Skip to main content

Amplification Attacks Using the Constrained Application Protocol (CoAP)

Document Type Expired Internet-Draft (t2trg RG)
Expired & archived
Authors John Preuß Mattsson , Göran Selander , Christian Amsüss
Last updated 2023-10-14 (Latest revision 2023-04-12)
Replaces draft-mattsson-t2trg-amplification-attacks
RFC stream Internet Research Task Force (IRTF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream IRTF state (None)
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Protecting Internet of Things (IoT) devices against attacks is not enough. IoT deployments need to make sure that they are not used for Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are typically done with compromised devices or with amplification attacks using a spoofed source address. This document gives examples of different theoretical amplification attacks using the Constrained Application Protocol (CoAP). The goal with this document is to raise awareness and to motivate generic and protocol-specific recommendations on the usage of CoAP. Some of the discussed attacks can be mitigated by not using NoSec or by using the Echo option.


John Preuß Mattsson
Göran Selander
Christian Amsüss

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)