QUICsand: Quantifying QUIC Reconnaissance Scans and DoS Flooding Events

Publikation: Beitrag in Buch/Konferenzbericht/Sammelband/GutachtenBeitrag in KonferenzbandBeigetragenBegutachtung

Beitragende

Abstract

In this paper, we present first measurements of Internet background radiation originating from the emerging transport protocol QUIC. Our analysis is based on the UCSD network telescope, correlated with active measurements. We find that research projects dominate the QUIC scanning ecosystem but also discover traffic from non-benign sources. We argue that although QUIC has been carefully designed to restrict reflective amplification attacks, the QUIC handshake is prone to resource exhaustion attacks, similar to TCP SYN floods. We confirm this conjecture by showing how this attack vector is already exploited in multi-vector attacks: On average, the Internet is exposed to four QUIC floods per hour and half of these attacks occur concurrently with other common attack types such as TCP/ICMP floods.

Details

OriginalspracheEnglisch
TitelIMC '21: Proceedings of the 21st ACM Internet Measurement Conference
Herausgeber (Verlag)Association for Computing Machinery
Seiten283-291
Seitenumfang9
ISBN (elektronisch)978-1-4503-9129-0
PublikationsstatusVeröffentlicht - 2 Nov. 2021
Peer-Review-StatusJa

Publikationsreihe

ReiheIMC: Internet Measurement Conference

Konferenz

Titel21st ACM Internet Measurement Conference, IMC 2021
Dauer2 - 4 November 2021
StadtVirtual, Online
LandUSA/Vereinigte Staaten

Externe IDs

ORCID /0000-0002-3825-2807/work/142241901

Schlagworte

Forschungsprofillinien der TU Dresden

Fächergruppen, Lehr- und Forschungsbereiche, Fachgebiete nach Destatis

Ziele für nachhaltige Entwicklung

Bibliotheksschlagworte