Booters - an analysis of DDoS-as-a-Service attacks

José Jair Cardoso de Santanna; Roland M. van Rijswijk; R.J. Hofstede; Anna Sperotto; Mark Wierbosch; Lisandro Zambenedetti Granville; Aiko Pras

doi:10.1109/INM.2015.7140298

Booters - an analysis of DDoS-as-a-Service attacks

José Jair Cardoso de Santanna, Roland M. van Rijswijk, R.J. Hofstede, Anna Sperotto, Mark Wierbosch, Lisandro Zambenedetti Granville, Aiko Pras

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

111 Citations (Scopus)

1480 Downloads (Pure)

Abstract

In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.

Original language	Undefined
Title of host publication	Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015
Editors	Remi Badonnel, Jin Xiao, Shingo Ata, Filip De Turck, Voicy Groza, Carlos Raniery P. dos Santos
Place of Publication	978-3-901882-76-0
Publisher	IEEE Computer Society
Pages	243 -251
Number of pages	9
ISBN (Print)	978-3-901882-76-0
DOIs	https://doi.org/10.1109/INM.2015.7140298
Publication status	Published - 11 May 2015
Event	14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015: Integrated Management in the Age of Big Data - Shaw Centre, Ottawa, Canada Duration: 11 May 2015 → 15 May 2015 Conference number: 14 http://im2015.ieee-im.org/

Publication series

Name
Publisher	IEEE Computer Society

Conference

Conference	14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015
Abbreviated title	IM 2015
Country/Territory	Canada
City	Ottawa
Period	11/05/15 → 15/05/15
Internet address	http://im2015.ieee-im.org/

Keywords

DACS: Booters
METIS-312498
IR-96839
EWI-25727

Access to Document

10.1109/INM.2015.7140298

07140298

Cite this

Cardoso de Santanna, J. J., van Rijswijk, R. M., Hofstede, R. J., Sperotto, A., Wierbosch, M., Zambenedetti Granville, L., & Pras, A. (2015). Booters - an analysis of DDoS-as-a-Service attacks. In R. Badonnel, J. Xiao, S. Ata, F. De Turck, V. Groza, & C. R. P. dos Santos (Eds.), Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015 (pp. 243 -251). IEEE Computer Society. https://doi.org/10.1109/INM.2015.7140298

Cardoso de Santanna, José Jair ; van Rijswijk, Roland M. ; Hofstede, R.J. et al. / Booters - an analysis of DDoS-as-a-Service attacks. Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. editor / Remi Badonnel ; Jin Xiao ; Shingo Ata ; Filip De Turck ; Voicy Groza ; Carlos Raniery P. dos Santos. 978-3-901882-76-0 : IEEE Computer Society, 2015. pp. 243 -251

@inproceedings{665bf1e10f7e40fa867c4b8c81833ebf,

title = "Booters - an analysis of DDoS-as-a-Service attacks",

abstract = "In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.",

keywords = "DACS: Booters, METIS-312498, IR-96839, EWI-25727",

author = "{Cardoso de Santanna}, {Jos{\'e} Jair} and {van Rijswijk}, {Roland M.} and R.J. Hofstede and Anna Sperotto and Mark Wierbosch and {Zambenedetti Granville}, Lisandro and Aiko Pras",

note = "eemcs-eprint-25727 ; null ; Conference date: 11-05-2015 Through 15-05-2015",

year = "2015",

month = may,

day = "11",

doi = "10.1109/INM.2015.7140298",

language = "Undefined",

isbn = "978-3-901882-76-0",

publisher = "IEEE Computer Society",

pages = "243 --251",

editor = "Remi Badonnel and Jin Xiao and Shingo Ata and {De Turck}, Filip and Voicy Groza and {dos Santos}, {Carlos Raniery P.}",

booktitle = "Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015",

address = "United States",

url = "http://im2015.ieee-im.org/",

}

Cardoso de Santanna, JJ , van Rijswijk, RM, Hofstede, RJ, Sperotto, A, Wierbosch, M, Zambenedetti Granville, L & Pras, A 2015, Booters - an analysis of DDoS-as-a-Service attacks. in R Badonnel, J Xiao, S Ata, F De Turck, V Groza & CRP dos Santos (eds), Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. IEEE Computer Society, 978-3-901882-76-0, pp. 243 -251, 14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, Ottawa, Ontario, Canada, 11/05/15. https://doi.org/10.1109/INM.2015.7140298

Booters - an analysis of DDoS-as-a-Service attacks. / Cardoso de Santanna, José Jair ; van Rijswijk, Roland M.; Hofstede, R.J. et al.

Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. ed. / Remi Badonnel; Jin Xiao; Shingo Ata; Filip De Turck; Voicy Groza; Carlos Raniery P. dos Santos. 978-3-901882-76-0 : IEEE Computer Society, 2015. p. 243 -251.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Booters - an analysis of DDoS-as-a-Service attacks

AU - Cardoso de Santanna, José Jair

AU - van Rijswijk, Roland M.

AU - Hofstede, R.J.

AU - Sperotto, Anna

AU - Wierbosch, Mark

AU - Zambenedetti Granville, Lisandro

AU - Pras, Aiko

N1 - Conference code: 14

PY - 2015/5/11

Y1 - 2015/5/11

N2 - In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.

AB - In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.

KW - DACS: Booters

KW - METIS-312498

KW - IR-96839

KW - EWI-25727

U2 - 10.1109/INM.2015.7140298

DO - 10.1109/INM.2015.7140298

M3 - Conference contribution

SN - 978-3-901882-76-0

SP - 243

EP - 251

BT - Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015

A2 - Badonnel, Remi

A2 - Xiao, Jin

A2 - Ata, Shingo

A2 - De Turck, Filip

A2 - Groza, Voicy

A2 - dos Santos, Carlos Raniery P.

PB - IEEE Computer Society

CY - 978-3-901882-76-0

Y2 - 11 May 2015 through 15 May 2015

ER -

Cardoso de Santanna JJ , van Rijswijk RM, Hofstede RJ, Sperotto A, Wierbosch M, Zambenedetti Granville L et al. Booters - an analysis of DDoS-as-a-Service attacks. In Badonnel R, Xiao J, Ata S, De Turck F, Groza V, dos Santos CRP, editors, Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. 978-3-901882-76-0: IEEE Computer Society. 2015. p. 243 -251 doi: 10.1109/INM.2015.7140298