{"id":"https://openalex.org/W4405936378","doi":"https://doi.org/10.23919/cnsm62983.2024.10814438","title":"Glossy Mirrors: On the Role of Open Resolvers in Reflection and Amplification DDoS Attacks","display_name":"Glossy Mirrors: On the Role of Open Resolvers in Reflection and Amplification DDoS Attacks","publication_year":2024,"publication_date":"2024-10-28","ids":{"openalex":"https://openalex.org/W4405936378","doi":"https://doi.org/10.23919/cnsm62983.2024.10814438"},"language":"en","primary_location":{"id":"doi:10.23919/cnsm62983.2024.10814438","is_oa":false,"landing_page_url":"https://doi.org/10.23919/cnsm62983.2024.10814438","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 20th International Conference on Network and Service Management (CNSM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://opendl.ifip-tc6.org/db/conf/cnsm/cnsm2024/1571047002.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054408544","display_name":"Ramin Yazdani","orcid":"https://orcid.org/0000-0002-3893-7988"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Ramin Yazdani","raw_affiliation_strings":["University of Twente"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Twente","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055311439","display_name":"Max Resing","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Max Resing","raw_affiliation_strings":["NETSCOUT"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NETSCOUT","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025537461","display_name":"Anna Sperotto","orcid":"https://orcid.org/0000-0002-9481-5846"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Anna Sperotto","raw_affiliation_strings":["University of Twente"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Twente","institution_ids":["https://openalex.org/I94624287"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.3122,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.63282927,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9926000237464905,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9864000082015991,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/reflection","display_name":"Reflection (computer programming)","score":0.6919984221458435},{"id":"https://openalex.org/keywords/resolver","display_name":"Resolver","score":0.6074228286743164},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.5457732677459717},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5242434144020081},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3667427897453308},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.19287094473838806},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.12437751889228821},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.07377782464027405}],"concepts":[{"id":"https://openalex.org/C65682993","wikidata":"https://www.wikidata.org/wiki/Q1056451","display_name":"Reflection (computer programming)","level":2,"score":0.6919984221458435},{"id":"https://openalex.org/C80156102","wikidata":"https://www.wikidata.org/wiki/Q788036","display_name":"Resolver","level":3,"score":0.6074228286743164},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.5457732677459717},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5242434144020081},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3667427897453308},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.19287094473838806},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.12437751889228821},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.07377782464027405},{"id":"https://openalex.org/C165005293","wikidata":"https://www.wikidata.org/wiki/Q1074500","display_name":"Chip","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.23919/cnsm62983.2024.10814438","is_oa":false,"landing_page_url":"https://doi.org/10.23919/cnsm62983.2024.10814438","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 20th International Conference on Network and Service Management (CNSM)","raw_type":"proceedings-article"},{"id":"pmh:oai:ris.utwente.nl:openaire/c75d3e12-6304-4553-af94-6655522c211d","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/c75d3e12-6304-4553-af94-6655522c211d","pdf_url":"https://opendl.ifip-tc6.org/db/conf/cnsm/cnsm2024/1571047002.pdf","source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Yazdani, R, Resing, M & Sperotto, A 2024, Glossy Mirrors: On the Role of Open Resolvers in Reflection and Amplification DDoS Attacks. in P Varga, P \u010celeda, T Wauters, M Tortonesi, J Fran\u00e7ois & J Gal\u00e1n Jim\u00e9nez (eds), 2024 20th International Conference on Network and Service Management (CNSM). International Federation for Information Processing (IFIP). < https://opendl.ifip-tc6.org/db/conf/cnsm/cnsm2024/1571047002.pdf >","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"pmh:oai:ris.utwente.nl:openaire/c75d3e12-6304-4553-af94-6655522c211d","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/c75d3e12-6304-4553-af94-6655522c211d","pdf_url":"https://opendl.ifip-tc6.org/db/conf/cnsm/cnsm2024/1571047002.pdf","source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Yazdani, R, Resing, M & Sperotto, A 2024, Glossy Mirrors: On the Role of Open Resolvers in Reflection and Amplification DDoS Attacks. in P Varga, P \u010celeda, T Wauters, M Tortonesi, J Fran\u00e7ois & J Gal\u00e1n Jim\u00e9nez (eds), 2024 20th International Conference on Network and Service Management (CNSM). International Federation for Information Processing (IFIP). < https://opendl.ifip-tc6.org/db/conf/cnsm/cnsm2024/1571047002.pdf >","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4405936378.pdf","grobid_xml":"https://content.openalex.org/works/W4405936378.grobid-xml"},"referenced_works_count":29,"referenced_works":["https://openalex.org/W1796296964","https://openalex.org/W1867219652","https://openalex.org/W1989454965","https://openalex.org/W2028060714","https://openalex.org/W2070831748","https://openalex.org/W2111542531","https://openalex.org/W2116696275","https://openalex.org/W2144489971","https://openalex.org/W2164686665","https://openalex.org/W2402560368","https://openalex.org/W2507466050","https://openalex.org/W2610896886","https://openalex.org/W2762279010","https://openalex.org/W2768883253","https://openalex.org/W2980898523","https://openalex.org/W3139597027","https://openalex.org/W3147628024","https://openalex.org/W3217339560","https://openalex.org/W4200385810","https://openalex.org/W4213012154","https://openalex.org/W4226004257","https://openalex.org/W4226314350","https://openalex.org/W4288072852","https://openalex.org/W4306406207","https://openalex.org/W4384918572","https://openalex.org/W4392964430","https://openalex.org/W6634965539","https://openalex.org/W6684262448","https://openalex.org/W6730586262"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2121484818","https://openalex.org/W1484565796","https://openalex.org/W4230824443","https://openalex.org/W3026018975","https://openalex.org/W2185673024","https://openalex.org/W4377970398","https://openalex.org/W2142794587"],"abstract_inverted_index":{"Open":[0],"DNS":[1,12,40,49,96],"resolvers":[2,13,36,91,121,161],"are":[3,89],"infamous":[4],"contributors":[5],"to":[6,162],"DDoS":[7,43,57,62,68,183],"attacks.":[8],"Characteristics":[9],"of":[10,34,84,93,100,118,136,141,158,165,181],"open":[11,35,90,120,160],"have":[14],"been":[15],"studied":[16],"in":[17,20,28,42,51,87,139,150,188],"different":[18],"aspects":[19],"the":[21,31,81,98,116,133,156,163,172,175,179,189],"past.":[22],"However,":[23],"there":[24,144],"is":[25,107,122,145],"a":[26,55,60,67,73],"gap":[27],"knowledge":[29],"on":[30],"actual":[32],"role":[33],"acting":[37],"involuntarily":[38],"as":[39],"reflectors":[41,50,85,101],"attacks.In":[44],"this":[45],"paper,":[46],"we":[47],"study":[48],"more":[52],"than":[53],"half":[54],"million":[56],"events":[58],"using":[59],"large-scale":[61],"telemetry":[63],"dataset":[64],"provided":[65],"by":[66,132],"protection":[69],"service":[70],"provider":[71],"with":[72,102],"global":[74],"footprint.":[75],"Our":[76],"findings":[77],"reveal":[78,114],"that":[79,115,178],"while":[80,138],"majority":[82],"(\u223c79%)":[83],"misused":[86,119,159],"attacks":[88,184],"capable":[92],"delivering":[94],"large":[95],"responses,":[97],"contribution":[99],"very":[103],"small":[104],"response":[105],"sizes":[106],"not":[108],"negligible":[109],"either.":[110],"Additionally,":[111],"our":[112],"analyses":[113],"distribution":[117],"biased":[123],"toward":[124],"certain":[125],"countries":[126],"and":[127,168],"network":[128,142],"operators,":[129],"likely":[130],"impacted":[131],"IP":[134],"churn":[135],"reflectors,":[137],"terms":[140],"types,":[143],"no":[146],"outstanding":[147],"bias":[148],"visible":[149],"an":[151],"aggregated":[152],"view.":[153],"Finally,":[154],"comparing":[155],"pool":[157,164],"all":[166],"exposed":[167],"potentially":[169],"abusable":[170],"resolvers,":[171],"latter":[173],"dwarfs":[174],"former,":[176],"suggesting":[177],"firepower":[180],"DNS-based":[182],"could":[185],"substantially":[186],"increase":[187],"future.":[190]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}