Abstract
Distributed denial-of-service (DDoS) attacks are nowadays easy and cheap to carry out, and have become bigger and more frequent over the last years. Cloud-based scrubbers have emerged as a service which victims can hire on demand to fend off attacks. There are many industry players, but not much insights into their operations. This work unravels for the first time the inner workings of a DDoS scrubber - NaWas - a non-profit scrubber in the Netherlands. We analyze 1800+ DDoS attacks spanning over a period of 22 months, and show that while most attacks are not very large, they are still large enough to disrupt services and likely to disturb links. We estimate the collateral damage incurred by DDoS attacks, and demonstrate that the number of victims of is at least quadratically larger (IP2) than the targeted addresses. Last, by correlating attacks metadata with authoritative DNS traffic, we show that DDoS attacks leave fingerprints on DNS traffic, which, in turn can be used to detect DDoS attacks at early stages, even if attackers attempt to deceive DNS based detection.
Original language | English |
---|---|
Title of host publication | 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 |
Publisher | IEEE |
Pages | 550-558 |
Number of pages | 9 |
ISBN (Electronic) | 9781728185972 |
DOIs | |
Publication status | Published - Sept 2020 |
Event | IEEE European Symposium on Security and Privacy Workshops 2020 - Virtual Event, Genoa, Italy Duration: 7 Sept 2020 → 11 Sept 2020 |
Conference
Conference | IEEE European Symposium on Security and Privacy Workshops 2020 |
---|---|
Country/Territory | Italy |
City | Genoa |
Period | 7/09/20 → 11/09/20 |
Keywords
- DDoS
- DNS
- Traffic scrubber
- n/a OA procedure