A First Joint Look at DoS Attacks and BGP Blackholing in the Wild

Mattijs  Jonker; Aiko  Pras; Alberto Dainotti; Anna  Sperotto

doi:10.1145/3278532.3278571

A First Joint Look at DoS Attacks and BGP Blackholing in the Wild

Mattijs Jonker
, Aiko Pras
, Alberto Dainotti
, Anna Sperotto

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

24 Citations (Scopus)

345 Downloads (Pure)

Abstract

BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to achieve DoS mitigation. Although empirical evidence of blackholing activities are documented in literature, a clear understanding of how blackholing is used in practice when attacks occur is still missing.

This paper presents a first joint look at DoS attacks and BGP blackholing in the wild. We do this on the basis of two complementary data sets of DoS attacks, inferred from a large network telescope and DoS honeypots, and on a data set of blackholing events. All data sets span a period of three years, thus providing a longitudinal overview of operational deployment of blackholing during DoS attacks.

Original language	English
Title of host publication	Proceedings of the ACM Internet Measurement Conference 2018
Pages	457-463
Number of pages	7
DOIs	https://doi.org/10.1145/3278532.3278571
Publication status	Published - 31 Oct 2018
Event	18th ACM Internet Measurement Conference 2018 - Northeastern University, Boston, United States Duration: 31 Oct 2018 → 2 Nov 2018 Conference number: 18 https://conferences.sigcomm.org/imc/2018/

Conference

Conference	18th ACM Internet Measurement Conference 2018
Abbreviated title	ACM IMC 2018
Country/Territory	United States
City	Boston
Period	31/10/18 → 2/11/18
Internet address	https://conferences.sigcomm.org/imc/2018/

Keywords

2019 OA procedure

Access to Document

10.1145/3278532.3278571

Jonker2018BlackholingFinal published version, 2.55 MBLicence: Taverne

https://dl.acm.org/citation.cfm?id=3278571

Cite this

@inproceedings{bccb5465056543a0baefe9e69e6bddb5,

title = "A First Joint Look at DoS Attacks and BGP Blackholing in the Wild",

abstract = "BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to achieve DoS mitigation. Although empirical evidence of blackholing activities are documented in literature, a clear understanding of how blackholing is used in practice when attacks occur is still missing. This paper presents a first joint look at DoS attacks and BGP blackholing in the wild. We do this on the basis of two complementary data sets of DoS attacks, inferred from a large network telescope and DoS honeypots, and on a data set of blackholing events. All data sets span a period of three years, thus providing a longitudinal overview of operational deployment of blackholing during DoS attacks.",

keywords = "2019 OA procedure",

author = "Mattijs Jonker and Aiko Pras and Alberto Dainotti and Anna Sperotto",

year = "2018",

month = oct,

day = "31",

doi = "10.1145/3278532.3278571",

language = "English",

pages = "457--463",

booktitle = "Proceedings of the ACM Internet Measurement Conference 2018",

note = "18th ACM Internet Measurement Conference 2018, ACM IMC 2018 ; Conference date: 31-10-2018 Through 02-11-2018",

url = "https://conferences.sigcomm.org/imc/2018/",

}

TY - GEN

T1 - A First Joint Look at DoS Attacks and BGP Blackholing in the Wild

AU - Jonker, Mattijs

AU - Pras, Aiko

AU - Dainotti, Alberto

AU - Sperotto, Anna

N1 - Conference code: 18

PY - 2018/10/31

Y1 - 2018/10/31

N2 - BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to achieve DoS mitigation. Although empirical evidence of blackholing activities are documented in literature, a clear understanding of how blackholing is used in practice when attacks occur is still missing. This paper presents a first joint look at DoS attacks and BGP blackholing in the wild. We do this on the basis of two complementary data sets of DoS attacks, inferred from a large network telescope and DoS honeypots, and on a data set of blackholing events. All data sets span a period of three years, thus providing a longitudinal overview of operational deployment of blackholing during DoS attacks.

AB - BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to achieve DoS mitigation. Although empirical evidence of blackholing activities are documented in literature, a clear understanding of how blackholing is used in practice when attacks occur is still missing. This paper presents a first joint look at DoS attacks and BGP blackholing in the wild. We do this on the basis of two complementary data sets of DoS attacks, inferred from a large network telescope and DoS honeypots, and on a data set of blackholing events. All data sets span a period of three years, thus providing a longitudinal overview of operational deployment of blackholing during DoS attacks.

KW - 2019 OA procedure

U2 - 10.1145/3278532.3278571

DO - 10.1145/3278532.3278571

M3 - Conference contribution

SP - 457

EP - 463

BT - Proceedings of the ACM Internet Measurement Conference 2018

T2 - 18th ACM Internet Measurement Conference 2018

Y2 - 31 October 2018 through 2 November 2018

ER -

A First Joint Look at DoS Attacks and BGP Blackholing in the Wild

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this