Untraceable Email Cluster Bombs: On Agent-Based Distributed Denial of Service Export

@article{citeulike:4332220, abstract = {We uncover a vulnerability that allows for an attacker to perform an email-based attack on selected victims, using only standard scripts and agents. What differentiates the attack we describe from other, already known forms of distributed denial of service (DDoS) attacks is that an attacker does not need to infiltrate the network in any manner --- as is normally required to launch a DDoS attack. Thus, we see this type of attack as a poor man's DDoS. Not only is the attack easy to mount, but it is also almost impossible to trace back to the perpetrator. Along with descriptions of our attack, we demonstrate its destructive potential with (limited and contained) experimental results. We illustrate the potential impact of our attack by describing how an attacker can disable an email account by flooding its inbox; block competition during online auctions; harm competitors with an on-line presence; disrupt phone service to a given victim; cheat in SMSbased games; disconnect mobile corporate leaders from their networks; and disrupt electronic elections. Finally, we propose a set of countermeasures that are light-weight, do not require modifications to the infrastructure, and can be deployed in a gradual manner.}, author = {Jakobsson, Markus}, citeulike-article-id = {4332220}, keywords = {bombs, cluster, denial-of-service, distributed, email}, posted-at = {2009-04-23 19:34:16}, priority = {2}, title = {Untraceable Email Cluster Bombs: On Agent-Based Distributed Denial of Service}, year = {2003} }

TY - JOUR ID - citeulike:4332220 L3 - citeulike-article-id:4332220 N2 - We uncover a vulnerability that allows for an attacker to perform an email-based attack on selected victims, using only standard scripts and agents. What differentiates the attack we describe from other, already known forms of distributed denial of service (DDoS) attacks is that an attacker does not need to infiltrate the network in any manner --- as is normally required to launch a DDoS attack. Thus, we see this type of attack as a poor man's DDoS. Not only is the attack easy to mount, but it is also almost impossible to trace back to the perpetrator. Along with descriptions of our attack, we demonstrate its destructive potential with (limited and contained) experimental results. We illustrate the potential impact of our attack by describing how an attacker can disable an email account by flooding its inbox; block competition during online auctions; harm competitors with an on-line presence; disrupt phone service to a given victim; cheat in SMSbased games; disconnect mobile corporate leaders from their networks; and disrupt electronic elections. Finally, we propose a set of countermeasures that are light-weight, do not require modifications to the infrastructure, and can be deployed in a gradual manner. TI - Untraceable Email Cluster Bombs: On Agent-Based Distributed Denial of Service KW - bombs KW - cluster KW - denial-of-service KW - distributed KW - email AU - Jakobsson, Markus PY - 2003/// ER -