Denial of Service via Algorithmic Complexity Attacks
| dc.contributor.author | Crosby, Scott A. | |
| dc.contributor.author | Wallach, Dan S. | |
| dc.date.accessioned | 2017-08-02T22:02:59Z | |
| dc.date.available | 2017-08-02T22:02:59Z | |
| dc.date.issued | 2003-02-12 | |
| dc.date.note | February 12, 2003 | |
| dc.description.abstract | We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures. Frequently used data structures have "average-case'' expected running time that's far more efficient than the worst case. For example, both binary trees and hash tables can degenerate to linked lists with carefully chosen input. We show how an attacker can effectively compute such input, and we demonstrate attacks against the hash table implementations in two versions of Perl, the Squid web proxy, and the Bro intrusion detection system. Using bandwidth less than a typical modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. | |
| dc.format.extent | 13 pp | |
| dc.identifier.citation | Crosby, Scott A. and Wallach, Dan S.. "Denial of Service via Algorithmic Complexity Attacks." (2003) https://hdl.handle.net/1911/96313. | |
| dc.identifier.digital | TR03-416 | |
| dc.identifier.uri | https://hdl.handle.net/1911/96313 | |
| dc.language.iso | eng | |
| dc.rights | You are granted permission for the noncommercial reproduction, distribution, display, and performance of this technical report in any format, but this permission is only for a period of forty-five (45) days from the most recent time that you verified that this technical report is still available from the Computer Science Department of Rice University under terms that include this permission. All other rights are reserved by the author(s). | |
| dc.title | Denial of Service via Algorithmic Complexity Attacks | |
| dc.type | Technical report | |
| dc.type.dcmi | Text |
Files
Original bundle
1 - 1 of 1