DDoS Hide & Seek: On the effectiveness of a booter services takedown

Daniel Kopp, Jair Santanna, Matthias Wichtlhuber, Oliver Hohlfeld, Ingmar Poese, Christoph Dietzel

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

8 Citations (Scopus)
42 Downloads (Pure)


Booter services continue to provide popular DDoS-as-a-service platforms and enable anyone irrespective of their technical ability, to execute DDoS attacks with devastating impact. Since booters are a serious threat to Internet operations and can cause significant financial and reputational damage, they also draw the attention of law enforcement agencies and related counter activities. In this paper, we investigate booter-based DDoS attacks in the wild and the impact of an FBI takedown targeting 15 booter websites in December 2018 from the perspective of a major IXP and two ISPs. We study and compare attack properties of multiple booter services by launching Gbps-level attacks against our own infrastructure. To understand spatial and temporal trends of the DDoS traffic originating from booters we scrutinize 5 months, worth of inter-domain traffic. We observe that the takedown only leads to a temporary reduction in attack traffic. Additionally, one booter was found to quickly continue operation by using a new domain for its website.

Original languageEnglish
Title of host publicationIMC 2019 - Proceedings of the 2019 ACM Internet Measurement Conference
PublisherAssociation for Computing Machinery
Number of pages8
ISBN (Electronic)9781450369480
Publication statusPublished - 21 Oct 2019
EventInternet Measurement Conference, IMC 2019 - Koninklijk Instituut voor de Tropen, Amsterdam, Netherlands
Duration: 21 Oct 201923 Oct 2019


ConferenceInternet Measurement Conference, IMC 2019
Abbreviated titleIMC
Internet address


  • Booter
  • DDoS
  • DDos-for-Hire
  • Internet Security
  • ISP
  • IXP
  • Stresser


Dive into the research topics of 'DDoS Hide & Seek: On the effectiveness of a booter services takedown'. Together they form a unique fingerprint.

Cite this