The Amplification Threat Posed by Publicly Reachable BACnet Devices

In a connected world Internet security is becoming increasingly important. Attacks, which are frequently executed by botnets, can impact people in their everyday life. A ubiquitous kind of attack is the amplification attack, a special type of Denial-of-Service attack. Several protocols such as DNS, NTP, and SNMP are known to be vulnerable to amplification attacks when security practices are not followed. In this work we evaluate the vulnerability of BACnet, a building automation and control protocol, to amplification attacks. To assess BACnet’s vulnerability we conduct active traffic measurements on an Internet-wide scale. We find 16 485 BACnet devices, the largest number to date. Additionally, more than 14 k of these devices can be misused as amplifiers, with some generating amplification factors up to 120. To remediate this potential threat we employ a vulnerability notification campaign in close coordination with a CERT. We assess the success of the campaign and find that the number of publicly reachable BACnet devices decreased only slightly. Additionally, we employ passive measurements to attribute the majority of BACnet traffic in the wild to scanning projects. Finally, we also give suggestions to thwart the amplification attack potential of BACnet.

Download Full-text

Lightweight, Low-Rate Denial-of-Service Attack Prevention and Control Program for IoT Devices

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering - IoT as a Service ◽

10.1007/978-3-030-00410-1_29 ◽

2018 ◽

pp. 243-247

Author(s):

Chi-Che Wu ◽

Wei Yang Wang ◽

Rung-Shiang Cheng

Keyword(s):

Prevention And Control ◽

Denial Of Service ◽

Control Program ◽

Denial Of Service Attack ◽

Service Attack ◽

Iot Devices ◽

And Control ◽

Low Rate

Download Full-text

A Mitigation Technique for DoS Attack in Wireless Network Based Gradient Matrix and Firefly

International Journal of Advanced Research in Computer Science and Software Engineering ◽

10.23956/ijarcsse.v8i1.546 ◽

2018 ◽

Vol 8 (1) ◽

pp. 136

Author(s):

Jeewanjot Kaur ◽

Taranjit Singh Aulakh

Keyword(s):

Research Effort ◽

Denial Of Service ◽

Traffic Monitoring ◽

Internet Security ◽

Cyber Attack ◽

Dos Attack ◽

Dos Attacks ◽

Network Resource ◽

Denial Of Service Attack ◽

Service Attack

In computing, a denial-of-service attack (DoS attack) is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source. In this research a generalized model for detection has been created by studying the existing models and algorithms on DoS attacks. Internet security is vital to facilitate e-commerce transactions, and there has been continued research effort to provision network traffic monitoring at high speeds. In the proposed technique a threshold is also defined so that any other node id which is greater than that threshold may be prevented. In case of any intrusion IP backtracking and packet logging is used to detect the intruder and mitigate it. From result it may be clear that the QoS parameters are improved using proposed approach and there are improved by approx 15-18% from the existing approach.

Download Full-text