Visible to the public Biblio

Filters: Keyword is network scanner  [Clear All Filters]
2017-09-15
Krupp, Johannes, Backes, Michael, Rossow, Christian.  2016.  Identifying the Scan and Attack Infrastructures Behind Amplification DDoS Attacks. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1426–1437.

Amplification DDoS attacks have gained popularity and become a serious threat to Internet participants. However, little is known about where these attacks originate, and revealing the attack sources is a non-trivial problem due to the spoofed nature of the traffic. In this paper, we present novel techniques to uncover the infrastructures behind amplification DDoS attacks. We follow a two-step approach to tackle this challenge: First, we develop a methodology to impose a fingerprint on scanners that perform the reconnaissance for amplification attacks that allows us to link subsequent attacks back to the scanner. Our methodology attributes over 58% of attacks to a scanner with a confidence of over 99.9%. Second, we use Time-to-Live-based trilateration techniques to map scanners to the actual infrastructures launching the attacks. Using this technique, we identify 34 networks as being the source for amplification attacks at 98\textbackslash% certainty.