Investigando o Uso de CoAP em ataques DRDoS
Resumo
Ataques distribuídos de negação de serviço por reflexão (Distributed Reflection Denial of Service, DRDoS) são ataques realizados pela Internet que visam saturar vítimas com tráfego de rede, causando assim a indisponibilidade de serviços e/ou da própria rede. Um dos protocolos mais recentes no cenários de DRDoS é o CoAP (Constrained Application Protocol), voltado a dispositivos IoT. Este trabalho descreve um honeypot desenvolvido para observar ataques DRDoS usando o CoAP, e apresenta uma análise preliminar de dados coletados pelo honeypot durante um período de cinco meses.Referências
Boeckl, K., Fagan, M., Fisher, W., Lefkovitz, N., Megas, K., Nadeau, E., Piccarreta, B., O’Rourke, D. G., and Scarfone, K. (2019). Considerations for managing internet of things (IoT) cybersecurity and privacy risks. NISTIR 8228, NIST. https://doi. org/10.6028/NIST.IR.8228.
Cimpanu, C. (2018). The CoAP protocol is the next big thing for DDoS attacks. ZDNet. https://zd.net/333hymy.
Cymru (2020). DNS research at Team Cymru. http://dnsresearch.cymru.com/.
Fielding, R. (2000). Architectural Styles and the Design of Network-based Software Architectures. PhD thesis, University of California, Irvine.
Heinrich, T. (2019). Caracterização de Ataques DRDoS Usando Honeypot. Dissertação de mestrado em Computação Aplicada, UDESC, Joinville (SC).
Heinrich, T., Longo, F. S., and Obelheiro, R. R. (2017). Experiências com um honeypot DNS: Caracterização e evolução do tráfego malicioso. In XVII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg).
Heinrich, T. and Obelheiro, R. R. (2019). Brasil vs mundo: Uma análise comparativa de ataques DDoS por reflexão. In XIX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg).
Hoepers, C., Steding-Jessen, K., and Chaves, M. (2007). Honeypots e honeynets: Definições e aplicações. http://www.cert.br/docs/whitepapers/honeypots-honeynets/.
Krämer, L., Krupp, J., Makita, D., Nishizoe, T., Koide, T., Yoshioka, K., and Rossow, C. (2015). AmpPot: Monitoring and defending against amplification DDoS attacks. In International Workshop on Recent Advances in Intrusion Detection, pages 615–636. Springer.
Mansfield-Devine, S. (2015). The growth and evolution of DDoS. Network Security, 2015(10):13–20.
Mertens, X. (2015). Port scanners: The good and the bad. https://bit.ly/3lQmFNF.
Netscout (2019). CoAP attacks in the wild. ASERT blog, https://www.netscout.com/blog/asert/coap-attacks-wild.
Noroozian, A., Korczyński, M., Gañan, C. H., Makita, D., Yoshioka, K., and van Eeten, M. (2016). Who gets the boot? analyzing victimization by DDoS-as-a-Service. In International Symposium on Research in Attacks, Intrusions, and Defenses, pages 368– 389. Springer.
OpenNTP (2020). OpenNTPProject.org – NTP scanning project. http:// openntpproject.org/.
Paxson, V. (2001). An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Computer Communication Review, 31(3):38–47.
Rescorla, E. and Modadugu, N. (2012). Datagram transport layer security version 1.2. RFC 6347. https://tools.ietf.org/html/rfc6347.
Rossow, C. (2014). Amplification hell: Revisiting network protocols for DDoS abuse. In Network and Distributed System Security Symposium (NDSS).
Shelby, Z., Hartke, K., and Bormann, C. (2014). The constrained application protocol (CoAP). RFC 7252. https://tools.ietf.org/html/rfc7252.
TCPDUMP (2020). TCPDUMP/LIBPCAP public repository. https://www.tcpdump.org/.
Thomas, D. R., Clayton, R., and Beresford, A. R. (2017). 1000 days of UDP amplification DDoS attacks. In APWG Symposium on Electronic Crime Research (eCrime), pages 79–84. IEEE.
Cimpanu, C. (2018). The CoAP protocol is the next big thing for DDoS attacks. ZDNet. https://zd.net/333hymy.
Cymru (2020). DNS research at Team Cymru. http://dnsresearch.cymru.com/.
Fielding, R. (2000). Architectural Styles and the Design of Network-based Software Architectures. PhD thesis, University of California, Irvine.
Heinrich, T. (2019). Caracterização de Ataques DRDoS Usando Honeypot. Dissertação de mestrado em Computação Aplicada, UDESC, Joinville (SC).
Heinrich, T., Longo, F. S., and Obelheiro, R. R. (2017). Experiências com um honeypot DNS: Caracterização e evolução do tráfego malicioso. In XVII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg).
Heinrich, T. and Obelheiro, R. R. (2019). Brasil vs mundo: Uma análise comparativa de ataques DDoS por reflexão. In XIX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg).
Hoepers, C., Steding-Jessen, K., and Chaves, M. (2007). Honeypots e honeynets: Definições e aplicações. http://www.cert.br/docs/whitepapers/honeypots-honeynets/.
Krämer, L., Krupp, J., Makita, D., Nishizoe, T., Koide, T., Yoshioka, K., and Rossow, C. (2015). AmpPot: Monitoring and defending against amplification DDoS attacks. In International Workshop on Recent Advances in Intrusion Detection, pages 615–636. Springer.
Mansfield-Devine, S. (2015). The growth and evolution of DDoS. Network Security, 2015(10):13–20.
Mertens, X. (2015). Port scanners: The good and the bad. https://bit.ly/3lQmFNF.
Netscout (2019). CoAP attacks in the wild. ASERT blog, https://www.netscout.com/blog/asert/coap-attacks-wild.
Noroozian, A., Korczyński, M., Gañan, C. H., Makita, D., Yoshioka, K., and van Eeten, M. (2016). Who gets the boot? analyzing victimization by DDoS-as-a-Service. In International Symposium on Research in Attacks, Intrusions, and Defenses, pages 368– 389. Springer.
OpenNTP (2020). OpenNTPProject.org – NTP scanning project. http:// openntpproject.org/.
Paxson, V. (2001). An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Computer Communication Review, 31(3):38–47.
Rescorla, E. and Modadugu, N. (2012). Datagram transport layer security version 1.2. RFC 6347. https://tools.ietf.org/html/rfc6347.
Rossow, C. (2014). Amplification hell: Revisiting network protocols for DDoS abuse. In Network and Distributed System Security Symposium (NDSS).
Shelby, Z., Hartke, K., and Bormann, C. (2014). The constrained application protocol (CoAP). RFC 7252. https://tools.ietf.org/html/rfc7252.
TCPDUMP (2020). TCPDUMP/LIBPCAP public repository. https://www.tcpdump.org/.
Thomas, D. R., Clayton, R., and Beresford, A. R. (2017). 1000 days of UDP amplification DDoS attacks. In APWG Symposium on Electronic Crime Research (eCrime), pages 79–84. IEEE.
Publicado
25/11/2020
Como Citar
R. UTECH, Guilherme; R. OBELHEIRO, Rafael.
Investigando o Uso de CoAP em ataques DRDoS. In: ESCOLA REGIONAL DE REDES DE COMPUTADORES (ERRC), 18. , 2020, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 103-108.
DOI: https://doi.org/10.5753/errc.2020.15197.
