The Coremelt Attack
نویسندگان
چکیده
Current Denial-of-Service (DoS) attacks are directed towards a specific victim. The research community has devised several countermeasures that protect victim hosts against undesired traffic. We present Coremelt, a new attack mechanism, where attackers only send traffic between each other, and not towards a victim host. As a result, none of the attack traffic is unwanted. The Coremelt attack is powerful because among N attackers there are O(N) connections, which can cause significant congestion in the network core. We demonstrate the attack based on simulations within a real Internet topology using realistic attacker distributions and show that attackers can induce a significant amount of congestion.
منابع مشابه
Modeling and Mitigating the Coremelt Attack
This paper studies the Coremelt attack, a linkflooding Distributed Denial of Service attack that exhausts the bandwidth at a core network link using low-intensity traffics between subverted sources. A dynamical system model is formulated for analyzing the effect of the Coremelt attack on a single-link Transmission Control Protocol (TCP) network. Stability and convergence of the source flow rate...
متن کاملTCP Injections for Fun and Clogging
We present a new type of clogging DoS attacks, with the highest amplification factors achieved by off-path attackers, using only puppets, i.e., sandboxed malware on victim machines. Specifically, we present off-path variants of the Opt-ack, Ackstorm and Coremelt DoS attacks, achieving results comparable to these achieved previously achieved by eavesdropping/MitM attackers and (unrestricted) mal...
متن کاملSanctuary Trail: Refuge from Internet DDoS Entrapment (CMU-CyLab-12-013)
We propose STRIDE, a new Internet architecture that provides strong DDoS defense mechanisms for both public services and private end-to-end communication. This new architecture presents several novel concepts including long-term static paths, bandwidth allocation through a top-down topology discovery protocol, dynamic bandwidth allocation via network capabilities, and differentiated packet prio...
متن کاملSanctuary Trail: Refuge from Internet DDoS Entrapment
We propose STRIDE, a new Internet architecture that provides strong DDoS defense mechanisms for both public services and private end-to-end communication. This new architecture presents several novel concepts including long-term static paths, bandwidth allocation through a top-down topology discovery protocol, dynamic bandwidth allocation via network capabilities, and differentiated packet prio...
متن کاملAttack-Aware Cooperative Spectrum Sensing in Cognitive Radio Networks under Byzantine Attack
Cooperative Spectrum Sensing (CSS) is an effective approach to overcome the impact of multi-path fading and shadowing issues. The reliability of CSS can be severely degraded under Byzantine attack, which may be caused by either malfunctioning sensing terminals or malicious nodes. Almost, the previous studies have not analyzed and considered the attack in their models. The present study introduc...
متن کامل