On the Potential Abuse of IGMP

TitleOn the Potential Abuse of IGMP
Publication TypeJournal Article
Year of Publication2017
AuthorsSargent M, Kristoff J, Paxson V, Allman M
Published inACM Computer Communication Review
Volume47
Issue1
Date Published01/2017
KeywordsAttacks, Denial-of-Service, IGMP, Security
Abstract

In this paper we investigate the vulnerability of the Internet Group Management Protocol (IGMP) to be leveraged for denial-of-service (DoS) attacks. IGMP is a connectionless protocol and therefore susceptible to attackers spoofing a third-party victim's source address in an e ort to coax responders to send their replies to the victim. We nd 305K IGMP responders that will indeed answer queries from arbitrary Internet hosts. Further, the responses are often larger than the requests, hence amplifying the attacker's own expenditure of bandwidth. We conclude that attackers can coordinate IGMP responders to mount sizeable DoS attacks.

Acknowledgment

This work was funded in part by NSF grant CNS-1237265. We thank David Johnson for his signifcant efforts in helping us ensure our scanning and data collection facilities were accurate.

URLhttp://www.icir.org/mallman/pubs/SKPA17/SKPA17.pdf
ICSI Research Group

Networking and Security