Poster Abstract: BounceBack - A DDoS Attack Using Unsuspecting Accomplices in the Network

Abstract

DDoS attacks often target a victim’s machine to isolate it from the rest of the Internet by overwhelming it with unwanted traffic. Due to the serious threat they pose, numerous defensive strategies have been proposed in the literature and the industry has developed effective techniques to help identify the abusers and combat the attacks. A more sophisticated type of DDoS attack, called the transit-link DDoS attack, instead aims to consume the resources of the intermediate core links rather than attacking the victim’s machine directly thereby avoiding attribution. The goal of such attacks is to severely congest one or more of the network links that are used to service the traffic of the victim, hence, causing the victim to experience a denial of service. In this paper, we present the BounceBack attack, which is a novel transit-link DDoS attack that leverages the ICMP protocol to recruit a large number of "unwilling" accomplices to solicit attack traffic from them, creating congestion in certain carefully selected links. The proposed attack has the potential to cause serious problems for ISPs, and makes attribution and mitigation challenging as it relies on reflection, redirection and deception to carry out the bandwidth-exhaustion attack.