ABSTRACT
In this study we characterize Distributed Reflection Denial of Service (DRDoS) attack traffic taking into consideration the geographical distribution of victims. This type of characterization is not widely explored in the literature and could help to better understand this type of attack. We aim to explore this gap in the literature using data collected by four honeypots over three and a half years. Our findings highlight attack similarities and differences across continents.
- Tiago Heinrich, Rafael R Obelheiro, and Carlos A Maziero. 2021. New Kids on the DRDoS Block: Characterizing Multiprotocol and Carpet Bombing Attacks. In Proceedings of the 22nd International Conference on Passive and Active Network Measurement. Springer, Cottbus, Germany, 269--283. Google ScholarDigital Library
- Daniel Kopp, Christoph Dietzel, and Oliver Hohlfeld. 2021. DDoS Never Dies? An IXP Perspective on DDoS Amplification Attacks. In Proceedings of the 22nd International Conference on Passive and Active Network Measurement. Springer, Cottbus, Germany, 284--301. Google ScholarDigital Library
- Daniel R Thomas, Richard Clayton, and Alastair R Beresford. 2017. 1000 days of UDP amplification DDoS attacks. In Proceedings of the APWG Symposium on Electronic Crime Research. IEEE, Scottsdale, AZ, USA, 79--84. Google ScholarCross Ref
Index Terms
- How DRDoS attacks vary across the globe?
Recommendations
Detecting and Measuring In-The-Wild DRDoS Attacks at IXPs
Detection of Intrusions and Malware, and Vulnerability AssessmentAbstractDistributed reflective denial of service (DRDoS) attacks are a popular choice among adversaries. In fact, one of the largest DDoS attacks ever recorded, reaching a peak of 1.3 Tbps against GitHub, was a memcached-based DRDoS attack. More recently, ...
New Kids on the DRDoS Block: Characterizing Multiprotocol and Carpet Bombing Attacks
Passive and Active MeasurementAbstractDistributed reflection denial of service (DRDoS) attacks are widespread on the Internet. DRDoS attacks exploit mostly UDP-based protocols to achieve traffic amplification and provide an extra layer of indirection between attackers and their ...
Comments