Assessment of a vulnerability in iterative servers enabling low-rate dos attacks

Authors:
Gabriel Maciá-Fernández;Jesús E. Díaz-Verdejo;Pedro García-Teodoro
Affiliations:
Dep. of Signal Theory, Telematics and Communications, University of Granada, Granada, (Spain);Dep. of Signal Theory, Telematics and Communications, University of Granada, Granada, (Spain);Dep. of Signal Theory, Telematics and Communications, University of Granada, Granada, (Spain)
Venue:
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Year:
2006

Citing 11
Cited 1

Goodness-of-fit techniques

Goodness-of-fit techniques
A survey of statistical source models for variable-bit-rate compressed video

Multimedia Systems - Special issue on video content based retrieval
Defeating Distributed Denial of Service Attacks

IT Professional
Attacking DDoS at the Source

ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Honeypots for Distributed Denial of Service Attacks

WETICE '02 Proceedings of the 11th IEEE International Workshops on Enabling Technologies: nfrastructure for Collaborative Enterprises
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
NOMAD: Traffic-based Network Monitoring Framework for Anomaly Detection

ISCC '99 Proceedings of the The Fourth IEEE Symposium on Computers and Communications
DDoS attacks and defense mechanisms: classification and state-of-the-art

Computer Networks: The International Journal of Computer and Telecommunications Networking
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Traffic models in broadband networks

IEEE Communications Magazine

LoRDAS: a low-rate dos attack against application servers

CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this work, a vulnerability in iterative servers is described and exploited. The vulnerability is related to the possibility of acquiring some statistics about the time between two consecutive service responses generated by the server under the condition that the server has always requests to serve. By exploiting this knowledge, an intruder is able to carry out a DoS attack characterized by a relatively low-rate traffic destined to the server. Besides the presentation of the vulnerability, an implementation of the attack has been simulated and tested in a real environment. The results obtained show an important impact in the performance of the service provided by the server to legitimate users (DoS attack) while a low effort, in terms of volume of generated traffic, is necessary for the attacker. Besides, this attack compares favourably with a naive (brute-force) attack with the same traffic rate. Therefore, the proposed attack would easily pass through most of current IDSs, designed to detect high volumes of traffic.