- Title
- Characterization and Analysis of NTP Amplifier Traffic
- Creator
- Rudman, Lauren, Irwin, Barry V W
- Date
- 2016
- Type
- text
- Type
- article
- Identifier
- http://hdl.handle.net/10962/429482
- Identifier
- vital:72616
- Identifier
- 10.23919/SAIEE.2016.8531542
- Description
- Network Time Protocol based DDoS attacks saw a lot of popularity throughout 2014. This paper shows the characterization and analysis of two large datasets containing packets from NTP based DDoS attacks captured in South Africa. Using a series of Python based tools, the dataset is analysed according to specific parts of the packet headers. These include the source IP address and Time-to-Live (TTL) values. The analysis found the top source addresses and looked at the TTL values observed for each address. These TTL values can be used to calculate the probable operating system or DDoS attack tool used by an attacker. We found that each TTL value seen for an address can indicate the number of hosts attacking the address or indicate minor routing changes. The Time-to-Live values are then analysed as a whole to find the total number used throughout each attack. The most frequent TTL values are then found and show that the majority of them indicate the attackers are using an initial TTL of 255. This value can indicate the use of a certain DDoS tool that creates packets with that exact initial TTL. The TTL values are then put into groups that can show the number of IP addresses a group of hosts are targeting. The paper discusses our work with two brief case studies correlating observed data to real-world attacks, and the observable impact thereof.
- Format
- 10 pages, pdf
- Language
- English
- Relation
- SAIEE Africa Research Journal, Rudman, L. and Irwin, B., 2016. Characterization and Analysis of NTP Amplifier Traffic. SAIEE Africa Research Journal, 107(2), pp.54-64, SAIEE Africa Research Journal volume 107 number 2 54 64 2016 1991-1696
- Rights
- Publisher
- Rights
- Use of this resource is governed by the terms and conditions of the IEEE Xplore Terms of Use Statement (https://ieeexplore.ieee.org/Xplorehelp/overview-of-ieee-xplore/terms-of-use)
- Hits: 80
- Visitors: 81
- Downloads: 5
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCE1 | Characterization and Analysis of NTP Amplifier Traffic.pdf | 645 KB | Adobe Acrobat PDF | View Details Download |