|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
1000 days of UDP amplification DDoS attacks
If you have a question about this talk, please contact Markus Kuhn.
Distributed Denial of Service (DDoS) attacks employing reflected UDP amplification are regularly used to disrupt networks and systems. The amplification allows one rented server to generate significant volumes of data, while the reflection hides the identity of the attacker. Consequently this is an attractive, low risk, strategy for criminals bent on vandalism and extortion. To measure the uptake of this strategy we analyse the results of running a network of honeypot UDP reflectors (median size 65 nodes) from July 2014 onwards. We explore the life cycle of attacks that use our reflectors, from the scanning phase used to detect our honeypot machines, through to their use in attacks. We see a median of 1450 malicious scanners per day across all UDP protocols, and have recorded details of 5.18 million subsequent attacks involving in excess of 3.31 trillion packets. Using a capture-recapture statistical technique, we estimate that our reflectors can see between 85.1% and 96.6% of UDP reflection attacks over our measurement period.
[This is a practice talk for ecrime 2017 presenting a paper which is joint work with Richard Clayton and Alastair R. Beresford.]
This talk is part of the Computer Laboratory Security Group meeting presentations series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsCambridge Immunology Engineering Department Mechanics Colloquia Research Seminars Cambridge Startup Weekend
Other talksVibrational coherence spectroscopy applied to biomimetic molecular photoswitches Mexico (in 3D) Grid-Scale Electrical Energy Storage: A Social Cost-Benefit Analysis Ground States for Diffusion Dominated Free Energies with Logarithmic Interaction Production Processes Group Seminar - TBC tba