{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T19:38:55Z","timestamp":1765827535727,"version":"3.41.0"},"reference-count":24,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2017,1,17]],"date-time":"2017-01-17T00:00:00Z","timestamp":1484611200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGCOMM Comput. Commun. Rev."],"published-print":{"date-parts":[[2017,1,17]]},"abstract":"<jats:p>In this paper we investigate the vulnerability of the Internet Group Management Protocol (IGMP) to be leveraged for denial-of-service (DoS) attacks. IGMP is a connectionless protocol and therefore susceptible to attackers spoofing a third-party victim's source address in an effort to coax responders to send their replies to the victim. We find 305K IGMP responders that will indeed answer queries from arbitrary Internet hosts. Further, the responses are often larger than the requests, hence amplifying the attacker's own expenditure of bandwidth. We conclude that attackers can coordinate IGMP responders to mount sizeable DoS attacks.<\/jats:p>","DOI":"10.1145\/3041027.3041031","type":"journal-article","created":{"date-parts":[[2017,1,18]],"date-time":"2017-01-18T13:13:59Z","timestamp":1484745239000},"page":"27-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["On the Potential Abuse of IGMP"],"prefix":"10.1145","volume":"47","author":[{"given":"Matthew","family":"Sargent","sequence":"first","affiliation":[{"name":"CWRU"}]},{"given":"John","family":"Kristoff","sequence":"additional","affiliation":[{"name":"DePaul"}]},{"given":"Vern","family":"Paxson","sequence":"additional","affiliation":[{"name":"ICSI \/ UCB"}]},{"given":"Mark","family":"Allman","sequence":"additional","affiliation":[{"name":"ICSI"}]}],"member":"320","published-online":{"date-parts":[[2017,1,17]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Cisco IOS Software Product Lifecycle Dates & Milestones. http:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/ios-nx-os-software\/ios-software-releases-12-2-mainline\/prod\\_bulletin0900aecd801eda8a.html.  Cisco IOS Software Product Lifecycle Dates & Milestones. http:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/ios-nx-os-software\/ios-software-releases-12-2-mainline\/prod\\_bulletin0900aecd801eda8a.html."},{"key":"e_1_2_1_2_1","unstructured":"DVMRP Can Be Used to Trigger an Amplification Attack Against a Third Party. https:\/\/kb.juniper.net\/InfoCenter\/index?page=content&id=KB29553.  DVMRP Can Be Used to Trigger an Amplification Attack Against a Third Party. https:\/\/kb.juniper.net\/InfoCenter\/index?page=content&id=KB29553."},{"key":"e_1_2_1_3_1","unstructured":"Open Resolver Project. http:\/\/openresolverproject.org\/.  Open Resolver Project. http:\/\/openresolverproject.org\/."},{"key":"e_1_2_1_4_1","unstructured":"A. Aina J. Akkerhuis K. Claffy S. Crocker D. Karrenberg J. Ihrn R. Joffe M. Kosters A. Mankin R. Mohan etal SSAC Advisory SAC008 DNS Distributed Denial of Service (DDoS) Attacks 2006.  A. Aina J. Akkerhuis K. Claffy S. Crocker D. Karrenberg J. Ihrn R. Joffe M. Kosters A. Mankin R. Mohan et al. SSAC Advisory SAC008 DNS Distributed Denial of Service (DDoS) Attacks 2006."},{"key":"e_1_2_1_5_1","first-page":"3376","volume":"3","author":"Cain B.","year":"2002","journal-title":"Internet Group Management Protocol, Version"},{"key":"e_1_2_1_6_1","doi-asserted-by":"crossref","unstructured":"S. Deering. Host Extensions for IP Multicasting Aug. 1989. RFC 1112.   S. Deering. Host Extensions for IP Multicasting Aug. 1989. RFC 1112.","DOI":"10.17487\/rfc1112"},{"key":"e_1_2_1_7_1","first-page":"605","volume-title":"USENIX Security","author":"Durumeric Z.","year":"2013"},{"key":"e_1_2_1_8_1","first-page":"2236","volume":"2","author":"W. Fenner. Internet Group Management Protocol","year":"1997","journal-title":"Version"},{"key":"e_1_2_1_9_1","unstructured":"G. Huston. The 32-bit AS Number Report Apr. 2016. http:\/\/www.potaroo.net\/tools\/asn32\/.  G. Huston. The 32-bit AS Number Report Apr. 2016. http:\/\/www.potaroo.net\/tools\/asn32\/."},{"volume-title":"Lawrence Berkeley Laboratory","year":"1989","author":"Jacobson V.","key":"e_1_2_1_10_1"},{"key":"e_1_2_1_11_1","unstructured":"J. Kristoff. DVMRP Ask Neighbors2: an IGMP-based DDoS\/Leak Threat Oct. 2014. https:\/\/www.cymru.com\/jtk\/talks\/nanog62-an2.pdf.  J. Kristoff. DVMRP Ask Neighbors2: an IGMP-based DDoS\/Leak Threat Oct. 2014. https:\/\/www.cymru.com\/jtk\/talks\/nanog62-an2.pdf."},{"volume-title":"ACM SIGCOMM","year":"2003","author":"Kuzmanovic A.","key":"e_1_2_1_12_1"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/NGI.2011.5985865"},{"volume-title":"Pansiot. Quantifying ASes Multiconnectivity Using Multicast Information. In ACM SIGCOMM Internet Measurement Conference","year":"2009","author":"M\u00e9rindol P.","key":"e_1_2_1_14_1"},{"key":"e_1_2_1_15_1","unstructured":"T. Pusateri. Distance Vector Multicast Routing Protocol Oct. 2003. Internet-Draft draft-ietf-idmr-dvmrp-v3-11.txt (work in progress).  T. Pusateri. Distance Vector Multicast Routing Protocol Oct. 2003. Internet-Draft draft-ietf-idmr-dvmrp-v3-11.txt (work in progress)."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.19"},{"volume-title":"Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In Symposium on Network and Distributed System Security (NDSS)","year":"2014","author":"Rossow C.","key":"e_1_2_1_17_1"},{"key":"e_1_2_1_18_1","unstructured":"P. Schmehl. The Microsoft UPnP (Universal Plug and Play) Vulnerability. http:\/\/bandwidthco.com\/sf_whitepapers\/windows\/The\\%20Microsoft\\%20UPnP\\%20(Universal\\%20Plug\\%20and\\%20Play)\\%20Vulnerability.pdf 2002.  P. Schmehl. The Microsoft UPnP (Universal Plug and Play) Vulnerability. http:\/\/bandwidthco.com\/sf_whitepapers\/windows\/The\\%20Microsoft\\%20UPnP\\%20(Universal\\%20Plug\\%20and\\%20Play)\\%20Vulnerability.pdf 2002."},{"volume-title":"On Measuring the Client-Side DNS Infrastructure. In ACM Internet Measurement Conference","year":"2013","author":"Schomp K.","key":"e_1_2_1_19_1"},{"key":"e_1_2_1_20_1","unstructured":"SpamHaus. The Policy Block List. https:\/\/www.spamhaus.org\/pbl\/.  SpamHaus. The Policy Block List. https:\/\/www.spamhaus.org\/pbl\/."},{"key":"e_1_2_1_21_1","unstructured":"C. Systems. Cisco Event Response: Network Time Protocol Amplification Distributed Denial of Service Attacks. http:\/\/www.cisco.com\/web\/about\/security\/intelligence\/ERP-NTP-DDoS.html Feb. 2014.  C. Systems. Cisco Event Response: Network Time Protocol Amplification Distributed Denial of Service Attacks. http:\/\/www.cisco.com\/web\/about\/security\/intelligence\/ERP-NTP-DDoS.html Feb. 2014."},{"key":"e_1_2_1_22_1","unstructured":"P. Technologies. An Analysis of DrDos SNMP\/NTP\/CHARGEN Reflection Attacks: Part II of the DrDos White Paper Series. http:\/\/www.prolexic.com\/kcresources\/white-paper\/white-paper-snmp-ntp-chargen-reflection-attacks-drdos\/An_Analysis_of_DrDoS_SNMP-NTP-CHARGEN_Reflection_Attacks_White_Paper_A4_042913.pdf 2013.  P. Technologies. An Analysis of DrDos SNMP\/NTP\/CHARGEN Reflection Attacks: Part II of the DrDos White Paper Series. http:\/\/www.prolexic.com\/kcresources\/white-paper\/white-paper-snmp-ntp-chargen-reflection-attacks-drdos\/An_Analysis_of_DrDoS_SNMP-NTP-CHARGEN_Reflection_Attacks_White_Paper_A4_042913.pdf 2013."},{"key":"e_1_2_1_23_1","first-page":"1075","author":"Waitzman D.","year":"1988","journal-title":"Distance Vector Multicast Routing Protocol"},{"key":"e_1_2_1_24_1","unstructured":"Zmap. https:\/\/zmap.io\/.  Zmap. https:\/\/zmap.io\/."}],"container-title":["ACM SIGCOMM Computer Communication Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3041027.3041031","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3041027.3041031","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:03:31Z","timestamp":1750215811000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3041027.3041031"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,1,17]]},"references-count":24,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2017,1,17]]}},"alternative-id":["10.1145\/3041027.3041031"],"URL":"https:\/\/doi.org\/10.1145\/3041027.3041031","relation":{},"ISSN":["0146-4833"],"issn-type":[{"type":"print","value":"0146-4833"}],"subject":[],"published":{"date-parts":[[2017,1,17]]},"assertion":[{"value":"2017-01-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}