An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
A foray into Conficker's logic and rendezvous points
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Insights from the inside: a view of botnet management from infiltration
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
The nocebo effect on the web: an analysis of fake anti-virus distribution
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Measuring pay-per-install: the commoditization of malware distribution
SEC'11 Proceedings of the 20th USENIX conference on Security
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
| Hi-index | 0.00 |
Known for a long time, Distributed Denial-of-Service (DDoS) attacks are still prevalent today and cause harm on the Internet on a daily basis. The main mechanism behind this kind of attacks is the use of so called botnets, i.e., networks of compromised machines under the control of an attacker. There are several different botnet families that focus on DDoS attacks and are even used to sell such attacks as a service on Underground markets. In this paper, we present an empirical study of modern DDoS botnets and analyze one particular family of botnets in detail. We identified 35 Command and Control (C&C) servers related to DirtJumper (also called Ruskill), one of the popular DDoS botnets in operation at this point in time. We monitored these C&C servers for a period of several months, during which we observed almost two thousand different DDoS attacks carried out by the botmasters behind the botnets. Based on this empirical data, we performed an analysis of the characteristics of DDoS attacks. To complement this C&C-centric point of view, we briefly analyzed the information logged at two different victims of DirtJumper DDoS attacks to study how such attacks are perceived at an endhost. Our results provide insights into modern DDoS attacks and help us to understand how such attacks are carried out nowadays.