Exploiting MQTT-SN for distributed reflection denial-of-service attacks

Authors Hannes Sochor
Flavio Ferrarotti
Rudolf Ramler
Editors Gabriele Kotsis
A Min Tjoa
Ismail Khali
Lukas Fischer
Bernhard A. Moser
Atif Mashkoor
Johannes Sametinger
Anna Fensel
Jorge Martínez Gil
Title Exploiting MQTT-SN for distributed reflection denial-of-service attacks
Booktitle DEXA 2020: Database and Expert Systems Applications
Type in proceedings
Publisher Springer
Series Communications in Computer and Information Science
Volume 1285
ISBN 978-3-030-59027-7
DOI 10.1007/978-3-030-59028-4_7
Month September
Year 2020
Pages 74-81
SCCH ID# 20060

Distributed Denial-of-Service attacks are a dramatically increasing threat to Internet-based services and connected devices. In the form of reflection attacks they are abusing other systems to perform the actual attack, often with an additional amplification factor. In this work we describe a reflection attack exploiting the industrial Message Queuing Telemetry Transport for Sensor Networks (MQTT-SN) protocol, which theoretically allows to achieve an unlimited amplification rate. This poses a significant risk not only for the organizations which are running a MQTT-SN broker but also for possible targets of such DRDoS attacks. Countermeasures are limited as the underlying weakness is rooted in the specification of MQTT-SN itself.