Booters &amp;#x2014; An analysis of DDoS-as-a-service attacks

Santanna, José Jair Cardoso de; Rijswijk-Deij, Roland van; Hofstede, Rick; Sperotto, Anna; Wierbosch, Mark; Granville, Lisandro Zambenedetti; Pras, Aiko

doi:10.1109/inm.2015.7140298

Cited by 131 publications

(120 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Four publicly available datasets were used from which we created a unique dataset of 4986 network traffic records [15], [16], [17]. Each of the used sets of records contained certain classes of traffic:…”

Section: A Data Collection and Normalizationmentioning

confidence: 99%

Model for detection and classification of DDoS traffic based on artificial neural network

Peraković

Periša

Cvitić

et al. 2017

Telfor

View full text Add to dashboard Cite

Section: A Data Collection and Normalizationmentioning

confidence: 99%

Model for detection and classification of DDoS traffic based on artificial neural network

Peraković

Periša

Cvitić

et al. 2017

Telfor

View full text Add to dashboard Cite

“…Such websites, which are called "Booters" or Stressers", are able to generate attacks with strengths of many Gbps. A simple Google search shows that hundreds of such Booters are currently active; the costs to perform a series of attacks is typically a few dollars [1] [2]. In general Booters do not attack their targets directly, but use one or two levels of intermediate systems to strengthen and anonymise the attacks.…”

Section: Current Ddos Attacksmentioning

confidence: 99%

“…To understand how Booters operate, we will discuss a series of attacks which we performed on our own infrastructure [2]. Nine Booters were used; two of which generated so-called CharGen attacks whereas the other seven performed DNS amplification attacks.…”

Section: Analysis Of Current Ddos Attacksmentioning

confidence: 99%

DDoS 3.0 - How Terrorists Bring Down the Internet

Pras

Santanna

Steinberger

et al. 2016

Measurement, Modelling and Evaluation of Dependable Computer and Communication Systems

Self Cite

View full text Add to dashboard Cite

Abstract. Dependable operation of the Internet is of crucial importance for our society. In recent years Distributed Denial of Service (DDoS) attacks have quickly become a major problem for the Internet. Most of these attacks are initiated by kids that target schools, ISPs, banks and web-shops; the Dutch NREN (SURFNet), for example, sees around 10 of such attacks per day. Performing attacks is extremely simple, since many websites offer "DDoS as a Service"; in fact it is easier to order a DDoS attack than to book a hotel! The websites that offer such DDoS attacks are called "Booters" or Stressers", and are able to perform attacks with a strength of many Gbps. Although current attempts to mitigate attacks seem promising, analysis of recent attacks learns that it is quite easy to build next generation attack tools that are able to generate DDoS attacks with a strength thousand to one million times higher than the ones we see today. If such tools are used by nation-states or, more likely, terrorists, it should be possible to completely stop the Internet. This paper argues that we should prepare for such novel attacks. Current DDoS attacksCurrent DDoS attacks are often performed by youngsters via websites that offer "DDoS as a Service". Such websites, which are called "Booters" or Stressers", are able to generate attacks with strengths of many Gbps. A simple Google search shows that hundreds of such Booters are currently active; the costs to perform a series of attacks is typically a few dollars [1][2]. In general Booters do not attack their targets directly, but use one or two levels of intermediate systems to strengthen and anonymise the attacks. The first level is formed by botnets that start the attack once they receive specific commands from the Booter. The second level is used to amplify the attack and can, for example, involve a set of DNS or NTP servers that react upon the reception of relatively small requests by sending large response packets. The ratio between response and request message size is the amplification factor; in practice we find factors between ten and hundred. Particularly popular for amplification attacks are socalled open DNS resolvers, which are basically misconfigured DNS servers that answer DNS queries irrespective of their origin. To target a specific victim, the

show abstract

“…First, it is known that some booters owners use copies of source codes easily found on the Internet to create their booter [80]. Another explanation is that there are multiple booters that have the same owner, and also same database structure [81]. In section 3.5, we compare the records from booter databases to reveal whether they are copies of each other (i.e., exact same record).…”

Section: Methodology and Our Database Schemamentioning

confidence: 99%

“…One of the main arguments for this, presented in the next chapter, is that the attack infrastructure used by booters mostly consists of compromised/misused machines (e.g., botnets and amplifier services). Others have attested to this argument by hiring attacks from booters and testing them against controlled environments [39,17,81];…”

Section: Ranking Bootersmentioning

confidence: 99%

DDoS-as-a-Service

Santanna¹,

Jair²

View full text Add to dashboard Cite

Booters — An analysis of DDoS-as-a-service attacks

Cited by 131 publications

References 13 publications

Model for detection and classification of DDoS traffic based on artificial neural network

Model for detection and classification of DDoS traffic based on artificial neural network

DDoS 3.0 - How Terrorists Bring Down the Internet

DDoS-as-a-Service

Contact Info

Product

Resources

About