Abstract

Marcin Nawrocki, Raphael Hiesgen, Thomas C. Schmidt, Matthias Wählisch,
QUICsand: Quantifying QUIC Reconnaissance Scans and DoS Flooding Events,
In: Proc. of ACM Internet Measurement Conference (IMC), pp. 283--291, New York: ACM, 2021.
HTML   PDF   Video   Slides   Code   BibTeX   Abstract  

Abstract: In this paper, we present first measurements of Internet background radiation originating from the emerging transport protocol QUIC. Our analysis is based on the UCSD network telescope, correlated with active measurements. We find that research projects dominate the QUIC scanning ecosystem but also discover traffic from non-benign sources. We argue that although QUIC has been carefully designed to restrict reflective amplification attacks, the QUIC handshake is prone to resource exhaustion attacks, similar to TCP SYN floods. We confirm this conjecture by showing how this attack vector is already exploited in multi-vector attacks: On average, the Internet is exposed to four QUIC floods per hour and half of these attacks occur concurrently with other common attack types such as TCP/ICMP floods.

Themes: Network Security , Internet Measurements and Analysis

 


This page generated by bibTOhtml on Di 14. Jun 15:40:55 CEST 2022