Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Workshop Organizers
  • At a Glance
  • Workshop Program
  • Co-Located Workshops
  • Activities
    • Birds-of-a-Feather Sessions
  • Sponsorship
  • Students and Grants
  • Questions?
  • Help Promote!
  • For Participants
  • Call for Papers
  • Past Workshops

sponsors

Bronze Sponsor

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks
Tweet

connect with us

http://twitter.com/usenixsecurity
http://www.usenix.org/facebook
http://www.usenix.org/linkedin
http://www.usenix.org/gplus
http://www.usenix.org/youtube

Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks

Monday, August 4, 2014 - 11:00am
Authors: 

Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz, Ruhr-University Bochum

Abstract: 

Nowadays, a common way for attackers to perform Distributed Denial-of-Service (DDoS) attacks is via so called amplification attacks. The basic idea is to send relatively small requests with spoofed source address to public hosts (e.g., NTP servers), which reflect significantly larger responses to the victim of the attack. Recent studies focused on UDP-based attacks and analyzed the attack surface in detail. First results also suggested that TCP-based protocols are in principle vulnerable to such attacks, despite the three-way-handshake mechanism.

In this paper, we continue this line of work and demonstrate that TCP protocols indeed can be abused in practice. More specifically, we show that the handshake itself often yields amplification, especially since a lot of devices on the Internet react in unforeseen ways during the connection establishment. To estimate the landscape of Internet devices vulnerable to TCP amplification attacks, we performed Internet-wide scans for common TCP-based protocols and identified thousands of amplifiers that allow an amplification of factor 50x and higher.

Marc Kührer, Ruhr-University Bochum

Thomas Hupperich, Ruhr-University Bochum

Christian Rossow, Ruhr-University Bochum

Thorsten Holz, Ruhr-University Bochum

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Kührer PDF
View the slides

Presentation Video 

Presentation Audio

MP3 Download

Download Audio

  • Log in or    Register to post comments

Bronze Sponsors

© USENIX

  • Privacy Policy
  • Contact Us