DeepAI AI Chat
Log In Sign Up

On Blowback Traffic on the Internet

by   Dallan Goldblatt, et al.
Case Western Reserve University,

This paper considers the phenomenon where a single probe to a target generates multiple, sometimes numerous, packets in response – which we term "blowback". Understanding blowback is important because attackers can leverage it to launch amplified denial of service attacks by redirecting blowback towards a victim. Blowback also has serious implications for Internet researchers since their experimental setups must cope with bursts of blowback traffic. We find that tens of thousands, and in some protocols, hundreds of thousands, of hosts generate blowback, with orders of magnitude amplification on average. In fact, some prolific blowback generators produce millions of response packets in the aftermath of a single probe. We also find that blowback generators are fairly stable over periods of weeks, so once identified, many of these hosts can be exploited by attackers for a long time.


page 6

page 7


Zeroing in on Port 0 Traffic in the Wild

Internet services leverage transport protocol port numbers to specify th...

Oscilloscope: Detecting BGP Hijacks in the Data Plane

The lack of security of the Internet routing protocol (BGP) has allowed ...

Monitoring Security of Enterprise Hosts via DNS Data Analysis

Enterprise Networks are growing in scale and complexity, with heterogene...

Bankrupt Covert Channel: Turning Network Predictability into Vulnerability

Recent years have seen a surge in the number of data leaks despite aggre...

Spatial Temporal Analysis of 40,000,000,000,000 Internet Darkspace Packets

The Internet has never been more important to our society, and understan...

Scam Pandemic: How Attackers Exploit Public Fear through Phishing

As the COVID-19 pandemic started triggering widespread lockdowns across ...

Exploring Network-Wide Flow Data with Flowyager

Many network operations, ranging from attack investigation and mitigatio...