CISPA
Browse
cispa_all_3372.pdf (605.27 kB)

BGPeek-a-Boo: Active BGP-based Traceback for Amplification DDoS Attacks

Download (605.27 kB)
conference contribution
posted on 2023-11-29, 18:16 authored by Johannes Krupp, Christian RossowChristian Rossow
Amplification DDoS attacks inherently rely on IP spoofing to steer attack traffic to the victim. At the same time, IP spoofing undermines prosecution, as the originating attack infrastructure remains hidden. Researchers have therefore proposed various mechanisms to trace back amplification attacks (or IP-spoofed attacks in general). However, existing traceback techniques require either the cooperation of external parties or a priori knowledge about the attacker. We propose BGPeek-a-Boo, a BGP-based approach to trace back amplification attacks to their origin network. BGPeek-a-Boo monitors amplification attacks with honeypots and uses BGP poisoning to temporarily shut down ingress traffic from selected Autonomous Systems. By systematically probing the entire AS space, we detect systems forwarding and originating spoofed traffic. We then show how a graph-based model of BGP route propagation can reduce the search space, resulting in a 5x median speed-up and over 20x for 1/4 of all cases. BGPeek-a-Boo achieves a unique traceback result 60% of the time in a simulation-based evaluation supported by real-world experiments.

History

Preferred Citation

Johannes Krupp and Christian Rossow. BGPeek-a-Boo: Active BGP-based Traceback for Amplification DDoS Attacks. In: IEEE European Symposium on Security and Privacy (EuroS&P). 2021.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

IEEE European Symposium on Security and Privacy (EuroS&P)

Legacy Posted Date

2021-02-19

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3372, title = "BGPeek-a-Boo: Active BGP-based Traceback for Amplification DDoS Attacks", author = "Krupp, Johannes and Rossow, Christian", booktitle="{IEEE European Symposium on Security and Privacy (EuroS&P)}", year="2021", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC