Booters - an analysis of DDoS-as-a-Service attacks

José Jair Cardoso de Santanna, Roland M. van Rijswijk, R.J. Hofstede, Anna Sperotto, Mark Wierbosch, Lisandro Zambenedetti Granville, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    68 Citations (Scopus)
    634 Downloads (Pure)

    Abstract

    In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.
    Original languageUndefined
    Title of host publicationProceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015
    EditorsRemi Badonnel, Jin Xiao, Shingo Ata, Filip De Turck, Voicy Groza, Carlos Raniery P. dos Santos
    Place of Publication978-3-901882-76-0
    PublisherIEEE Computer Society
    Pages243 -251
    Number of pages9
    ISBN (Print)978-3-901882-76-0
    DOIs
    Publication statusPublished - 11 May 2015
    EventIFIP/IEEE International Symposium on Integrated Network Management 2015: Integrated Management in the Age of Big Data - Ottawa, Canada
    Duration: 11 May 201515 May 2015
    http://im2015.ieee-im.org/

    Publication series

    Name
    PublisherIEEE Computer Society

    Conference

    ConferenceIFIP/IEEE International Symposium on Integrated Network Management 2015
    Abbreviated titleIM 2015
    CountryCanada
    CityOttawa
    Period11/05/1515/05/15
    Internet address

    Keywords

    • DACS: Booters
    • METIS-312498
    • IR-96839
    • EWI-25727

    Cite this

    Cardoso de Santanna, J. J., van Rijswijk, R. M., Hofstede, R. J., Sperotto, A., Wierbosch, M., Zambenedetti Granville, L., & Pras, A. (2015). Booters - an analysis of DDoS-as-a-Service attacks. In R. Badonnel, J. Xiao, S. Ata, F. De Turck, V. Groza, & C. R. P. dos Santos (Eds.), Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015 (pp. 243 -251). 978-3-901882-76-0: IEEE Computer Society. https://doi.org/10.1109/INM.2015.7140298
    Cardoso de Santanna, José Jair ; van Rijswijk, Roland M. ; Hofstede, R.J. ; Sperotto, Anna ; Wierbosch, Mark ; Zambenedetti Granville, Lisandro ; Pras, Aiko. / Booters - an analysis of DDoS-as-a-Service attacks. Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. editor / Remi Badonnel ; Jin Xiao ; Shingo Ata ; Filip De Turck ; Voicy Groza ; Carlos Raniery P. dos Santos. 978-3-901882-76-0 : IEEE Computer Society, 2015. pp. 243 -251
    @inproceedings{665bf1e10f7e40fa867c4b8c81833ebf,
    title = "Booters - an analysis of DDoS-as-a-Service attacks",
    abstract = "In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.",
    keywords = "DACS: Booters, METIS-312498, IR-96839, EWI-25727",
    author = "{Cardoso de Santanna}, {Jos{\'e} Jair} and {van Rijswijk}, {Roland M.} and R.J. Hofstede and Anna Sperotto and Mark Wierbosch and {Zambenedetti Granville}, Lisandro and Aiko Pras",
    note = "eemcs-eprint-25727",
    year = "2015",
    month = "5",
    day = "11",
    doi = "10.1109/INM.2015.7140298",
    language = "Undefined",
    isbn = "978-3-901882-76-0",
    publisher = "IEEE Computer Society",
    pages = "243 --251",
    editor = "Remi Badonnel and Jin Xiao and Shingo Ata and {De Turck}, Filip and Voicy Groza and {dos Santos}, {Carlos Raniery P.}",
    booktitle = "Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015",
    address = "United States",

    }

    Cardoso de Santanna, JJ, van Rijswijk, RM, Hofstede, RJ, Sperotto, A, Wierbosch, M, Zambenedetti Granville, L & Pras, A 2015, Booters - an analysis of DDoS-as-a-Service attacks. in R Badonnel, J Xiao, S Ata, F De Turck, V Groza & CRP dos Santos (eds), Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. IEEE Computer Society, 978-3-901882-76-0, pp. 243 -251, IFIP/IEEE International Symposium on Integrated Network Management 2015, Ottawa, Canada, 11/05/15. https://doi.org/10.1109/INM.2015.7140298

    Booters - an analysis of DDoS-as-a-Service attacks. / Cardoso de Santanna, José Jair; van Rijswijk, Roland M.; Hofstede, R.J.; Sperotto, Anna; Wierbosch, Mark; Zambenedetti Granville, Lisandro; Pras, Aiko.

    Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. ed. / Remi Badonnel; Jin Xiao; Shingo Ata; Filip De Turck; Voicy Groza; Carlos Raniery P. dos Santos. 978-3-901882-76-0 : IEEE Computer Society, 2015. p. 243 -251.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Booters - an analysis of DDoS-as-a-Service attacks

    AU - Cardoso de Santanna, José Jair

    AU - van Rijswijk, Roland M.

    AU - Hofstede, R.J.

    AU - Sperotto, Anna

    AU - Wierbosch, Mark

    AU - Zambenedetti Granville, Lisandro

    AU - Pras, Aiko

    N1 - eemcs-eprint-25727

    PY - 2015/5/11

    Y1 - 2015/5/11

    N2 - In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.

    AB - In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.

    KW - DACS: Booters

    KW - METIS-312498

    KW - IR-96839

    KW - EWI-25727

    U2 - 10.1109/INM.2015.7140298

    DO - 10.1109/INM.2015.7140298

    M3 - Conference contribution

    SN - 978-3-901882-76-0

    SP - 243

    EP - 251

    BT - Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015

    A2 - Badonnel, Remi

    A2 - Xiao, Jin

    A2 - Ata, Shingo

    A2 - De Turck, Filip

    A2 - Groza, Voicy

    A2 - dos Santos, Carlos Raniery P.

    PB - IEEE Computer Society

    CY - 978-3-901882-76-0

    ER -

    Cardoso de Santanna JJ, van Rijswijk RM, Hofstede RJ, Sperotto A, Wierbosch M, Zambenedetti Granville L et al. Booters - an analysis of DDoS-as-a-Service attacks. In Badonnel R, Xiao J, Ata S, De Turck F, Groza V, dos Santos CRP, editors, Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. 978-3-901882-76-0: IEEE Computer Society. 2015. p. 243 -251 https://doi.org/10.1109/INM.2015.7140298