Sorting the Garbage

Filtering Out DRDoS Amplification Traffic in ISP Networks

Yury Zhauniarovich, Priyanka Dodia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Distributed Reflected Denial of Service (DRDoS) attacks have been continuing to grow unprecedentedly in the recent years. Attackers abuse genuine services running some application protocols built over UDP to generate amplified traffic targeting victim network. An Internet Service Provider (ISP) may host hundreds or even thousands of hosts running these vulnerable protocols that could become amplifier nodes in DRDoS attacks. If abused, they can collectively cause large volumes of garbage amplification traffic flowing out of the ISP network. This wasteful bandwidth consumption costs the provider money and loss of Quality of Service (QoS) to its customers. Moreover, the owners of services vulnerable to amplification have to spend their resources to process illicit requests. In this paper, we propose a novel idea to filter out garbage traffic from an ISP network. We employ a special type of a honeypot that collects information about ongoing DRDoS attacks, and Software Defined Network (SDN) paradigm offering us a unified interface to deploy firewall rules on a large variety of network devices. The rules block incoming amplification requests from reaching amplifiers located within the provider network rescuing vulnerable services from being abused. This prevents garbage traffic from leaving the network enabling the provider to save money and improve QoS. Moreover, our solution also contributes to victim's liveliness because it reduces the attack traffic reaching the target network. In addition, it stimulates ISPs to implement ingress filtering best practices for all its network routers in order to minimize damage from an attacker located in the same network.

Original languageEnglish
Title of host publicationProceedings of the 2019 IEEE Conference on Network Softwarization
Subtitle of host publicationUnleashing the Power of Network Softwarization, NetSoft 2019
EditorsFilip De Turck, Flavio Esposito, Prosper Chemouil, Olivier Festor, Stefano Secci, Christian Jacquenet, Walter Cerroni
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages142-150
Number of pages9
ISBN (Electronic)9781538693766
DOIs
Publication statusPublished - 1 Jun 2019
Event5th IEEE Conference on Network Softwarization, NetSoft 2019 - Paris, France
Duration: 24 Jun 201928 Jun 2019

Publication series

NameProceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019

Conference

Conference5th IEEE Conference on Network Softwarization, NetSoft 2019
CountryFrance
CityParis
Period24/6/1928/6/19

Fingerprint

Internet service providers
Sorting
Telecommunication traffic
Amplification
Quality of service
Network protocols
Routers
Bandwidth
Denial-of-service attack
Costs

Keywords

  • amplification attacks
  • garbage traffic filtering
  • honeypot
  • ISP networks

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Software

Cite this

Zhauniarovich, Y., & Dodia, P. (2019). Sorting the Garbage: Filtering Out DRDoS Amplification Traffic in ISP Networks. In F. De Turck, F. Esposito, P. Chemouil, O. Festor, S. Secci, C. Jacquenet, & W. Cerroni (Eds.), Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019 (pp. 142-150). [8806653] (Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/NETSOFT.2019.8806653

Sorting the Garbage : Filtering Out DRDoS Amplification Traffic in ISP Networks. / Zhauniarovich, Yury; Dodia, Priyanka.

Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019. ed. / Filip De Turck; Flavio Esposito; Prosper Chemouil; Olivier Festor; Stefano Secci; Christian Jacquenet; Walter Cerroni. Institute of Electrical and Electronics Engineers Inc., 2019. p. 142-150 8806653 (Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Zhauniarovich, Y & Dodia, P 2019, Sorting the Garbage: Filtering Out DRDoS Amplification Traffic in ISP Networks. in F De Turck, F Esposito, P Chemouil, O Festor, S Secci, C Jacquenet & W Cerroni (eds), Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019., 8806653, Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019, Institute of Electrical and Electronics Engineers Inc., pp. 142-150, 5th IEEE Conference on Network Softwarization, NetSoft 2019, Paris, France, 24/6/19. https://doi.org/10.1109/NETSOFT.2019.8806653
Zhauniarovich Y, Dodia P. Sorting the Garbage: Filtering Out DRDoS Amplification Traffic in ISP Networks. In De Turck F, Esposito F, Chemouil P, Festor O, Secci S, Jacquenet C, Cerroni W, editors, Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 142-150. 8806653. (Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019). https://doi.org/10.1109/NETSOFT.2019.8806653
Zhauniarovich, Yury ; Dodia, Priyanka. / Sorting the Garbage : Filtering Out DRDoS Amplification Traffic in ISP Networks. Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019. editor / Filip De Turck ; Flavio Esposito ; Prosper Chemouil ; Olivier Festor ; Stefano Secci ; Christian Jacquenet ; Walter Cerroni. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 142-150 (Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019).
@inproceedings{3c809f4c43ee4f97b39f4e00b2ff63bb,
title = "Sorting the Garbage: Filtering Out DRDoS Amplification Traffic in ISP Networks",
abstract = "Distributed Reflected Denial of Service (DRDoS) attacks have been continuing to grow unprecedentedly in the recent years. Attackers abuse genuine services running some application protocols built over UDP to generate amplified traffic targeting victim network. An Internet Service Provider (ISP) may host hundreds or even thousands of hosts running these vulnerable protocols that could become amplifier nodes in DRDoS attacks. If abused, they can collectively cause large volumes of garbage amplification traffic flowing out of the ISP network. This wasteful bandwidth consumption costs the provider money and loss of Quality of Service (QoS) to its customers. Moreover, the owners of services vulnerable to amplification have to spend their resources to process illicit requests. In this paper, we propose a novel idea to filter out garbage traffic from an ISP network. We employ a special type of a honeypot that collects information about ongoing DRDoS attacks, and Software Defined Network (SDN) paradigm offering us a unified interface to deploy firewall rules on a large variety of network devices. The rules block incoming amplification requests from reaching amplifiers located within the provider network rescuing vulnerable services from being abused. This prevents garbage traffic from leaving the network enabling the provider to save money and improve QoS. Moreover, our solution also contributes to victim's liveliness because it reduces the attack traffic reaching the target network. In addition, it stimulates ISPs to implement ingress filtering best practices for all its network routers in order to minimize damage from an attacker located in the same network.",
keywords = "amplification attacks, garbage traffic filtering, honeypot, ISP networks",
author = "Yury Zhauniarovich and Priyanka Dodia",
year = "2019",
month = "6",
day = "1",
doi = "10.1109/NETSOFT.2019.8806653",
language = "English",
series = "Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "142--150",
editor = "{De Turck}, Filip and Flavio Esposito and Prosper Chemouil and Olivier Festor and Stefano Secci and Christian Jacquenet and Walter Cerroni",
booktitle = "Proceedings of the 2019 IEEE Conference on Network Softwarization",

}

TY - GEN

T1 - Sorting the Garbage

T2 - Filtering Out DRDoS Amplification Traffic in ISP Networks

AU - Zhauniarovich, Yury

AU - Dodia, Priyanka

PY - 2019/6/1

Y1 - 2019/6/1

N2 - Distributed Reflected Denial of Service (DRDoS) attacks have been continuing to grow unprecedentedly in the recent years. Attackers abuse genuine services running some application protocols built over UDP to generate amplified traffic targeting victim network. An Internet Service Provider (ISP) may host hundreds or even thousands of hosts running these vulnerable protocols that could become amplifier nodes in DRDoS attacks. If abused, they can collectively cause large volumes of garbage amplification traffic flowing out of the ISP network. This wasteful bandwidth consumption costs the provider money and loss of Quality of Service (QoS) to its customers. Moreover, the owners of services vulnerable to amplification have to spend their resources to process illicit requests. In this paper, we propose a novel idea to filter out garbage traffic from an ISP network. We employ a special type of a honeypot that collects information about ongoing DRDoS attacks, and Software Defined Network (SDN) paradigm offering us a unified interface to deploy firewall rules on a large variety of network devices. The rules block incoming amplification requests from reaching amplifiers located within the provider network rescuing vulnerable services from being abused. This prevents garbage traffic from leaving the network enabling the provider to save money and improve QoS. Moreover, our solution also contributes to victim's liveliness because it reduces the attack traffic reaching the target network. In addition, it stimulates ISPs to implement ingress filtering best practices for all its network routers in order to minimize damage from an attacker located in the same network.

AB - Distributed Reflected Denial of Service (DRDoS) attacks have been continuing to grow unprecedentedly in the recent years. Attackers abuse genuine services running some application protocols built over UDP to generate amplified traffic targeting victim network. An Internet Service Provider (ISP) may host hundreds or even thousands of hosts running these vulnerable protocols that could become amplifier nodes in DRDoS attacks. If abused, they can collectively cause large volumes of garbage amplification traffic flowing out of the ISP network. This wasteful bandwidth consumption costs the provider money and loss of Quality of Service (QoS) to its customers. Moreover, the owners of services vulnerable to amplification have to spend their resources to process illicit requests. In this paper, we propose a novel idea to filter out garbage traffic from an ISP network. We employ a special type of a honeypot that collects information about ongoing DRDoS attacks, and Software Defined Network (SDN) paradigm offering us a unified interface to deploy firewall rules on a large variety of network devices. The rules block incoming amplification requests from reaching amplifiers located within the provider network rescuing vulnerable services from being abused. This prevents garbage traffic from leaving the network enabling the provider to save money and improve QoS. Moreover, our solution also contributes to victim's liveliness because it reduces the attack traffic reaching the target network. In addition, it stimulates ISPs to implement ingress filtering best practices for all its network routers in order to minimize damage from an attacker located in the same network.

KW - amplification attacks

KW - garbage traffic filtering

KW - honeypot

KW - ISP networks

UR - http://www.scopus.com/inward/record.url?scp=85072024404&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072024404&partnerID=8YFLogxK

U2 - 10.1109/NETSOFT.2019.8806653

DO - 10.1109/NETSOFT.2019.8806653

M3 - Conference contribution

T3 - Proceedings of the 2019 IEEE Conference on Network Softwarization: Unleashing the Power of Network Softwarization, NetSoft 2019

SP - 142

EP - 150

BT - Proceedings of the 2019 IEEE Conference on Network Softwarization

A2 - De Turck, Filip

A2 - Esposito, Flavio

A2 - Chemouil, Prosper

A2 - Festor, Olivier

A2 - Secci, Stefano

A2 - Jacquenet, Christian

A2 - Cerroni, Walter

PB - Institute of Electrical and Electronics Engineers Inc.

ER -