Check out the new USENIX Web site.

USENIX Home . About USENIX . Events . membership . Publications . Students
IMC '05, 2005 Internet Measurement Conference — Abstract

Pp. 385–390 of the Proceedings

Flooding Attacks by Exploiting Persistent Forwarding Loops

Jianhong Xia, Lixin Gao, and Teng Fei, University of Massachusetts at Amherst


In this paper, we present flooding attacks that exploit routing anomalies in the Internet. In particular, we focus on routing anomalies introduced by persistent forwarding loops. Persistent forwarding loops may share one or more links with forwarding paths to reachable addresses. An attacker can exploit persistent forwarding loops to overload the shared links to disrupt the Internet connectivity to those reachable addresses.

To understand the extent of this vulnerability, we perform extensive measurements to systematically study persistent forwarding loops and the number of network addresses that can be affected. We find that persistent forwarding loops do exist in the current Internet. About .2% of routable addresses experience persistent forwarding loops and .21% of routable addresses can be attacked by exploiting persistent forwarding loops. In addition, 85.16% of the persistent forwarding loops appear within destination domains and they can be observed from various locations, which makes it possible to launch attacks from many vantage points. We also find that most persistent forwarding loops are just two hops long, which enables an attacker to amplify traffic to persistent forwarding loops significantly. To the best of our knowledge, this is the first study of exploiting the vulnerability of persistent forwarding loops to launch DDoS attacks.

  • View the full text of this paper in HTML and PDF.
    The Proceedings are published as a collective work, © 2005 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.

?Need help? Use our Contacts page.

Last changed: 24 Oct. 2005 rc
IMC '05 Tech Sessions
IMC '05 Home