Article

The Crossfire Attack

Authors:

Min Suk Kang,

Soo Bum Lee,

Virgil D. GligorAuthors Info & Claims

SP '13: Proceedings of the 2013 IEEE Symposium on Security and Privacy

Pages 127 - 141

https://doi.org/10.1109/SP.2013.19

Published: 19 May 2013 Publication History

Abstract

We present the Crossfire attack--a powerful attack that degrades and often cuts off network connections to a variety of selected server targets (e.g., servers of an enterprise, a city, a state, or a small country) by flooding only a few network links. In Crossfire, a small set of bots directs low intensity flows to a large number of publicly accessible servers. The concentration of these flows on the small set of carefully chosen links floods these links and effectively disconnects selected target servers from the Internet. The sources of the Crossfire attack are undetectable by any targeted servers, since they no longer receive any messages, and by network routers, since they receive only low-intensity, individual flows that are indistinguishable from legitimate flows. The attack persistence can be extended virtually indefinitely by changing the set of bots, publicly accessible servers, and target links while maintaining the same disconnection targets. We demonstrate the attack feasibility using Internet experiments, show its effects on a variety of chosen targets (e.g., servers of universities, US states, East and West Coasts of the US), and explore several countermeasures.

Cited By

View all

Hou KSaharia DYegneswaran VPorras PRamos FShahbaz MGurevich VSignorello S(2023)LANTERN: Layered Adaptive Network Telemetry Collection for Programmable DataplanesProceedings of the 6th on European P4 Workshop10.1145/3630047.3630194(1-7)Online publication date: 8-Dec-2023
https://dl.acm.org/doi/10.1145/3630047.3630194
Junosza-Szaniawski KNogalski DRzążewski P(2022)Exact and Approximation Algorithms for Sensor Placement Against DDoS AttacksInternational Journal of Applied Mathematics and Computer Science10.34768/amcs-2022-000432:1(35-49)Online publication date: 31-Mar-2022
https://dl.acm.org/doi/10.34768/amcs-2022-0004
Roshani MNobakht M(2022)HybridDAD: Detecting DDoS Flooding Attack using Machine Learning with Programmable SwitchesProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3538991(1-11)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3538991
Show More Cited By

Recommendations

Collaborative Client-Side DNS Cache Poisoning Attack
IEEE INFOCOM 2019 - IEEE Conference on Computer Communications
DNS poisoning attacks inject malicious entries into the DNS resolution system, allowing an attacker to redirect clients to malicious servers. These attacks typically target a DNS resolver allowing attackers to poison a DNS entry for all machines that use ...
A Persistent Route Diversification Mechanism for Defending against Stealthy Crossfire Attack
Computer networks are facing the challenge of stealthy crossfire attacks that flood through persistent routes (PRs) towards their decoys at a low rate for disrupting end-to-end connectivity of the target. At first, the PRs can be stealthily probed at the ...
Countering crossfire DDoS attacks through moving target defense in SDN networks using OpenFlow traffic modification
Abstract
Software‐Defined Networking (SDN) is an evolving networking technique due to its flexibility and programmability. OpenFlow is the primary protocol behind SDN. Moving Target Defense (MTD) is an emerging security technique to counter attacks by ...
Crossfire DDoS protection using Openflow‐based traffic modification via reverse and forward rules inside distributed SDN environment using ONOS controller. image image

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SP '13: Proceedings of the 2013 IEEE Symposium on Security and Privacy

May 2013

571 pages

ISBN:9780769549774

Publisher

IEEE Computer Society

United States

Publication History

Published: 19 May 2013

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

32
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hou KSaharia DYegneswaran VPorras PRamos FShahbaz MGurevich VSignorello S(2023)LANTERN: Layered Adaptive Network Telemetry Collection for Programmable DataplanesProceedings of the 6th on European P4 Workshop10.1145/3630047.3630194(1-7)Online publication date: 8-Dec-2023
https://dl.acm.org/doi/10.1145/3630047.3630194
Junosza-Szaniawski KNogalski DRzążewski P(2022)Exact and Approximation Algorithms for Sensor Placement Against DDoS AttacksInternational Journal of Applied Mathematics and Computer Science10.34768/amcs-2022-000432:1(35-49)Online publication date: 31-Mar-2022
https://dl.acm.org/doi/10.34768/amcs-2022-0004
Roshani MNobakht M(2022)HybridDAD: Detecting DDoS Flooding Attack using Machine Learning with Programmable SwitchesProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3538991(1-11)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3538991
Giuliari GRoos DWyss MGarcía-Pardo JLegner MPerrig ACarle GOtt J(2021)ColibriProceedings of the 17th International Conference on emerging Networking EXperiments and Technologies10.1145/3485983.3494871(104-118)Online publication date: 2-Dec-2021
https://dl.acm.org/doi/10.1145/3485983.3494871
Yurekten ODemirci M(2021)SDN-based cyber defenseFuture Generation Computer Systems10.1016/j.future.2020.09.006115:C(126-149)Online publication date: 1-Feb-2021
https://dl.acm.org/doi/10.1016/j.future.2020.09.006
Liu YZhao JZhang GXing C(2021) Computers and Security10.1016/j.cose.2021.102447110:COnline publication date: 1-Nov-2021
https://dl.acm.org/doi/10.1016/j.cose.2021.102447
Hall MLiu GDurairajan RSekar V(2020)Fighting Fire with LightProceedings of the Workshop on Secure Programmable Network Infrastructure10.1145/3405669.3405824(42-48)Online publication date: 10-Aug-2020
https://dl.acm.org/doi/10.1145/3405669.3405824
Cao JLi QXie RSun KGu GXu MYang YHeninger NTraynor P(2019)The crosspath attackProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361341(19-36)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361341
Demoulin HPedisich IVasilakis NLiu VLoo BPhan LDan TDahlia M(2019)Detecting asymmetric application-layer denial-of-service attacks in-flight with finelameProceedings of the 2019 USENIX Conference on Usenix Annual Technical Conference10.5555/3358807.3358866(693-707)Online publication date: 10-Jul-2019
https://dl.acm.org/doi/10.5555/3358807.3358866
Islam MDuan QAl-Shaer ELu Z(2019)Specification-driven Moving Target Defense SynthesisProceedings of the 6th ACM Workshop on Moving Target Defense10.1145/3338468.3356830(13-24)Online publication date: 11-Nov-2019
https://dl.acm.org/doi/10.1145/3338468.3356830
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

Collaborative Client-Side DNS Cache Poisoning Attack

A Persistent Route Diversification Mechanism for Defending against Stealthy Crossfire Attack

Countering crossfire DDoS attacks through moving target defense in SDN networks using OpenFlow traffic modification

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations