Booters - an analysis of DDoS-as-a-Service attacks

José Jair Cardoso de Santanna, Roland M. van Rijswijk, R.J. Hofstede, Anna Sperotto, Mark Wierbosch, Lisandro Zambenedetti Granville, Aiko Pras

  • 35 Citations

Abstract

In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.
Original languageUndefined
Title of host publicationProceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015
EditorsRemi Badonnel, Jin Xiao, Shingo Ata, Filip De Turck, Voicy Groza, Carlos Raniery P. dos Santos
Place of Publication978-3-901882-76-0
PublisherIEEE Computer Society
Pages243 -251
Number of pages9
ISBN (Print)978-3-901882-76-0
DOIs
StatePublished - 11 May 2015

Publication series

Name
PublisherIEEE Computer Society

Fingerprint

service
student
data network
educational institution
website
threat
infrastructure
cause
costs
network
school
structure
education
information
problem
analysis
research

Keywords

  • DACS: Booters
  • METIS-312498
  • IR-96839
  • EWI-25727

Cite this

Cardoso de Santanna, J. J., van Rijswijk, R. M., Hofstede, R. J., Sperotto, A., Wierbosch, M., Zambenedetti Granville, L., & Pras, A. (2015). Booters - an analysis of DDoS-as-a-Service attacks. In R. Badonnel, J. Xiao, S. Ata, F. De Turck, V. Groza, & C. R. P. dos Santos (Eds.), Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015 (pp. 243 -251). 978-3-901882-76-0: IEEE Computer Society. DOI: 10.1109/INM.2015.7140298

Cardoso de Santanna, José Jair; van Rijswijk, Roland M.; Hofstede, R.J.; Sperotto, Anna; Wierbosch, Mark; Zambenedetti Granville, Lisandro; Pras, Aiko / Booters - an analysis of DDoS-as-a-Service attacks.

Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. ed. / Remi Badonnel; Jin Xiao; Shingo Ata; Filip De Turck; Voicy Groza; Carlos Raniery P. dos Santos. 978-3-901882-76-0 : IEEE Computer Society, 2015. p. 243 -251.

Research output: Scientific - peer-reviewConference contribution

@inbook{665bf1e10f7e40fa867c4b8c81833ebf,
title = "Booters - an analysis of DDoS-as-a-Service attacks",
abstract = "In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.",
keywords = "DACS: Booters, METIS-312498, IR-96839, EWI-25727",
author = "{Cardoso de Santanna}, {José Jair} and {van Rijswijk}, {Roland M.} and R.J. Hofstede and Anna Sperotto and Mark Wierbosch and {Zambenedetti Granville}, Lisandro and Aiko Pras",
note = "eemcs-eprint-25727",
year = "2015",
month = "5",
doi = "10.1109/INM.2015.7140298",
isbn = "978-3-901882-76-0",
publisher = "IEEE Computer Society",
pages = "243 --251",
editor = "Remi Badonnel and Jin Xiao and Shingo Ata and {De Turck}, Filip and Voicy Groza and {dos Santos}, {Carlos Raniery P.}",
booktitle = "Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015",
address = "United States",

}

Cardoso de Santanna, JJ, van Rijswijk, RM, Hofstede, RJ, Sperotto, A, Wierbosch, M, Zambenedetti Granville, L & Pras, A 2015, Booters - an analysis of DDoS-as-a-Service attacks. in R Badonnel, J Xiao, S Ata, F De Turck, V Groza & CRP dos Santos (eds), Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. IEEE Computer Society, 978-3-901882-76-0, pp. 243 -251. DOI: 10.1109/INM.2015.7140298

Booters - an analysis of DDoS-as-a-Service attacks. / Cardoso de Santanna, José Jair; van Rijswijk, Roland M.; Hofstede, R.J.; Sperotto, Anna; Wierbosch, Mark; Zambenedetti Granville, Lisandro; Pras, Aiko.

Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. ed. / Remi Badonnel; Jin Xiao; Shingo Ata; Filip De Turck; Voicy Groza; Carlos Raniery P. dos Santos. 978-3-901882-76-0 : IEEE Computer Society, 2015. p. 243 -251.

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - Booters - an analysis of DDoS-as-a-Service attacks

AU - Cardoso de Santanna,José Jair

AU - van Rijswijk,Roland M.

AU - Hofstede,R.J.

AU - Sperotto,Anna

AU - Wierbosch,Mark

AU - Zambenedetti Granville,Lisandro

AU - Pras,Aiko

N1 - eemcs-eprint-25727

PY - 2015/5/11

Y1 - 2015/5/11

N2 - In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.

AB - In 2012, the Dutch National Research and Education Network, SURFnet, observed a multitude of Distributed Denial of Service (DDoS) attacks against educational institutions. These attacks were effective enough to cause the online exams of hundreds of students to be cancelled. Surprisingly, these attacks were purchased by students from websites, known as Booters. These sites provide DDoS attacks as a paid service (DDoS-as-a-Service) at costs starting from 1 USD. Since this problem was first identified by SURFnet, Booters have been used repeatedly to perform attacks on schools in SURFnet's constituency. Very little is known, however, about the characteristics of Booters, and particularly how their attacks are structure. This is vital information needed to mitigate these attacks. In this paper we analyse the characteristics of 14 distinct Booters based on more than 250 GB of network data from real attacks. Our findings show that Booters pose a real threat that should not be underestimated, especially since our analysis suggests that they can easily increase their firepower based on their current infrastructure.

KW - DACS: Booters

KW - METIS-312498

KW - IR-96839

KW - EWI-25727

U2 - 10.1109/INM.2015.7140298

DO - 10.1109/INM.2015.7140298

M3 - Conference contribution

SN - 978-3-901882-76-0

SP - 243

EP - 251

BT - Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015

PB - IEEE Computer Society

ER -

Cardoso de Santanna JJ, van Rijswijk RM, Hofstede RJ, Sperotto A, Wierbosch M, Zambenedetti Granville L et al. Booters - an analysis of DDoS-as-a-Service attacks. In Badonnel R, Xiao J, Ata S, De Turck F, Groza V, dos Santos CRP, editors, Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, IM 2015. 978-3-901882-76-0: IEEE Computer Society. 2015. p. 243 -251. Available from, DOI: 10.1109/INM.2015.7140298