Please use this identifier to cite or link to this item:
|A Study on Exploitable DRDoS Amplifiers in Europe
|Ercan, Emre Murat
Selçuk, Ali Aydın
|One of the best-known cyber attacks, distributed denial of service (DDoS), is evolving. It has become much more malefic and effective with the use of amplification power of reflected messages. This attack is known as the distributed reflected denial of service (DRDoS) or the amplification attack. Attackers abuse UDP-based protocols’ connectionless property for this attack and achieve an attack volume of hundreds of Gbps. The attack occurs by botnets’ spoofing a victim’s IP address and demanding some service from unhardened servers. Attackers generally prefer protocols that have high a “amplification factor” such as NTP and Memcached, or protocols where it is hard to differentiate legal requests from malicious ones, such as DNS. At this point, an important defensive strategy against these attacks is to harden servers not to play a role as amplifiers. In this paper, we carried out a detailed research of servers in 41 European countries and focused on three UDP-based protocols most commonly abused by attackers: DNS, NTP, and Memcached. We searched these servers by automatic regional scans and analyzed whether they have been hardened against DRDoS attacks.
|Appears in Collections:
|Bilgisayar Mühendisliği Bölümü / Department of Computer Engineering
TR Dizin İndeksli Yayınlar / TR Dizin Indexed Publications Collection
Show full item record
checked on Feb 26, 2024
Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.