We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:

References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Networking and Internet Architecture

Title: QUICsand: Quantifying QUIC Reconnaissance Scans and DoS Flooding Events

Abstract: In this paper, we present first measurements of Internet background radiation originating from the emerging transport protocol QUIC. Our analysis is based on the UCSD network telescope, correlated with active measurements. We find that research projects dominate the QUIC scanning ecosystem but also discover traffic from non-benign sources. We argue that although QUIC has been carefully designed to restrict reflective amplification attacks, the QUIC handshake is prone to resource exhaustion attacks, similar to TCP SYN floods. We confirm this conjecture by showing how this attack vector is already exploited in multi-vector attacks: On average, the Internet is exposed to four QUIC floods per hour and half of these attacks occur concurrently with other common attack types such as TCP/ICMP floods.
Comments: Proc. of ACM IMC'21, camera-ready
Subjects: Networking and Internet Architecture (cs.NI); Cryptography and Security (cs.CR)
DOI: 10.1145/3487552.3487840
Cite as: arXiv:2109.01106 [cs.NI]
  (or arXiv:2109.01106v2 [cs.NI] for this version)

Submission history

From: Marcin Nawrocki [view email]
[v1] Thu, 2 Sep 2021 17:28:27 GMT (509kb,D)
[v2] Tue, 5 Oct 2021 13:01:48 GMT (709kb,D)

Link back to: arXiv, form interface, contact.