Practical Approaches to the DRDoS Attack Detection based on Netflow Analysis

Jungtae Kim, Ik-Kyun Kim, Koohong Kang
The paper proposes a practical method of detecting the Distributed Reflection Denial-of-Service Attack (DRDoS) in the Internet with the policy based routing and load balancing applied. To do so, the detection algorithm is provided separately accordingly to the underlying network infrastructure such as routing symmetry or asymmetry. Finally, it provides a practical way of detecting the reflection attacker, which connects the reflectors to command or trigger the IP Spoofed DNS (Domain Name
more » ... )/NTP (Network Time Protocol) requests, by analyzing the connection information available on the Netflow enabled Routers.