Abstract
Among DoS attack techniques, abusing UDP-based public servers like DNS or NTP for reflective amplification attack is continued to pose a great threat. Recent studies show that attacker can also use TCP retransmission before the three-way-handshake completion to perform this kind of attack. In this paper, we focus on the virtual environment, in which we evaluate the potential of abusing the virtual switch system to perform amplification attack. We created a virtual network that able to connect to an external network and observed the virtual switch system’s behavior while receiving TCP packets from outside the network. We show that the virtual switch system itself can retransmit TCP packets and therefore can be abused for amplification attack by an internal attacker. In other words, he/she can make amplification using TCP hosts from outside the network and the virtual switch system’s retransmission ability. Furthermore, we test the endurance of different OS and show that Windows OS family and macOS are more vulnerable than Linux Ubuntu OS against this kind of attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kührer, M., Hupperich, T., Rossow, C., Holz, T.: Hell of a handshake: abusing TCP for reflective amplification DDoS attacks. In: 8th USENIX Workshop on Offensive Technologies (WOOT 2014), August 2014
Kührer, M. Hupperich, T., Rossow, C., Holz, T.: Exit from hell? Reducing the impact of amplification DDoS attacks. In: 23rd USENIX Security Symposium (USENIX Security 2014), August 2014
Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: Symposium on Network and Distributed System Security (NDSS), February 2014. https://www.internetsociety.org/sites/default/files/01_5.pdf. Accessed 30 May 2017
IBM: Reviewing a year of serious data breaches, major attacks and new vulnerabilities, April 2016. https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEP03394USEN. Accessed 30 May 2017
IETF: Transmission Control Protocol, DARPA Internet Program Protocol Specification RFC793 (1981). https://tools.ietf.org/html/rfc793. Accessed 30 May 2017
Nmap (“Network Mapper”) v7.12. http://nmap.org
Famatech: Advanced IP Scanner v2.4. http://www.advanced-ip-scanner.com/
Wireshark: Network protocol analyzer, Wireshark v2.2.6. https://www.wireshark.org/
VMWare: Workstation for Windows, VMWare Workstation Pro 12. https://www.vmware.com/products/workstation.html
FSN: The economy is flat so why are financials cloud vendors growing at more than 90 percent per annum?, March 2013. http://www.fsn.co.uk/channel_outsourcing/. Accessed 30 May 2017
Acknowledgment
This work was supported by JSPS KAKENHI Grant Number 17K06455.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Nguyen, S.D., Mimura, M., Tanaka, H. (2018). Abusing TCP Retransmission for DoS Attack Inside Virtual Network. In: Kang, B., Kim, T. (eds) Information Security Applications. WISA 2017. Lecture Notes in Computer Science(), vol 10763. Springer, Cham. https://doi.org/10.1007/978-3-319-93563-8_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-93563-8_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93562-1
Online ISBN: 978-3-319-93563-8
eBook Packages: Computer ScienceComputer Science (R0)