BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:1000 days of UDP amplification DDoS attacks - Daniel Thomas (Unive
 rsity of Cambridge)
DTSTART:20170421T150000Z
DTEND:20170421T153000Z
UID:TALK72284@talks.cam.ac.uk
CONTACT:Markus Kuhn
DESCRIPTION:Distributed Denial of Service (DDoS) attacks employing reflect
 ed UDP\namplification are regularly used to disrupt networks and systems. 
 The\namplification allows one rented server to generate significant volume
 s\nof data\, while the reflection hides the identity of the attacker.\nCon
 sequently this is an attractive\, low risk\, strategy for criminals\nbent 
 on vandalism and extortion. To measure the uptake of this strategy\nwe ana
 lyse the results of running a network of honeypot UDP reflectors\n(median 
 size 65 nodes) from July 2014 onwards. We explore the life cycle\nof attac
 ks that use our reflectors\, from the scanning phase used to\ndetect our h
 oneypot machines\, through to their use in attacks. We see a\nmedian of 14
 50 malicious scanners per day across all UDP protocols\, and\nhave recorde
 d details of 5.18 million subsequent attacks involving in\nexcess of 3.31 
 trillion packets. Using a capture-recapture statistical\ntechnique\, we es
 timate that our reflectors can see between 85.1% and\n96.6% of UDP reflect
 ion attacks over our measurement period.\n\n[This is a practice talk for e
 crime 2017 presenting a paper which is joint work with Richard Clayton and
  Alastair R. Beresford.]
LOCATION:Computer Laboratory\, William Gates Building\, Room FW11
END:VEVENT
END:VCALENDAR