VLDoS: Variable Low-Rate DoS Attack Model for BBR Algorithm in TCP
摘要
This paper identifies two significant risks associated with the Bottleneck Bandwidth and Round-trip propagation time (BBR) algorithm used in network links. Firstly, we highlight a fairness issue within the BBR, where TCP flows with longer Round-Trip Times (RTTs) consume more bandwidth compared to those with shorter RTTs. Secondly, our analysis of the ACK incoming queue has uncovered a vulnerability during the ProbeBW state of the BBR state machine. By strategically filling the link, we can force the BBR state machine to remain in the Drain state continuously, preventing it from transitioning to the ProbeBW state. As a result, the transmission rate fails to update promptly, leading to a degradation in network service quality. Building on these findings, we propose a novel attack model, Variable Low-rate DoS (VLDoS) attack. This model manipulates the attack flow rate to precisely occupy the ACK incoming queue, maximizing disruption to the network. The experimental results show that the VLDoS attack method significantly impairs networks utilizing the BBR.