Exploring DDoS amplification attack vectors prevalent in the Dutch IP range

Bachelor thesis (2024)

Authors

K. Dimitrov Electrical Engineering, Mathematics and Computer Science

Contributors

G. Smaragdakis Cyber Security - (mentor)

H.J. Griffioen Cyber Security - (mentor)

G. Iosifidis Networked Systems - (graduation committee member)

Faculty

Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science

To reference this document use:

http://resolver.tudelft.nl/uuid:78f31a58-eba6-409e-8afa-edaaf02a8cec

More Info

expand_more

Published Date

24-06-2024

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

This paper explores Distributed Reflective Denial-of-Service (DRDoS) attacks, a variant of Distributed Denial-of-Service (DDoS) attacks that leverage publicly accessible UDP servers to amplify traffic towards a target. These attacks, accounting for over half of all DDoS cases in 2023, are significant threats to online services due to their potential to generate traffic volumes in the Tbps range. Despite existing research on DDoS attack vectors and techniques, there remains a gap in tools for identifying potential amplification sources within specific networks. This paper aims to fill that gap by identifying and measuring amplification hazards in the Dutch IP range, focusing on DNS, NTP, and Memcached protocols. Our findings reveal significant amplification potentials, particularly within NTP and Memcached servers, and highlight the influence of factors such as EDNS0 buffer size on DNS amplification.

Files

Exploring_DDoS_amplification_a... (pdf)

(pdf | 1.04 Mb)

Unknown license