TY - GEN
T1 - Analyzing DoS Attack Using Middlebox Amplification on CAPTCHA Server
AU - Lee, Hyejin
AU - Lee, Woonghee
AU - Choi, Kyungrok
AU - Hur, Junbeom
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Denial-of-Service (DoS) attacks remain a significant threat to the Internet infrastructure, particularly when attackers leverage reflection and amplification techniques to generate largescale traffic with minimal resources. CAPTCHA servers, which are widely deployed to prevent automated access to web services, can inadvertently act as amplification vectors due to their automated and often large responses. In this paper, we investigate and analyze the potential security threat of reflected amplification DoS attacks utilizing CAPTCHA servers as middleboxes. Specifically, we focus on the structural characteristics of CAPTCHA servers that can be exploited to generate amplified traffic. Our methodology involves crafting and sending both normal and manipulated HTTP requests to an open-source CAPTCHA server, and measuring the corresponding amplification factors. The experimental results show that manipulated requests can achieve amplification factors up to 47.7x, significantly higher than those of standard interactions, thereby confirming the feasibility of abuse. For future work, we plan to extend our analysis to commercial CAPTCHA services and explore real-world attack feasibility in network environments that allow IP spoofing, as well as alternative TCP-layer bypass techniques.
AB - Denial-of-Service (DoS) attacks remain a significant threat to the Internet infrastructure, particularly when attackers leverage reflection and amplification techniques to generate largescale traffic with minimal resources. CAPTCHA servers, which are widely deployed to prevent automated access to web services, can inadvertently act as amplification vectors due to their automated and often large responses. In this paper, we investigate and analyze the potential security threat of reflected amplification DoS attacks utilizing CAPTCHA servers as middleboxes. Specifically, we focus on the structural characteristics of CAPTCHA servers that can be exploited to generate amplified traffic. Our methodology involves crafting and sending both normal and manipulated HTTP requests to an open-source CAPTCHA server, and measuring the corresponding amplification factors. The experimental results show that manipulated requests can achieve amplification factors up to 47.7x, significantly higher than those of standard interactions, thereby confirming the feasibility of abuse. For future work, we plan to extend our analysis to commercial CAPTCHA services and explore real-world attack feasibility in network environments that allow IP spoofing, as well as alternative TCP-layer bypass techniques.
KW - CAPTCHA
KW - DoS
KW - Middlebox
KW - Reflected Amplification attack
UR - https://www.scopus.com/pages/publications/105018737702
U2 - 10.1109/ICUFN65838.2025.11169783
DO - 10.1109/ICUFN65838.2025.11169783
M3 - Conference contribution
AN - SCOPUS:105018737702
T3 - International Conference on Ubiquitous and Future Networks, ICUFN
SP - 78
EP - 80
BT - ICUFN 2025 - 16th International Conference on Ubiquitous and Future Networks
PB - IEEE Computer Society
T2 - 16th International Conference on Ubiquitous and Future Networks, ICUFN 2025
Y2 - 8 July 2025 through 11 July 2025
ER -