1 research outputs found
DDoS Never Dies? An IXP Perspective on DDoS Amplification Attacks
DDoS attacks remain a major security threat to the continuous operation of
Internet edge infrastructures, web services, and cloud platforms. While a large
body of research focuses on DDoS detection and protection, to date we
ultimately failed to eradicate DDoS altogether. Yet, the landscape of DDoS
attack mechanisms is even evolving, demanding an updated perspective on DDoS
attacks in the wild. In this paper, we identify up to 2608 DDoS amplification
attacks at a single day by analyzing multiple Tbps of traffic flows at a major
IXP with a rich ecosystem of different networks. We observe the prevalence of
well-known amplification attack protocols (e.g., NTP, CLDAP), which should no
longer exist given the established mitigation strategies. Nevertheless, they
pose the largest fraction on DDoS amplification attacks within our observation
and we witness the emergence of DDoS attacks using recently discovered
amplification protocols (e.g., OpenVPN, ARMS, Ubiquity Discovery Protocol). By
analyzing the impact of DDoS on core Internet infrastructure, we show that DDoS
can overload backbone-capacity and that filtering approaches in prior work omit
97% of the attack traffic.Comment: To appear at PAM 202