SPEChecker: Checking the feasibility of Slow-port-exhaustion attack on various hypervisors

Abstract

Nowadays, with the emergence of IoT technologies, the number of devices connected to the Internet is rapidly increasing. As a result, Network Address Translation (NAT) mechanism is widely used to let multiple devices within a private network make use of a fewer number of public IP addresses. In this research, we focus on Port Address Translation (PAT), an extension of the NAT mechanism that can translate both the IP address and the port number of a TCP/IP packet. An apparent downside of PAT is the fact that when all of the ports are used, no more new outbound connections could be made from the local addresses. In 2018, we introduced Slow-port-exhaustion DoS Attack on a virtual network, a novel type of DoS Attack that exploits some flaws of the TCP protocol and the limitation of the PAT mechanism. In this attack, a compromised internal virtual machine with a low amount of attack bandwidth can occupy the host machine’s ports for a long time and therefore makes other machines on the same virtual network could not connect to the external network. In this paper, we present SPEChecker, a testing tool that can be used to check the feasibility of the Slow-port-exhaustion attack on virtual networks. In the analysis, we also explore a case of a TCP Host that could support this attack. Our testing results also show the potential of SPEChecker in evaluating virtual network security.