Smurf-based Distributed Denial of Service (DDoS) Attack Amplification in Internet

@article{Kumar2007SmurfbasedDD,
  title={Smurf-based Distributed Denial of Service (DDoS) Attack Amplification in Internet},
  author={S. Kumar},
  journal={Second International Conference on Internet Monitoring and Protection (ICIMP 2007)},
  year={2007},
  pages={25-25}
}
  • S. Kumar
  • Published 1 July 2007
  • Computer Science
  • Second International Conference on Internet Monitoring and Protection (ICIMP 2007)
The Smurf-based distributed denial of service (DDoS) attack is an amplification attack where the attacker uses unprotected intermediate networks to amplify the attack traffic load and direct it to the victim computer. In this paper, we investigate the factors that contribute to the amplification of the smurf attack traffic and understand the relation among the original attack traffic, intermediate unprotected network and the final amplified attack traffic. We also define a new term called… 

Detect the reflection amplification attack based on UDP protocol

This work provides a detection method for the reflection amplification attack with a little difference with the DRDOS (Distributed Reflection Denial of Service) and the result shows the method is of great theoretical and practical value.

Smurf Security Defense Mechanism with Split-protocol

The migratory nature and role changeover abilities of servers in Split-protocol avoid bottleneck on the server side and offers the unique ability to avoid server saturation and compromise from DoS attacks.

A Dynamic Bandwidth Assignment Approach Under DDoS Flood Attack

A approach for dynamic assignment of bandwidth in order to sustain the server when the server is under attack is suggested and a new formula also has been derived which is based on number of genuine users and traffic volumes of users and attackers.

CARD (Continuous and Random Dropping) based DRDOS Attack Detection and Prevention Techniques in MANET

A defense mechanism based on CARD based DRDOS attack detection and prevention techniques in MANET will penalize the different attackers based on their rate limits and server load and decrease the rate limit exponentially & increase it linearly based on the attack traffic rate.

Distributed Detection of DDOS Attack

The victim server is busy in processing SYN requests which are originted from attacker, thus server is in a position to not serve for legitimate clients, so attacker does not recieve SYN-ACK packets.

Smurf Attacks: Attacks using ICMP

This paper investigates the methods adopted in order to perform attacks through Internet Control Message Protocol (ICMP) messages, also known as Smurf Attack, and presents the comparative analysis of the various solutions.

On Distributed Denial of Service Current Defense Schemes

The current DDoS defense mechanisms, their strengths and weaknesses are discussed and a need for a continual study in developing defense mechanisms is discussed.

Evaluation of Internet Connectivity Under Distributed Denial of Service Attacks from Botnets of Varying Magnitudes

This paper study and analyze two common DDoS attacks using a set of simulated networks containing a range of over 16 million systems, 65 thousand systems and 254 systems against a targeted system in a closed lab environment as legitimate traffic attempts to reach the targeted system.

The store-and-flood distributed reflective denial of service attack

This paper describes a new DRDoS attack called store-and-flood DRDoS, or SF-DRDoS, which by leveraging peer-to-peer (P2P) file-sharing networks becomes more surreptitious and powerful than traditional DRDoS.

Distributed Denial Of Service Attack Techniques: Analysis, Implementation And Comparison

The comparative analysis of various types of DOS attacks is shown, namely Ping of Death, Connection Flood, TCP SYN Flood, Distributed DOS and others, with suggested mitigation methods for some of the discussed attacks.
...

References

SHOWING 1-10 OF 13 REFERENCES

Defending against flooding-based distributed denial-of-service attacks: a tutorial

Various DDoS attack methods are described, and a longer-term solution that attempts to intercept attack packets in the Internet core, well before reaching the victim is discussed, dubbed the Internet-firewall approach.

Sustaining Availability of Web Services under Distributed Denial of Service Attacks

A practical DDoS defense system that can protect the availability of web services during severe DDoS attacks and is evaluated based on a novel game theoretical framework, which characterizes the natural adversarial relationship between a DDoS adversary and the proposed system.

DDoS attacks and defense mechanisms: a classification

  • C. DouligerisA. Mitrokotsa
  • Computer Science
    Proceedings of the 3rd IEEE International Symposium on Signal Processing and Information Technology (IEEE Cat. No.03EX795)
  • 2003
The goal of the paper is to place some order into the existing attack and defense mechanisms so that a better understanding of DDoS attacks can be achieved and more efficient defense mechanisms and techniques can be devised.

Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing

A simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point is discussed.

Inside Risks: denial-of-service attacks

Common security advice can help in combatting DDoS: install and properly configure firewalls (blocking nasty traffic); isolate machines from the Net when connections are not needed; demand cryptographic authentica-tors rather than reusable fixed passwords, to reduce mas-queraders.

Can Microsoft’s Service Pack2 (SP2) Security Software Prevent SMURF Attacks?

  • S. KumarM. AzadO. GomezR. Valdez
  • Computer Science
    Advanced Int'l Conference on Telecommunications and Int'l Conference on Internet and Web Applications and Services (AICT-ICIW'06)
  • 2006
Experiments show that dropping of ICMP messages by SP2-security software at the victim computer is too late of an act in preventing the adverse effect of the Smurf attack, and the exhaustion of computing resource of a computer system with and without Windows-XP SP2 security software is found.

Denial-of-Service Attacks.

Trends in Denial of Service Attack Technology

Denial-of-Service Attacks Rip the Internet

Second International Conference on Internet Monitoring and Protection

  • Second International Conference on Internet Monitoring and Protection
  • 2007