Linderhof: a tool for assessing reflective DDoS attacks mitigation systems
Abstract
Denial of service attacks aim to disrupt legitimate users from accessing a particular service. Its amplified and reflected version is more commonly used and has become an increasing threat to the Internet stability. The Linderhof tool was created for the study of reflective and volumetric attacks mitigation systems. It enables the evaluation of the CoAP, DNS, Memcached, NTP, SSDP, SNMP protocols and is extensible to other protocols. In this paper the tool and its use will be presented in more detail.
Keywords:
Distributed Denial of Service Attack, Amplified Reflection, DDoS, AR-DDoS
References
Gondim, J. and Albuquerque, R. d. O. (2019). Mirror saturation in amplified reflectionddos. Actas de las V Jornadas Nacionales de Ciberseguridad, Junio 5-7, 2019, Cáceres,Espafia. Ed. Caro Lindo, Andrés and García Villalba, Luis Javier and Sandoval Orozco,Ana Lucila, Universidad de Extremadura, Servicio de Publicaciones.
Gondim, J.J. C., de Oliveira Albuquerque, R., Clayton Alves Nascimento, A., García Vil-lalba, L., and Kim, T. H. (2016). A methodological approach for assessing amplifiedreflection distributed denial of service on the internet of things. Sensors, 16(11):1855.
Gondim, J.J. C., de Oliveira Albuquerque, R., and Sandoval, O. A. L. (2020). Mirrorsaturation in amplified reflection distributed denial of service: A case of study usingsnmp, ssdp, ntp and dns protocols. https//doi.org/10.1016/j.future.2020.01.024. Future Generation Computer Systems.
Hilton, Ss. (2016). Dyn analysis summary of fri-day october 21 attack. https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/. visitado em: 08/04/2020.
Mahjabin, T., Xiao, Y., Sun, G., and Jiang, W. (2017). A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distri-buted Sensor Networks, 13(12):1550147717741463.
Paxson, V. (2001). An analysis of using reflectors for distributed denial-of-service attacks.ACM SIGCOMM Computer Communication Review, 31(3):38-47.
Peng, T., Leckie, C., and Ramamohanarao, K. (2007). Survey of network-based defensemechanisms countering the dos and ddos problems. ACM Comput. Surv., 39(1).
Riza, A., Yusof, R., Udzir, N., and Selamat, A. (2019). Systematic literature review andtaxonomy for ddos attack detection and prediction. International Journal of DigitalEnterprise Technology, 1:292.
Rossow, E. (2014). Amplification hell: Revisiting network protocols for ddos abuse. In21st Annual Network and Distributed System Security Symposium, NDSS 2014, SanDiego, California, USA, February 23-26, 2014.
Vasques, A. T. and Gondim, J. J. C. (2019). Amplified reflection ddos attacks over iotmirrors: A saturation analysis. 2019 Workshop on Communication Networks andPower Systems (WCNPS). IEEE.
Vasques, A. T. and Gondim, J. J. C. (2020). Ataques ddos por reflexão amplificada sobrerefletor iot rodando coap. 2020 15th Iberian Conference on Information Systems andTechnologies (CISTI). Submetido e Aceito.
Gondim, J.J. C., de Oliveira Albuquerque, R., Clayton Alves Nascimento, A., García Vil-lalba, L., and Kim, T. H. (2016). A methodological approach for assessing amplifiedreflection distributed denial of service on the internet of things. Sensors, 16(11):1855.
Gondim, J.J. C., de Oliveira Albuquerque, R., and Sandoval, O. A. L. (2020). Mirrorsaturation in amplified reflection distributed denial of service: A case of study usingsnmp, ssdp, ntp and dns protocols. https//doi.org/10.1016/j.future.2020.01.024. Future Generation Computer Systems.
Hilton, Ss. (2016). Dyn analysis summary of fri-day october 21 attack. https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/. visitado em: 08/04/2020.
Mahjabin, T., Xiao, Y., Sun, G., and Jiang, W. (2017). A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distri-buted Sensor Networks, 13(12):1550147717741463.
Paxson, V. (2001). An analysis of using reflectors for distributed denial-of-service attacks.ACM SIGCOMM Computer Communication Review, 31(3):38-47.
Peng, T., Leckie, C., and Ramamohanarao, K. (2007). Survey of network-based defensemechanisms countering the dos and ddos problems. ACM Comput. Surv., 39(1).
Riza, A., Yusof, R., Udzir, N., and Selamat, A. (2019). Systematic literature review andtaxonomy for ddos attack detection and prediction. International Journal of DigitalEnterprise Technology, 1:292.
Rossow, E. (2014). Amplification hell: Revisiting network protocols for ddos abuse. In21st Annual Network and Distributed System Security Symposium, NDSS 2014, SanDiego, California, USA, February 23-26, 2014.
Vasques, A. T. and Gondim, J. J. C. (2019). Amplified reflection ddos attacks over iotmirrors: A saturation analysis. 2019 Workshop on Communication Networks andPower Systems (WCNPS). IEEE.
Vasques, A. T. and Gondim, J. J. C. (2020). Ataques ddos por reflexão amplificada sobrerefletor iot rodando coap. 2020 15th Iberian Conference on Information Systems andTechnologies (CISTI). Submetido e Aceito.
Published
2020-12-07
How to Cite
DANTAS, Amanda Lopes; VIEIRA, Matheus de Oliveira; VASQUES, Alan Tamer; GONDIM, João José Costa.
Linderhof: a tool for assessing reflective DDoS attacks mitigation systems. In: DEMO SESSION - BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 38. , 2020, Rio de Janeiro.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 25-32.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc_estendido.2020.12398.
