On the Use of Low-Cost IoT Devices to Perpetrate Slow DoS Attacks

Internet of Things security is a crucial topic, due to the characteristics of these networks and the sensitivity of exchanged data. In this paper, we focus on the execution of cyber-attacks from low-cost IoT devices. Particularly, our aim is to evaluate if the ESP8266 module is able to successfully perpetrate a denial of service attack against a widely adopted web service daemon. Results show that the performance of the IoT component is similar to conventional attacking nodes, although memory overflow issues are experienced when targeting some specific configurations of the server. Hence, by measuring the behavior of the ESP8266 for different attack instances, we found that, by targeting a server configured to serve the maximum number of clients possible, a single-node attack is able to establish 66% of the server's resources without experiencing any client-side malfunctioning. Instead, a distributed attack involving malicious IoT nodes is perpetrated correctly.