Optimizing Recurrent Pulsing Attacks using Application-Layer Amplification of Open DNS Resolvers

Bushart, Jonas
(2018) Optimizing Recurrent Pulsing Attacks using Application-Layer Amplification of Open DNS Resolvers.
In: 12th USENIX Workshop on Offensive Technologies (WOOT 18).
Conference: WOOT USENIX Workshop on Offensive Technologies

[img]
Preview
 Text
2018-woot.pdf
Download (451kB) | Preview
Official URL: https://www.usenix.org/conference/woot18/presentat...

Abstract

Shrew attacks or pulsing attacks are low-bandwidth network-level/layer-3 denial-of-service attacks. They target TCP connections by selectively inducing packet loss to affect latency and throughput. We combine the recently presented DNS CNAME-chaining attack with temporal lensing, a variant of pulsing attacks, to create a new, harder to block attack. For an attack, thousands of DNS resolvers have to be coordinated. We devise an optimization problem to find the perfect attack and solve it by using a genetic algorithm. The results show pulses created with our attack are 14 times higher than the attacker’s average bandwidth. Finally, we present countermeasures applicable to pulsing and CNAME-chaining, which also apply to this attack.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Divisions: Christian Rossow (System Security Group, SysSec)
Conference: WOOT USENIX Workshop on Offensive Technologies
Depositing User: Jonas Bushart
Date Deposited: 30 Aug 2018 10:00
Last Modified: 24 Oct 2020 15:32
Primary Research Area: NRA3: Threat Detection and Defenses
URI: https://publications.cispa.saarland/id/eprint/2634

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.