DC ElementWertSprache
dc.contributor.authorNawrocki, Marcin-
dc.contributor.authorBlendin, Jeremias-
dc.contributor.authorDietzel, Christoph-
dc.contributor.authorSchmidt, Thomas-
dc.contributor.authorWählisch, Matthias-
dc.date.accessioned2020-09-02T15:38:05Z-
dc.date.available2020-09-02T15:38:05Z-
dc.date.issued2019-10-21-
dc.identifier.isbn978-1-4503-6948-0en_US
dc.identifier.urihttp://hdl.handle.net/20.500.12738/4464-
dc.description.abstractLarge Distributed Denial-of-Service (DDoS) attacks pose a major threat not only to end systems but also to the Internet infrastructure as a whole. Remote Triggered Black Hole filtering (RTBH) has been established as a tool to mitigate inter-domain DDoS attacks by discarding unwanted traffic early in the network, e.g., at Internet eXchange Points (IXPs). As of today, little is known about the kind and effectiveness of its use, and about the need for more fine-grained filtering. In this paper, we present the first in-depth statistical analysis of all RTBH events at a large European IXP by correlating measurements of the data and the control plane for a period of 104 days. We identify a surprising practise that significantly deviates from the expected mitigation use patterns. First, we show that only one third of all 34k visible RTBH events correlate with indicators of DDoS attacks. Second, we witness over 2000 blackhole events announced for prefixes not of servers but of clients situated in DSL networks. Third, we find that blackholing on average causes dropping of only 50% of the unwanted traffic and is hence a much less reliable tool for mitigating DDoS attacks than expected. Our analysis gives also rise to first estimates of the collateral damage caused by RTBH-based DDoS mitigation.en
dc.language.isoenen_US
dc.publisherAssociation for Computing Machineryen_US
dc.subjectDDoSen_US
dc.subjectBGPen_US
dc.subjectRTBHen_US
dc.subjectCollateral Damageen_US
dc.subject.ddc004: Informatiken_US
dc.titleDown the black hole : dismantling operational practices of BGP blackholing at IXPSen
dc.typeinProceedingsen_US
dc.relation.conferenceACM Internet Measurement Conference 2019en_US
dc.description.versionPeerRevieweden_US
tuhh.container.endpage448en_US
tuhh.container.startpage435en_US
tuhh.oai.showtrueen_US
tuhh.publication.instituteDepartment Informatiken_US
tuhh.publication.instituteFakultät Technik und Informatiken_US
tuhh.publisher.doi10.1145/3355369.3355593-
tuhh.relation.ispartofseriesProceedings of the 2019 ACM Internet Measurement Conferenceen_US
tuhh.type.opusInProceedings (Aufsatz / Paper einer Konferenz etc.)-
dc.type.casraiConference Paper-
dc.type.dinicontributionToPeriodical-
dc.type.drivercontributionToPeriodical-
dc.type.statusinfo:eu-repo/semantics/publishedVersionen_US
dcterms.DCMITypeText-
item.creatorGNDNawrocki, Marcin-
item.creatorGNDBlendin, Jeremias-
item.creatorGNDDietzel, Christoph-
item.creatorGNDSchmidt, Thomas-
item.creatorGNDWählisch, Matthias-
item.fulltextNo Fulltext-
item.creatorOrcidNawrocki, Marcin-
item.creatorOrcidBlendin, Jeremias-
item.creatorOrcidDietzel, Christoph-
item.creatorOrcidSchmidt, Thomas-
item.creatorOrcidWählisch, Matthias-
item.seriesrefProceedings of the 2019 ACM Internet Measurement Conference-
item.grantfulltextnone-
item.cerifentitytypePublications-
item.tuhhseriesidProceedings of the 2019 ACM Internet Measurement Conference-
item.languageiso639-1en-
item.openairecristypehttp://purl.org/coar/resource_type/c_5794-
item.openairetypeinProceedings-
crisitem.author.deptDepartment Informatik-
crisitem.author.orcid0000-0002-0956-7885-
crisitem.author.parentorgFakultät Technik und Informatik-
Enthalten in den Sammlungen:Publications without full text
Zur Kurzanzeige

Seitenansichten

111
checked on 26.12.2024

Google ScholarTM

Prüfe

HAW Katalog

Prüfe

Volltext ergänzen

Feedback zu diesem Datensatz


Alle Ressourcen in diesem Repository sind urheberrechtlich geschützt.