Today on Heavy Networking, we’re diving into academic research on DDoS attack techniques. More specifically, our guests have published a paper about how the TCP protocol and middleboxes such as firewalls can be weaponized by bad actors and used in reflective amplification attacks.
Typically, UDP is the preferred protocol of bad actors for reflective amplification attacks, but our guests have discovered middleboxes on the Internet that can, with a few crafty packets, become major amplifiers of DDoS traffic using TCP.
We’ll get into the technical details, how they performed this research, potential countermeasures, and more.
Our guests are Dave Levin, Assistant Professor, Computer Science at the University of Maryland; Eric Wustrow, Assistant Professor of Computer Engineering at University of Colorado, Boulder; and Kevin Bock, a PhD student at the University of Maryland.
Itential is network and cloud automation. Itential’s software makes it easy for network teams to get insights into your entire infrastructure, immediately detect non-compliant assets for rapid remediation, and manage and deploy changes across both CLI & API infrastructure. Find out more at www.itential.com/packetpushers.
Weaponizing Middleboxes for TCP Relfected Amplification – Usenix (PDF)
Heavy Networking 488: Using Genetic Algorithms To Avoid Internet Censorship – Packet Pushers
Geneva: Evolving Censorship Evasion – University of Maryland
@ewust – Eric Wustrow on Twitter
@distributeddave – Dave Levin on Twitter