On Blowback Traffic on the Internet
Dallan Goldblatt, Calvin Vuong, Michael Rabinovich
TL;DR
This paper investigates blowback traffic on the Internet, revealing its scale, stability, and implications for security and research, highlighting the need for understanding and mitigating this phenomenon.
Contribution
It provides the first large-scale analysis of blowback traffic, quantifying its prevalence, amplification, and stability over time.
Findings
Tens of thousands to hundreds of thousands of hosts generate blowback.
Some hosts produce millions of response packets from a single probe.
Blowback generators are stable over weeks, enabling long-term exploitation.
Abstract
This paper considers the phenomenon where a single probe to a target generates multiple, sometimes numerous, packets in response -- which we term "blowback". Understanding blowback is important because attackers can leverage it to launch amplified denial of service attacks by redirecting blowback towards a victim. Blowback also has serious implications for Internet researchers since their experimental setups must cope with bursts of blowback traffic. We find that tens of thousands, and in some protocols, hundreds of thousands, of hosts generate blowback, with orders of magnitude amplification on average. In fact, some prolific blowback generators produce millions of response packets in the aftermath of a single probe. We also find that blowback generators are fairly stable over periods of weeks, so once identified, many of these hosts can be exploited by attackers for a long time.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Internet Traffic Analysis and Secure E-voting · Network Traffic and Congestion Control