Lisp Mapping System as DoS Amplification Vector

Abstract

There is a growing interest in solutions relying on the identifier/locator separation paradigm. It introduces several benefits in terms of scalability and flexibility. It relies on two addressing spaces, namely the identifiers, for endpoint identification, and the locators, for packet forwarding. An additional control plane is necessary to map one space to the other. In this letter, we explore how control messages can be an amplification vector for DoS attacks. We evaluate the possible amplification factor based on a real deployment, showing that the amplification factor exists. We also build a GNS-3 testbed to demonstrate further and analyze the attack.