Who's got my back? Measuring the adoption of an internet-wide BGP RTBH Service

Research output: Contribution to journalArticleScientificpeer-review

34 Downloads (Pure)

Abstract

Distributed Denial-of-Service (DDoS) attacks continue to threaten the availability of Internet-based services. While countermeasures exist to decrease the impact of these attacks, not all operators have the resources or knowledge to deploy them. Alternatively, anti-DDoS services such as DDoS clearing houses and blackholing have emerged. Unwanted Traffic Removal Service (UTRS), being one of the oldest community-based anti-DDoS services, has become a global free collaborative service that aims at mitigating major DDoS attacks through the Border Gateway Protocol (BGP). Once the BGP session with UTRS is established, UTRS members can advertise part of the prefixes belonging to their AS to UTRS. UTRS will forward them to all other participants, who, in turn, should start blocking traffic to the advertised IP addresses. In this paper, we develop and evaluate a methodology to automatically detect UTRS participation in the wild. To this end, we deploy a measurement infrastructure and devise a methodology to detect UTRS-based traffic blocking. Using this methodology, we conducted a longitudinal analysis of UTRS participants over ten weeks. Our results show that at any point in time, there were 562 participants, including multihomed, stub, transit, and IXP ASes. Moreover, we surveyed 245 network operators to understand why they would (not) join UTRS. Results show that threat and coping appraisal significantly influence the intention to participate in UTRS.

Original languageEnglish
Article number3
Pages (from-to)1-25
Number of pages25
JournalProceedings of the ACM on Measurement and Analysis of Computing Systems
Volume8
Issue number1
DOIs
Publication statusPublished - 2024

Keywords

  • BGP
  • DDoS
  • Internet measurements
  • RTBH
  • UTRS

Fingerprint

Dive into the research topics of 'Who's got my back? Measuring the adoption of an internet-wide BGP RTBH Service'. Together they form a unique fingerprint.

Cite this