Analyzing DoS Attack Using Middlebox Amplification on CAPTCHA Server

Hyejin Lee; Woonghee Lee; Kyungrok Choi; Junbeom Hur

doi:10.1109/ICUFN65838.2025.11169783

Analyzing DoS Attack Using Middlebox Amplification on CAPTCHA Server

Hyejin Lee
, Woonghee Lee
, Kyungrok Choi
, Junbeom Hur

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Denial-of-Service (DoS) attacks remain a significant threat to the Internet infrastructure, particularly when attackers leverage reflection and amplification techniques to generate largescale traffic with minimal resources. CAPTCHA servers, which are widely deployed to prevent automated access to web services, can inadvertently act as amplification vectors due to their automated and often large responses. In this paper, we investigate and analyze the potential security threat of reflected amplification DoS attacks utilizing CAPTCHA servers as middleboxes. Specifically, we focus on the structural characteristics of CAPTCHA servers that can be exploited to generate amplified traffic. Our methodology involves crafting and sending both normal and manipulated HTTP requests to an open-source CAPTCHA server, and measuring the corresponding amplification factors. The experimental results show that manipulated requests can achieve amplification factors up to 47.7x, significantly higher than those of standard interactions, thereby confirming the feasibility of abuse. For future work, we plan to extend our analysis to commercial CAPTCHA services and explore real-world attack feasibility in network environments that allow IP spoofing, as well as alternative TCP-layer bypass techniques.

Original language	English
Title of host publication	ICUFN 2025 - 16th International Conference on Ubiquitous and Future Networks
Publisher	IEEE Computer Society
Pages	78-80
Number of pages	3
ISBN (Electronic)	9798331524876
DOIs	https://doi.org/10.1109/ICUFN65838.2025.11169783
Publication status	Published - 2025
Externally published	Yes
Event	16th International Conference on Ubiquitous and Future Networks, ICUFN 2025 - Hybrid, Lisbon, Portugal Duration: 2025 Jul 8 → 2025 Jul 11

Publication series

Name	International Conference on Ubiquitous and Future Networks, ICUFN
ISSN (Print)	2165-8528
ISSN (Electronic)	2165-8536

Conference

Conference	16th International Conference on Ubiquitous and Future Networks, ICUFN 2025
Country/Territory	Portugal
City	Hybrid, Lisbon
Period	25/7/8 → 25/7/11

Bibliographical note

Publisher Copyright:
© 2025 IEEE.

Keywords

CAPTCHA
DoS
Middlebox
Reflected Amplification attack

ASJC Scopus subject areas

Hardware and Architecture
Computer Science Applications
Computer Networks and Communications

Access to Document

10.1109/ICUFN65838.2025.11169783

Cite this

Analyzing DoS Attack Using Middlebox Amplification on CAPTCHA Server. / Lee, Hyejin; Lee, Woonghee; Choi, Kyungrok et al.
ICUFN 2025 - 16th International Conference on Ubiquitous and Future Networks. IEEE Computer Society, 2025. p. 78-80 (International Conference on Ubiquitous and Future Networks, ICUFN).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, H, Lee, W, Choi, K & Hur, J 2025, Analyzing DoS Attack Using Middlebox Amplification on CAPTCHA Server. in ICUFN 2025 - 16th International Conference on Ubiquitous and Future Networks. International Conference on Ubiquitous and Future Networks, ICUFN, IEEE Computer Society, pp. 78-80, 16th International Conference on Ubiquitous and Future Networks, ICUFN 2025, Hybrid, Lisbon, Portugal, 25/7/8. https://doi.org/10.1109/ICUFN65838.2025.11169783

@inproceedings{e4ff2edf80ee42c5a131d05adb3ef8fb,

title = "Analyzing DoS Attack Using Middlebox Amplification on CAPTCHA Server",

abstract = "Denial-of-Service (DoS) attacks remain a significant threat to the Internet infrastructure, particularly when attackers leverage reflection and amplification techniques to generate largescale traffic with minimal resources. CAPTCHA servers, which are widely deployed to prevent automated access to web services, can inadvertently act as amplification vectors due to their automated and often large responses. In this paper, we investigate and analyze the potential security threat of reflected amplification DoS attacks utilizing CAPTCHA servers as middleboxes. Specifically, we focus on the structural characteristics of CAPTCHA servers that can be exploited to generate amplified traffic. Our methodology involves crafting and sending both normal and manipulated HTTP requests to an open-source CAPTCHA server, and measuring the corresponding amplification factors. The experimental results show that manipulated requests can achieve amplification factors up to 47.7x, significantly higher than those of standard interactions, thereby confirming the feasibility of abuse. For future work, we plan to extend our analysis to commercial CAPTCHA services and explore real-world attack feasibility in network environments that allow IP spoofing, as well as alternative TCP-layer bypass techniques.",

keywords = "CAPTCHA, DoS, Middlebox, Reflected Amplification attack",

author = "Hyejin Lee and Woonghee Lee and Kyungrok Choi and Junbeom Hur",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 16th International Conference on Ubiquitous and Future Networks, ICUFN 2025 ; Conference date: 08-07-2025 Through 11-07-2025",

year = "2025",

doi = "10.1109/ICUFN65838.2025.11169783",

language = "English",

series = "International Conference on Ubiquitous and Future Networks, ICUFN",

publisher = "IEEE Computer Society",

pages = "78--80",

booktitle = "ICUFN 2025 - 16th International Conference on Ubiquitous and Future Networks",

}

TY - GEN

T1 - Analyzing DoS Attack Using Middlebox Amplification on CAPTCHA Server

AU - Lee, Hyejin

AU - Lee, Woonghee

AU - Choi, Kyungrok

AU - Hur, Junbeom

PY - 2025

Y1 - 2025

N2 - Denial-of-Service (DoS) attacks remain a significant threat to the Internet infrastructure, particularly when attackers leverage reflection and amplification techniques to generate largescale traffic with minimal resources. CAPTCHA servers, which are widely deployed to prevent automated access to web services, can inadvertently act as amplification vectors due to their automated and often large responses. In this paper, we investigate and analyze the potential security threat of reflected amplification DoS attacks utilizing CAPTCHA servers as middleboxes. Specifically, we focus on the structural characteristics of CAPTCHA servers that can be exploited to generate amplified traffic. Our methodology involves crafting and sending both normal and manipulated HTTP requests to an open-source CAPTCHA server, and measuring the corresponding amplification factors. The experimental results show that manipulated requests can achieve amplification factors up to 47.7x, significantly higher than those of standard interactions, thereby confirming the feasibility of abuse. For future work, we plan to extend our analysis to commercial CAPTCHA services and explore real-world attack feasibility in network environments that allow IP spoofing, as well as alternative TCP-layer bypass techniques.

AB - Denial-of-Service (DoS) attacks remain a significant threat to the Internet infrastructure, particularly when attackers leverage reflection and amplification techniques to generate largescale traffic with minimal resources. CAPTCHA servers, which are widely deployed to prevent automated access to web services, can inadvertently act as amplification vectors due to their automated and often large responses. In this paper, we investigate and analyze the potential security threat of reflected amplification DoS attacks utilizing CAPTCHA servers as middleboxes. Specifically, we focus on the structural characteristics of CAPTCHA servers that can be exploited to generate amplified traffic. Our methodology involves crafting and sending both normal and manipulated HTTP requests to an open-source CAPTCHA server, and measuring the corresponding amplification factors. The experimental results show that manipulated requests can achieve amplification factors up to 47.7x, significantly higher than those of standard interactions, thereby confirming the feasibility of abuse. For future work, we plan to extend our analysis to commercial CAPTCHA services and explore real-world attack feasibility in network environments that allow IP spoofing, as well as alternative TCP-layer bypass techniques.

KW - CAPTCHA

KW - DoS

KW - Middlebox

KW - Reflected Amplification attack

UR - https://www.scopus.com/pages/publications/105018737702

U2 - 10.1109/ICUFN65838.2025.11169783

DO - 10.1109/ICUFN65838.2025.11169783

M3 - Conference contribution

AN - SCOPUS:105018737702

T3 - International Conference on Ubiquitous and Future Networks, ICUFN

SP - 78

EP - 80

BT - ICUFN 2025 - 16th International Conference on Ubiquitous and Future Networks

PB - IEEE Computer Society

T2 - 16th International Conference on Ubiquitous and Future Networks, ICUFN 2025

Y2 - 8 July 2025 through 11 July 2025

ER -

Analyzing DoS Attack Using Middlebox Amplification on CAPTCHA Server

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this