poster

How DRDoS attacks vary across the globe?

Authors:
Tiago Heinrich

Federal University of Paraná, Curitiba, Paraná, Brazil

Federal University of Paraná, Curitiba, Paraná, Brazil
View Profile

,
Carlos A. Maziero

Federal University of Paraná, Curitiba, Paraná, Brazil

Federal University of Paraná, Curitiba, Paraná, Brazil
View Profile

,
Newton C. Will

Federal University of Technology - Paraná, Dois Vizinhos, Paraná, Brazil

Federal University of Technology - Paraná, Dois Vizinhos, Paraná, Brazil
View Profile

,
Rafael R. Obelheiro

State University of Santa Catarina, Joinville, Santa Catarina, Brazil

State University of Santa Catarina, Joinville, Santa Catarina, Brazil
View Profile

IMC '22: Proceedings of the 22nd ACM Internet Measurement ConferenceOctober 2022Pages 760–761https://doi.org/10.1145/3517745.3563026

Published:25 October 2022Publication History

IMC '22: Proceedings of the 22nd ACM Internet Measurement Conference

Pages 760–761

ABSTRACT

In this study we characterize Distributed Reflection Denial of Service (DRDoS) attack traffic taking into consideration the geographical distribution of victims. This type of characterization is not widely explored in the literature and could help to better understand this type of attack. We aim to explore this gap in the literature using data collected by four honeypots over three and a half years. Our findings highlight attack similarities and differences across continents.

References

Tiago Heinrich, Rafael R Obelheiro, and Carlos A Maziero. 2021. New Kids on the DRDoS Block: Characterizing Multiprotocol and Carpet Bombing Attacks. In Proceedings of the 22nd International Conference on Passive and Active Network Measurement. Springer, Cottbus, Germany, 269--283. Google ScholarDigital Library
Daniel Kopp, Christoph Dietzel, and Oliver Hohlfeld. 2021. DDoS Never Dies? An IXP Perspective on DDoS Amplification Attacks. In Proceedings of the 22nd International Conference on Passive and Active Network Measurement. Springer, Cottbus, Germany, 284--301. Google ScholarDigital Library
Daniel R Thomas, Richard Clayton, and Alastair R Beresford. 2017. 1000 days of UDP amplification DDoS attacks. In Proceedings of the APWG Symposium on Electronic Crime Research. IEEE, Scottsdale, AZ, USA, 79--84. Google ScholarCross Ref

Index Terms

How DRDoS attacks vary across the globe?
1. Networks
  1. Network performance evaluation
    1. Network measurement
2. Security and privacy
  1. Network security
    1. Denial-of-service attacks

Recommendations

Detecting and Measuring In-The-Wild DRDoS Attacks at IXPs
Detection of Intrusions and Malware, and Vulnerability Assessment
Abstract
Distributed reflective denial of service (DRDoS) attacks are a popular choice among adversaries. In fact, one of the largest DDoS attacks ever recorded, reaching a peak of 1.3 Tbps against GitHub, was a memcached-based DRDoS attack. More recently, ...
Read More
New Kids on the DRDoS Block: Characterizing Multiprotocol and Carpet Bombing Attacks
Passive and Active Measurement
Abstract
Distributed reflection denial of service (DRDoS) attacks are widespread on the Internet. DRDoS attacks exploit mostly UDP-based protocols to achieve traffic amplification and provide an extra layer of indirection between attackers and their ...
Read More
SF-DRDoS

We propose a novel reflective amplification DDoS attack called store-and-flood DRDoS.SF-DRDoS gains a high amplification factor by storing prepared data on reflectors.We implement prototypes on two Kademlia networks, Kad and BT-DHT.Real-world ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
IMC '22: Proceedings of the 22nd ACM Internet Measurement Conference
October 2022
796 pages
ISBN:9781450392594
DOI:10.1145/3517745
General Chairs:
Chadi Barakat
Inria, Université Côte d'Azur
,
Cristel Pelsser
University of Strasbourg
,
Program Chairs:
Theophilus A. Benson
Brown University
,
David Choffnes
Northeastern University
Copyright © 2022 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 25 October 2022
Check for updates
Author Tags
drdos attacks
traffic characterization
Qualifiers
- poster
Conference

Acceptance Rates
Overall Acceptance Rate277of1,083submissions,26%
Upcoming Conference
IMC '24

Sponsor:

sigcomm

sigcomm

ACM Internet Measurement Conference

November 4 - 6, 2024

Madrid , AA , Spain
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 77
  Total Downloads
- Downloads (Last 12 months)31
- Downloads (Last 6 weeks)6
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

How DRDoS attacks vary across the globe?

IMC '22: Proceedings of the 22nd ACM Internet Measurement Conference

ABSTRACT

References

Cited By

Index Terms

Recommendations

Detecting and Measuring In-The-Wild DRDoS Attacks at IXPs

New Kids on the DRDoS Block: Characterizing Multiprotocol and Carpet Bombing Attacks

SF-DRDoS