Inside Booters: an analysis on operational databases

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    20 Citations (Scopus)
    895 Downloads (Pure)


    Distributed Denial of Service (DDoS) attacks are an increasing threat on the Internet. One of the reasons is that Web sites selling attacks for prices starting from $1.00 are becoming popular. These Web sites, called Booters, facilitate attacks by making transparent the needed infrastructure to perform attacks and by lowering the knowledge to control it. As a consequence, any user on the Internet is able to launch attacks at any time. Although security experts and operators acknowledge the potential of Booters for DDoS attacks, little is known about Booters operational aspects in terms of users, attacks and infrastructure. The existing works that investigate this phenomenon are all restricted to the analysis of a single Booter and therefore provide a narrow overview of the phenomenon. In this paper we extend the existing work by providing an extensive analysis on 15 distinct Booters. We analyze their operational databases containing logs of users, attacks, and the infrastructure used to perform attacks. Among our findings we reveal that (i) some Booters have several database records completely equal, (ii) users that access Booters via proxies and VPNs performed much more attacks than those that accessed using a single IP address, and (iii) the infrastructure used to perform attacks is slightly different from what is known through existing work. The contribution of our work is to bring awareness of Booter characteristics facilitating future works to mitigate this phenomenon.
    Original languageUndefined
    Title of host publicationIFIP/IEEE International Symposium on Integrated Network Management (IM 2015)
    EditorsRemi Badonnel, Jin Xiao, Shingo Ata, Filip De Turck, Voicu Groza, Carlos Raniery P. dos Santos
    Place of PublicationUSA
    Number of pages9
    ISBN (Print)978-3-901882-76-0
    Publication statusPublished - 11 May 2015
    Event14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015: Integrated Management in the Age of Big Data - Shaw Centre, Ottawa, Canada
    Duration: 11 May 201515 May 2015
    Conference number: 14

    Publication series

    PublisherIEEE Computer Society


    Conference14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015
    Abbreviated titleIM 2015
    Internet address


    • EWI-26166
    • DACS: Booters
    • booter
    • METIS-312682
    • database analysis
    • DDoS
    • IR-96840
    • stresser

    Cite this