[ General info | People
| Papers&Presentations
| Ns code | Linux code
]
|
|
|
Denial
of Service attacks are presenting an increasing threat to the global internetworking
infrastructure. Hosts with the divergent or malicious interests can readily
subvert the protocols and infrastructure that Internet depends on. While TCP's
congestion control algorithm is highly robust to diverse network conditions,
its implicit assumption of end-system cooperation results in a well-known
vulnerability by high-rate non-responsive flows. However, little is known about
low-rate denial of service
attacks. We have discovered that low-rate attacks can be as harmful as the
high-rate ones, yet even more dangerous due to the fact that they are difficult
for routers and counter-DoS mechanisms to detect.
In particular, the
low-rate attack (named the shrew
attack) consists of short, maliciously-chosen-duration bursts of packets that
repeat with a fixed, maliciously chosen, slow-time-scale frequency. This
traffic pattern is carefully designed to exploit TCP's deterministic
retransmission timeout mechanism. When multiplexed with TCP cross-traffic, such
pattern is able to throttle TCP flows to a small fraction of their ideal rate
while transmitting at sufficiently low average rate to elude detection.
Moreover, we demonstrated the ubiquity of the attacks by launching limited-scale
attacks in parts of the Internet.
- Faculty:
Edward W. Knightly
- Ph. D. Student:
Aleksandar Kuzmanovic
- Low-Rate TCP-Targeted Denial of
Service Attacks and Counter Strategies
A. Kuzmanovic and E. W. Knightly
Submitted to IEEE/ACM Transactions on Networking, March 2004. - Low-Rate TCP-Targeted Denial of
Service Attacks
(The Shrew vs. the Mice and Elephants)
A. Kuzmanovic and E. W. Knightly
In Proceedings of ACM SIGCOMM 2003, Karlsruhe, Germany, August 2003.
Available as Pdf, Gzipped Pdf, or as a Russian translation
|
Presentations |
- Low-Rate
TCP-Targeted Denial of Service Attacks
(The Shrew vs. the Mice and Elephants)
A. Kuzmanovic and E. W. Knightly
a) ACM SIGCOMM 2003
Karlsruhe, Germany, August 2003
b) EPFL Network Group Meeting
Lausanne, Switzerland, August 2003
Available as ppt.
- Ns-2 code and simulation
scripts from the Sigcomm paper "Low-Rate
TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and
Elephants)" could be found here.
- Ns-2 code and simulation
scripts from the ToN version of the paper could
be found here.
- The Linux TCP-kernel source
code used in the Internet experiments, and a UDP-based software used to
generate the shrew attacks are available here.
December, 2004, Aleksandar Kuzmanovic