- Title
- Characterization and analysis of NTP amplification based DDoS attacks
- Creator
- Rudman, Lauren, Irwin, Barry V W
- Date
- 2015
- Type
- text
- Type
- article
- Identifier
- http://hdl.handle.net/10962/429285
- Identifier
- vital:72573
- Identifier
- 10.1109/ISSA.2015.7335069
- Description
- Network Time Protocol based DDoS attacks saw a lot of popularity throughout 2014. This paper shows the characterization and analysis of two large datasets containing packets from NTP based DDoS attacks captured in South Africa. Using a series of Python based tools, the dataset is analysed according to specific parts of the packet headers. These include the source IP address and Time-to-live (TTL) values. The analysis found the top source addresses and looked at the TTL values observed for each address. These TTL values can be used to calculate the probable operating system or DDoS attack tool used by an attacker. We found that each TTL value seen for an address can indicate the number of hosts attacking the address or indicate minor routing changes. The Time-to-Live values, as a whole, are then analysed to find the total number used throughout each attack. The most frequent TTL values are then found and show that the migratory of them indicate the attackers are using an initial TTL of 255. This value can indicate the use of a certain DDoS tool that creates packets with that exact initial TTL. The TTL values are then put into groups that can show the number of IP addresses a group of hosts are targeting.
- Format
- 5 pages, pdf
- Language
- English
- Relation
- Information Security for South Africa (ISSA), Rudman, L. and Irwin, B., 2015, August. Characterization and analysis of NTP amplification based DDoS attacks. In 2015 Information Security for South Africa (ISSA) (pp. 1-5). IEEE, Information Security for South Africa (ISSA) volume 2015 number 1 1 5 2015 Conference
- Rights
- Publisher
- Rights
- Use of this resource is governed by the terms and conditions of the IEEE Xplore Terms of Use Statement (https://ieeexplore.ieee.org/Xplorehelp/overview-of-ieee-xplore/terms-of-use)
- Hits: 95
- Visitors: 98
- Downloads: 8
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details | SOURCE1 | Characterization and analysis of NTP amplification based DDoS attacks.pdf | 655 KB | Adobe Acrobat PDF | View Details |