A Wide Network Scanning for Discovery of UDP-Based Reflectors in the Nordic Countries

Alexander Bjerre; Andreas Philip Westh; Emil Villefrance; A. S.M.Farhan Al Haque; Jonas Bukrinski Andersen; Lucas K. Helgogaard; Marios Anagnostopoulos

doi:10.1007/978-3-031-22295-5_10

A Wide Network Scanning for Discovery of UDP-Based Reflectors in the Nordic Countries

Alexander Bjerre, Andreas Philip Westh, Emil Villefrance, A. S.M.Farhan Al Haque, Jonas Bukrinski Andersen, Lucas K. Helgogaard, Marios Anagnostopoulos^*

^*Kontaktforfatter

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

1 Citationer (Scopus)

Abstract

Distributed Reflective Denial of Service (DRDoS) attacks exploit Internet facing devices with the purpose to involve them in DoS incidents. In turn, these devices unwittingly amplify and redirect the attack traffic towards the victim. As a result, this traffic causes the extortion of the target’s network bandwidth and computation resources. The current work evaluates the amplification and reflective potentials of four UDP-based protocols, which are constantly reported as facilitators to DoS attacks. These are Simple Service Discovery Protocol (SSDP), Simple Network Management Protocol (SNMP), Constrained Application Protocol (CoAP) and Web Services Dynamic Discovery (WSD). Specifically, we conduct a countrywide network scanning across the four main Nordic countries, i.e., Denmark, Finland, Norway and Sweden, and enumerate the devices that respond to any of our probes and hence they can be exploited in DoS attacks. For each of the discovered devices, we assess its amplification capabilities in terms of Bandwidth Amplification Factor (BAF) and Packet Amplification Factor (PAF) that can contribute to a DoS incident. The outcomes show that from the four examined protocols, SSDP and SNMP are the most beneficial protocols from an attacker’s perspective, as a multitudinous group of reflectors is identified in each of the considered countries. Even worst, a significant portion of these devices produced a BAF over 30, a BAF that can multiply significantly the attack traffic stemming from the attacker’s side and hence causes a devastating impact on the victim’s infrastructure.

Originalsprog	Engelsk
Titel	Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings
Redaktører	Hans P. Reiser, Marcel Kyas
Antal sider	18
Forlag	Springer
Publikationsdato	2022
Sider	176-193
ISBN (Trykt)	9783031222948
DOI	https://doi.org/10.1007/978-3-031-22295-5_10
Status	Udgivet - 2022
Begivenhed	27th Nordic Conference on Secure IT Systems, NordSec 2022 - Reykjavic, Island Varighed: 30 nov. 2022 → 2 dec. 2022

Konference

Konference	27th Nordic Conference on Secure IT Systems, NordSec 2022
Land/Område	Island
By	Reykjavic
Periode	30/11/2022 → 02/12/2022

Navn	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Vol/bind	13700 LNCS
ISSN	0302-9743

Bibliografisk note

Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

Adgang til dokumentet

10.1007/978-3-031-22295-5_10

AUB Link

Søg efter materialet i Aalborg Universitetsbiblioteks søgemaskine

Andre filer og links

Link to publication in Scopus

Citationsformater

Bjerre, A., Westh, A. P., Villefrance, E., Haque, A. S. M. F. A., Andersen, J. B., Helgogaard, L. K., & Anagnostopoulos, M. (2022). A Wide Network Scanning for Discovery of UDP-Based Reflectors in the Nordic Countries. I H. P. Reiser, & M. Kyas (red.), Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings (s. 176-193). Springer. https://doi.org/10.1007/978-3-031-22295-5_10

Bjerre, Alexander ; Westh, Andreas Philip ; Villefrance, Emil et al. / A Wide Network Scanning for Discovery of UDP-Based Reflectors in the Nordic Countries. Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings. red. / Hans P. Reiser ; Marcel Kyas. Springer, 2022. s. 176-193 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bind 13700 LNCS).

@inproceedings{c256d6c44c644dca980372042987044b,

title = "A Wide Network Scanning for Discovery of UDP-Based Reflectors in the Nordic Countries",

abstract = "Distributed Reflective Denial of Service (DRDoS) attacks exploit Internet facing devices with the purpose to involve them in DoS incidents. In turn, these devices unwittingly amplify and redirect the attack traffic towards the victim. As a result, this traffic causes the extortion of the target{\textquoteright}s network bandwidth and computation resources. The current work evaluates the amplification and reflective potentials of four UDP-based protocols, which are constantly reported as facilitators to DoS attacks. These are Simple Service Discovery Protocol (SSDP), Simple Network Management Protocol (SNMP), Constrained Application Protocol (CoAP) and Web Services Dynamic Discovery (WSD). Specifically, we conduct a countrywide network scanning across the four main Nordic countries, i.e., Denmark, Finland, Norway and Sweden, and enumerate the devices that respond to any of our probes and hence they can be exploited in DoS attacks. For each of the discovered devices, we assess its amplification capabilities in terms of Bandwidth Amplification Factor (BAF) and Packet Amplification Factor (PAF) that can contribute to a DoS incident. The outcomes show that from the four examined protocols, SSDP and SNMP are the most beneficial protocols from an attacker{\textquoteright}s perspective, as a multitudinous group of reflectors is identified in each of the considered countries. Even worst, a significant portion of these devices produced a BAF over 30, a BAF that can multiply significantly the attack traffic stemming from the attacker{\textquoteright}s side and hence causes a devastating impact on the victim{\textquoteright}s infrastructure.",

keywords = "Amplification attacks, CoAP, DDoS, Internet measurement, Reflection attacks, SNMP, SSDP, WSD",

author = "Alexander Bjerre and Westh, \{Andreas Philip\} and Emil Villefrance and Haque, \{A. S.M.Farhan Al\} and Andersen, \{Jonas Bukrinski\} and Helgogaard, \{Lucas K.\} and Marios Anagnostopoulos",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 27th Nordic Conference on Secure IT Systems, NordSec 2022 ; Conference date: 30-11-2022 Through 02-12-2022",

year = "2022",

doi = "10.1007/978-3-031-22295-5\_10",

language = "English",

isbn = "9783031222948",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "176--193",

editor = "Reiser, \{Hans P.\} and Marcel Kyas",

booktitle = "Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings",

address = "Germany",

}

Bjerre, A, Westh, AP, Villefrance, E, Haque, ASMFA, Andersen, JB, Helgogaard, LK & Anagnostopoulos, M 2022, A Wide Network Scanning for Discovery of UDP-Based Reflectors in the Nordic Countries. i HP Reiser & M Kyas (red), Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings. Springer, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), bind 13700 LNCS, s. 176-193, 27th Nordic Conference on Secure IT Systems, NordSec 2022, Reykjavic, Island, 30/11/2022. https://doi.org/10.1007/978-3-031-22295-5_10

A Wide Network Scanning for Discovery of UDP-Based Reflectors in the Nordic Countries. / Bjerre, Alexander; Westh, Andreas Philip; Villefrance, Emil et al.
Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings. red. / Hans P. Reiser; Marcel Kyas. Springer, 2022. s. 176-193 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bind 13700 LNCS).

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

TY - GEN

T1 - A Wide Network Scanning for Discovery of UDP-Based Reflectors in the Nordic Countries

AU - Bjerre, Alexander

AU - Westh, Andreas Philip

AU - Villefrance, Emil

AU - Haque, A. S.M.Farhan Al

AU - Andersen, Jonas Bukrinski

AU - Helgogaard, Lucas K.

AU - Anagnostopoulos, Marios

PY - 2022

Y1 - 2022

N2 - Distributed Reflective Denial of Service (DRDoS) attacks exploit Internet facing devices with the purpose to involve them in DoS incidents. In turn, these devices unwittingly amplify and redirect the attack traffic towards the victim. As a result, this traffic causes the extortion of the target’s network bandwidth and computation resources. The current work evaluates the amplification and reflective potentials of four UDP-based protocols, which are constantly reported as facilitators to DoS attacks. These are Simple Service Discovery Protocol (SSDP), Simple Network Management Protocol (SNMP), Constrained Application Protocol (CoAP) and Web Services Dynamic Discovery (WSD). Specifically, we conduct a countrywide network scanning across the four main Nordic countries, i.e., Denmark, Finland, Norway and Sweden, and enumerate the devices that respond to any of our probes and hence they can be exploited in DoS attacks. For each of the discovered devices, we assess its amplification capabilities in terms of Bandwidth Amplification Factor (BAF) and Packet Amplification Factor (PAF) that can contribute to a DoS incident. The outcomes show that from the four examined protocols, SSDP and SNMP are the most beneficial protocols from an attacker’s perspective, as a multitudinous group of reflectors is identified in each of the considered countries. Even worst, a significant portion of these devices produced a BAF over 30, a BAF that can multiply significantly the attack traffic stemming from the attacker’s side and hence causes a devastating impact on the victim’s infrastructure.

AB - Distributed Reflective Denial of Service (DRDoS) attacks exploit Internet facing devices with the purpose to involve them in DoS incidents. In turn, these devices unwittingly amplify and redirect the attack traffic towards the victim. As a result, this traffic causes the extortion of the target’s network bandwidth and computation resources. The current work evaluates the amplification and reflective potentials of four UDP-based protocols, which are constantly reported as facilitators to DoS attacks. These are Simple Service Discovery Protocol (SSDP), Simple Network Management Protocol (SNMP), Constrained Application Protocol (CoAP) and Web Services Dynamic Discovery (WSD). Specifically, we conduct a countrywide network scanning across the four main Nordic countries, i.e., Denmark, Finland, Norway and Sweden, and enumerate the devices that respond to any of our probes and hence they can be exploited in DoS attacks. For each of the discovered devices, we assess its amplification capabilities in terms of Bandwidth Amplification Factor (BAF) and Packet Amplification Factor (PAF) that can contribute to a DoS incident. The outcomes show that from the four examined protocols, SSDP and SNMP are the most beneficial protocols from an attacker’s perspective, as a multitudinous group of reflectors is identified in each of the considered countries. Even worst, a significant portion of these devices produced a BAF over 30, a BAF that can multiply significantly the attack traffic stemming from the attacker’s side and hence causes a devastating impact on the victim’s infrastructure.

KW - Amplification attacks

KW - CoAP

KW - DDoS

KW - Internet measurement

KW - Reflection attacks

KW - SNMP

KW - SSDP

KW - WSD

UR - http://www.scopus.com/inward/record.url?scp=85147848341&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-22295-5_10

DO - 10.1007/978-3-031-22295-5_10

M3 - Article in proceeding

AN - SCOPUS:85147848341

SN - 9783031222948

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 176

EP - 193

BT - Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings

A2 - Reiser, Hans P.

A2 - Kyas, Marcel

PB - Springer

T2 - 27th Nordic Conference on Secure IT Systems, NordSec 2022

Y2 - 30 November 2022 through 2 December 2022

ER -

Bjerre A, Westh AP, Villefrance E, Haque ASMFA, Andersen JB, Helgogaard LK et al. A Wide Network Scanning for Discovery of UDP-Based Reflectors in the Nordic Countries. I Reiser HP, Kyas M, red., Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings. Springer. 2022. s. 176-193. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bind 13700 LNCS). doi: 10.1007/978-3-031-22295-5_10