On the Potential Abuse of IGMP

In this paper we investigate the vulnerability of the Internet Group Management Protocol (IGMP) to be leveraged for denial-of-service (DoS) attacks. IGMP is a connectionless protocol and therefore susceptible to attackers spoofing a third-party victim's source address in an effort to coax responders to send their replies to the victim. We find 305K IGMP responders that will indeed answer queries from arbitrary Internet hosts. Further, the responses are often larger than the requests, hence amplifying the attacker's own expenditure of bandwidth. We conclude that attackers can coordinate IGMP responders to mount sizeable DoS attacks.

[1]  Stephen E. Deering,et al.  Host extensions for IP multicasting , 1986, RFC.

[2]  Stephen E. Deering,et al.  Distance Vector Multicast Routing Protocol , 1988, RFC.

[3]  Stephen Deering,et al.  Internet group management protocol , 1996 .

[4]  William C. Fenner Internet Group Management Protocol, Version 2 , 1997, RFC.

[5]  Dave Thaler,et al.  Distance-Vector Multicast Routing Protocol MIB , 1999 .

[6]  Mischa Schwartz,et al.  ACM SIGCOMM computer communication review , 2001, CCRV.

[7]  Brad Cain,et al.  Internet Group Management Protocol, Version 3 , 2002, RFC.

[8]  A. Kuzmanovic,et al.  Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants , 2003, SIGCOMM '03.

[9]  Tom Pusateri Distance Vector Multicast Routing Protocol , 2003 .

[10]  Olivier Bonaventure,et al.  Quantifying ases multiconnectivity using multicast information , 2009, IMC '09.

[11]  Benoit Donnet,et al.  MERLIN: MEasure the router level of the INternet , 2011, 2011 7th EURO-NGI Conference on Next Generation Internet Networks.

[12]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[13]  Mark Allman,et al.  On measuring the client-side DNS infrastructure , 2013, Internet Measurement Conference.

[14]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[15]  Christian Rossow,et al.  Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.

[16]  Vern Paxson,et al.  Temporal Lensing and Its Application in Pulsing Denial-of-Service Attacks , 2015, 2015 IEEE Symposium on Security and Privacy.