news/2000/0209attack.html
CERT Coordination Center. Denial of Service attacks. Available at: http://www.cert.org/tech_tips/denial_of_service
Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial of Service activity. In: Proceedings of the USENIX Security Symposium, Washington, DC, USA, pp. 9–22 (2001)
Ferguson, P., Senie, D.: Network ingress filtering: defeating Denial of Service attacks which employ IP source address spoofing. In: RFC 2827 (2001)
Global Incident analysis Center: Special Notice - Egress filtering. Available from: http://www.sans.org/y2k/egress.htm
Geng, X., Whinston, A.B.: Defeating Distributed Denial of Service attacks. IEEE IT Professional 2(4), 36–42 (2000)
Weiler, N.: Honeypots for Distributed Denial of Service. In: Proceedings of the Eleventh IEEE International Workshops Enabling Technologies: Infrastructure for Collaborative Enterprises 2002, Pitsburgh, PA, USA, June 2002, pp. 109–114 (2002)
Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers Univ. (March 2000)
Talpade, R.R., Kim, G., Khurana, S.: NOMAD: Traffic-based network monitoring framework for anomaly detection. In: Proc. of IEEE Symposium on Computers and Communications, pp. 442–451 (1999)
Cabrera, J., et al.: Proactive detection of distributed denial of service attacks using MIB traffic variables - a feasibility study. In: Proc. of the IFIP/IEEE International Symposium on Integrated Network Management (2001)
Mirkovic, J., Prier, G., Reiher, P.: Attacking DDoS at the source. In: Proc.of ICNP 2002, pp. 312–321 (2002)
Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Networks 44(5), 643–666 (2004)
Kuzmanovic, A., Knightly, E.: Low rate TCP-targeted denial of service attacks (The shrew vs. the mice and elephants). In: Proc. ACM SIGCOMM 2003, August 2003, pp. 75–86 (2003)
SANS Institute: NAPTHA: A new type of Denial of Service Attack. Available at: http://rr.sans.org/threats/naptha2.php
Adas, A.: Traffic models in broadband networks. IEEE commun. Mag. 35(7), 82–89 (1997)
Izquierdo, M., Reeves, D.: A survey of statistical source models for variable-bit-rate compressed video. In: Multimedia systems, pp. 199–213. Springer, Berlin (1999)
Walpole, R.E., Myers, R.H., Myers, S.L.: Probability and Statistics for Engineers and Scientists, 6th edn. Prentice Hall College Div. (1997) ISBN: 0138402086
Fall, K., Varadhan, K.: The ns manual, Available at: http://www.isi.edu/nsnam/ns/
D’Agostino, R., Stephens, M.: Goodness-of-Fit Techniques. Marcel Dekker, Inc. (1986)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maciá-Fernández, G., Díaz-Verdejo, J.E., García-Teodoro, P. (2006). Assessment of a Vulnerability in Iterative Servers Enabling Low-Rate DoS Attacks. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds) Computer Security – ESORICS 2006. ESORICS 2006. Lecture Notes in Computer Science, vol 4189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11863908_31
Download citation
DOI: https://doi.org/10.1007/11863908_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44601-9
Online ISBN: 978-3-540-44605-7
eBook Packages: Computer ScienceComputer Science (R0)