Mark Allman / ICSI @mallman_icsi

Matthew Sargent, John Kristoff, Vern Paxson, Mark Allman. On the Potential Abuse of IGMP. ACM Computer Communication Review, 47(1), January 2017.
PDF | Review


In this paper we investigate the vulnerability of the Internet Group Management Protocol (IGMP) to be leveraged for denial-of-service (DoS) attacks. IGMP is a connectionless protocol and therefore susceptible to attackers spoofing a third-party victim's source address in an effort to coax responders to send their replies to the victim. We find 305K IGMP responders that will indeed answer queries from arbitrary Internet hosts. Further, the responses are often larger than the requests, hence amplifying the attacker's own expenditure of bandwidth. We conclude that attackers can coordinate IGMP responders to mount sizeable DoS attacks.


    author  = "    Matthew Sargent and John Kristoff and Vern Paxson and Mark Allman",
    title   = "{On the Potential Abuse of IGMP}",
    journal = "ACM Computer Communication Review",
    year    = 2017,
    volume  = 47,
    number  = 1,
    month   = jan,
"We are what we repeatedly do. Excellence, then, is not an act, but a habit." --Aristotle