Abstract
Booter services continue to provide popular DDoS-as-a-service platforms and enable anyone irrespective of their technical ability, to execute DDoS attacks with devastating impact. Since booters are a serious threat to Internet operations and can cause significant financial and reputational damage, they also draw the attention of law enforcement agencies and related counter activities. In this paper, we investigate booter-based DDoS attacks in the wild and the impact of an FBI takedown targeting 15 booter websites in December 2018 from the perspective of a major IXP and two ISPs. We study and compare attack properties of multiple booter services by launching Gbps-level attacks against our own infrastructure. To understand spatial and temporal trends of the DDoS traffic originating from booters we scrutinize 5 months, worth of inter-domain traffic. We observe that the takedown only leads to a temporary reduction in attack traffic. Additionally, one booter was found to quickly continue operation by using a new domain for its website.
Original language | English |
---|---|
Title of host publication | IMC 2019 - Proceedings of the 2019 ACM Internet Measurement Conference |
Publisher | Association for Computing Machinery |
Pages | 65-72 |
Number of pages | 8 |
ISBN (Electronic) | 9781450369480 |
DOIs | |
Publication status | Published - 21 Oct 2019 |
Event | Internet Measurement Conference, IMC 2019 - Koninklijk Instituut voor de Tropen, Amsterdam, Netherlands Duration: 21 Oct 2019 → 23 Oct 2019 https://conferences.sigcomm.org/imc/2019/ |
Conference
Conference | Internet Measurement Conference, IMC 2019 |
---|---|
Abbreviated title | IMC |
Country/Territory | Netherlands |
City | Amsterdam |
Period | 21/10/19 → 23/10/19 |
Internet address |
Keywords
- Booter
- DDoS
- DDos-for-Hire
- Internet Security
- ISP
- IXP
- Stresser