Demystifying DDoS as a Service

Zand, Ali; Modelo-Howard, Gaspar; Tongaonkar, Alok; Lee, Sung-Ju; Kruegel, Christopher; Vigna, Giovanni

doi:10.1109/mcom.2017.1600980

Cited by 12 publications

(6 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Existem alguns trabalhos que analisam serviços que efetuam ataques DDoS mediante pagamento (booters) [Santanna et al 2015, Zand et al 2017]. Estes trabalhos concentram-se nas características do tráfego gerado por esses booters, desconsiderando as vítimas.…”

Section: Trabalhos Relacionadosunclassified

Brasil vs Mundo: Uma Análise Comparativa de Ataques DDoS por Reﬂexão

Heinrich¹,

Obelheiro²

2019

Anais Do XIX Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2019)

View full text Add to dashboard Cite

Ataques distribuídos de negação de serviço por reﬂexão (distributed reﬂection denial of service, DRDoS) estão disseminados na Internet. Esses ataques oferecem diversas vantagens para os atacantes, sendo bastante eﬁcazes em provocar a indisponibilidade de hosts individuais ou mesmo sub-redes inteiras. Para detectar, mitigar e prevenir ataques DRDoS, é importante entender como eles funcionam, e quais são suas características de tráfego. Este artigo apresenta uma análise comparativa de ataques DRDoS contra vítimas no Brasil e no resto do mundo. São analisados 190 dias de tráfego coletado usando um honeypot, contando com mais de 204 k ataques DRDoS. Várias características de tráfego DRDoS são descritas e comparadas, incluindo uma análise aprofundada de ataques de carpet bombing. íE possível concluir que os ataques contra vítimas brasileiras são menos intensos e soﬁsticados que os ataques contra o restante do mundo, o que pode indicar que o cenário local pode piorar se os atacantes aperfeiçoarem suas táticas e ferramentas.

show abstract

Section: Trabalhos Relacionadosunclassified

Brasil vs Mundo: Uma Análise Comparativa de Ataques DDoS por Reﬂexão

Heinrich¹,

Obelheiro²

2019

Anais Do XIX Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2019)

View full text Add to dashboard Cite

show abstract

“…We start by taking a victim's perspective to study the potential damage that booter-based DDoS attacks can (a) directly cause to their target (thereby updating earlier findings on booter attack characteristics [8,24,47,57]) and (b) the collateral damage to Internet infrastructure caused by carrying attack traffic. We do so by purchasing services from popular booters to attack our dedicated…”

Section: Booter: a Victim's Perspectivementioning

confidence: 99%

“…An extensive body of research on booters is available. These studies cover multiple lines of research including analyses of (1) the booters' leaked databases [10,21,23], (2) booter attacks [8,24,47,57], (3) victims of booters [38], (4) honeypots of servers commonly used for performing booter attacks [25,52], (5) the usage of these honeypots for attribution purposes [31], (6) TLS certificates used by booters [32], (7) booter blacklists and their origins [12,44,46,59], (8) the usage of these blacklists to understand the booter market [45], (9) ethical and legal aspects related to booters [16,18], and (10) the impact of law enforcement operations on booters from a commercial perspective [7,13]. Our contribution.…”

mentioning

confidence: 99%

DDoS Hide & Seek

Kopp¹,

Wichtlhuber²,

Poese³

et al. 2019

Proceedings of the Internet Measurement Conference

View full text Add to dashboard Cite

Booter services continue to provide popular DDoS-as-a-service platforms and enable anyone irrespective of their technical ability, to execute DDoS attacks with devastating impact. Since booters are a serious threat to Internet operations and can cause significant financial and reputational damage, they also draw the attention of law enforcement agencies and related counter activities. In this paper, we investigate booter-based DDoS attacks in the wild and the impact of an FBI takedown targeting 15 booter websites in December 2018 from the perspective of a major IXP and two ISPs. We study and compare attack properties of multiple booter services by launching Gbps-level attacks against our own infrastructure. To understand spatial and temporal trends of the DDoS traffic originating from booters we scrutinize 5 months, worth of inter-domain traffic. We observe that the takedown only leads to a temporary reduction in attack traffic. Additionally, one booter was found to quickly continue operation by using a new domain for its website.

show abstract

“…A group of these zombies under the control of an attacker constitutes a botnet that enables the attacker to perform a distributed attack. Nowadays, even DDoS as a service (DaaS) is available [1]. The DaaS providers sell their services at a very low cost (from 1 USD), and directly via websites (called booters).…”

Section: Introductionmentioning

confidence: 99%

“…The DDoS attacks may be broadly categorised into 1) extensive and 2) intensive [1]. The extensive attacks are based on generating a massive volume of relatively simple traffic.…”

Section: Introductionmentioning

confidence: 99%

On Implementation of Efficient Inline DDoS Detector Based on AATAC Algorithm

Wiśniewski,

Sosnowski,

Burakowski

2022

International Journal of Electronics and Telecommunications

View full text Add to dashboard Cite

Demystifying DDoS as a Service

Cited by 12 publications

References 10 publications

Brasil vs Mundo: Uma Análise Comparativa de Ataques DDoS por Reﬂexão

Brasil vs Mundo: Uma Análise Comparativa de Ataques DDoS por Reﬂexão

DDoS Hide & Seek

On Implementation of Efficient Inline DDoS Detector Based on AATAC Algorithm

Contact Info

Product

Resources

About