AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities

Krupp, Johannes and Grishchenko, Ilya and Rossow, Christian
(2022) AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities.
In: USENIX Security Symposium (USENIX Security), 2022..
Conference: USENIX-Security Usenix Security Symposium

[img]
Preview
 Text
AmpFuzz.pdf
Download (912kB) | Preview

Abstract

Amplification DDoS attacks remain a prevalent and severe threat to the Internet, with recent attacks reaching the Tbps range. However, all amplification attack vectors known to date were either found by researchers through laborious manual analysis or could only be identified postmortem following large attacks. Ideally, though, an attack vector is discovered and mitigated before the first attack can occur. To this end, we present AMPFUZZ, the first systematic approach to finding amplification vectors in UDP services in a protocol-agnostic way. AMPFUZZ is based on the state-of-the-art greybox fuzzing boosted by a novel technique to make fuzzing UDP-aware, which significantly increases performance. We evaluate AMPFUZZ on 28 Debian network services, where we (re-)discover 7 known and 6 previously unreported amplification vulnerabilities.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Divisions: Christian Rossow (System Security Group, SysSec)
Conference: USENIX-Security Usenix Security Symposium
Depositing User: Christian Rossow
Date Deposited: 03 May 2022 14:34
Last Modified: 12 Jun 2022 06:21
Primary Research Area: NRA3: Threat Detection and Defenses
URI: https://publications.cispa.saarland/id/eprint/3643

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.