Need to know more about QUIC flood DDoS attack ?

This guide is for you.

A QUIC flood DDoS attack is when an attacker attempts to deny service by overwhelming a targeted server with data sent over QUIC. 

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to troubleshoot different DDOS related queries.

In this context, we shall look into more information about QUIC DDOS Attack.

More information about QUIC protocol?

The QUIC protocol is a new way to send data over the Internet that is faster, more efficient, and more secure than earlier protocols. QUIC is a transport protocol, which means it affects the way data travels over the Internet. 

Like almost any Internet protocol, QUIC can be used maliciously to carry out DDoS attacks.

Basically, the QUIC protocol is a transport layer protocol that can theoretically replace both TCP (a transport protocol) and TLS (an encryption protocol).

How does the QUIC protocol work?

The QUIC protocol aims to be both faster and more secure than traditional Internet connections. For increased speed it uses the UDP transport protocol, which is faster than TCP but less reliable. 

It sends several streams of data at once to make up for any data that gets lost along the way, a technique known as multiplexing.

For better security, everything sent over QUIC is automatically encrypted. Ordinarily, data has to be sent over HTTPS to be encrypted. But QUIC builds TLS encryption into the normal communication process.

More information about QUIC DDOS Attack ?

A QUIC flood DDoS attack is when an attacker attempts to deny service by overwhelming a targeted server with data sent over QUIC.

The victimized server has to process all the QUIC data it receives, slowing service to legitimate users. In some cases, it can crash the server altogether.

DDoS attacks over QUIC are hard to block because:

i. It uses UDP, which provides very little information to the packet recipient that they can use to block the packets.

ii. QUIC encrypts packet data so that the recipient of the data cannot easily tell if it is legitimate or not.

QUIC protocol is particularly vulnerable to reflection-based DDoS attacks.

[Need help to prevent DDoS attack? We'd be happy to assist.]

What is a QUIC reflection attack?

In a reflection DDoS attack, the attacker spoofs the victim’s IP address and requests information from several servers. When the servers respond, all the information goes to the victim instead of the attacker.

With the QUIC protocol, it is possible to carry out reflection attacks using the initial “hello” message that starts a QUIC connection.

QUIC combines the UDP transport protocol with TLS encryption, the server includes its TLS certificate in its first reply to the client. This means that the server’s first message is much larger than the client’s first message.

By spoofing the victim’s IP address and sending a “hello” message to a server, the attacker tricks the server into sending large amounts of unwanted data to the victim.

How to Mitigate QUIC DDOS Attack ?

i. Set a minimum size for the initial client hello message so that it costs the attacker considerable bandwidth to send a large amount of fake client hello messages. However, the server hello is still larger than the client hello, so an attack of this nature remains a possibility.

ii. To mitigate a DDoS attack is to implement rate-limiting.

iii. On the other hand, the use of a Web Application Firewall and anycast network diffusion will help.

[Finding it difficult to mitigate DDOS Attack? We can help you!]