TY - GEN
T1 - TCP ack storm DoS attacks
AU - Abramov, Raz
AU - Herzberg, Amir
PY - 2011
Y1 - 2011
N2 - We present Ack-storm DoS attacks, a new family of DoS attacks exploiting a subtle design flaw in the core TCP specifications. The attacks can be launched by a very weak MitM attacker, which can only eavesdrop occasionally and spoof packets (a Weakling in the Middle (WitM)). The attacks can reach theoretically unlimited amplification; we measured amplification of over 400,000 against popular websites before aborting our trial attack. Ack storm DoS attacks are practical. In fact, they are easy to deploy in large scale, especially considering the widespread availability of open wireless networks, allowing an attacker easy WitM abilities to thousands of connections. Storm attacks can be launched against the access network, e.g. blocking address to proxy web server, against web sites, or against the Internet backbone. Storm attacks work against TLS/SSL connections just as well as against unprotected TCP connections, but fails against IPsec or link-layer encrypted connections. We show that Ack-storm DoS attacks can be easily prevented, by a simple fix to TCP, in either client or server, or using a packet-filtering firewall.
AB - We present Ack-storm DoS attacks, a new family of DoS attacks exploiting a subtle design flaw in the core TCP specifications. The attacks can be launched by a very weak MitM attacker, which can only eavesdrop occasionally and spoof packets (a Weakling in the Middle (WitM)). The attacks can reach theoretically unlimited amplification; we measured amplification of over 400,000 against popular websites before aborting our trial attack. Ack storm DoS attacks are practical. In fact, they are easy to deploy in large scale, especially considering the widespread availability of open wireless networks, allowing an attacker easy WitM abilities to thousands of connections. Storm attacks can be launched against the access network, e.g. blocking address to proxy web server, against web sites, or against the Internet backbone. Storm attacks work against TLS/SSL connections just as well as against unprotected TCP connections, but fails against IPsec or link-layer encrypted connections. We show that Ack-storm DoS attacks can be easily prevented, by a simple fix to TCP, in either client or server, or using a packet-filtering firewall.
KW - Denial of service
KW - TCP
KW - secure network protocols
UR - http://www.scopus.com/inward/record.url?scp=79960851625&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-21424-0_3
DO - 10.1007/978-3-642-21424-0_3
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:79960851625
SN - 9783642214233
T3 - IFIP Advances in Information and Communication Technology
SP - 29
EP - 40
BT - Future Challenges in Security and Privacy for Academia and Industry - 26th IFIP TC 11 International Information Security Conference, SEC 2011, Proceedings
T2 - 26th IFIP TC-11 International Information Security Conference on "Future Challenges in Security and Privacy for Academia and Industry", SEC 2011
Y2 - 7 June 2011 through 9 June 2011
ER -