Inside Booters: an analysis on operational databases

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    18 Citations (Scopus)
    187 Downloads (Pure)

    Abstract

    Distributed Denial of Service (DDoS) attacks are an increasing threat on the Internet. One of the reasons is that Web sites selling attacks for prices starting from $1.00 are becoming popular. These Web sites, called Booters, facilitate attacks by making transparent the needed infrastructure to perform attacks and by lowering the knowledge to control it. As a consequence, any user on the Internet is able to launch attacks at any time. Although security experts and operators acknowledge the potential of Booters for DDoS attacks, little is known about Booters operational aspects in terms of users, attacks and infrastructure. The existing works that investigate this phenomenon are all restricted to the analysis of a single Booter and therefore provide a narrow overview of the phenomenon. In this paper we extend the existing work by providing an extensive analysis on 15 distinct Booters. We analyze their operational databases containing logs of users, attacks, and the infrastructure used to perform attacks. Among our findings we reveal that (i) some Booters have several database records completely equal, (ii) users that access Booters via proxies and VPNs performed much more attacks than those that accessed using a single IP address, and (iii) the infrastructure used to perform attacks is slightly different from what is known through existing work. The contribution of our work is to bring awareness of Booter characteristics facilitating future works to mitigate this phenomenon.
    Original languageUndefined
    Title of host publicationIFIP/IEEE International Symposium on Integrated Network Management (IM 2015)
    EditorsRemi Badonnel, Jin Xiao, Shingo Ata, Filip De Turck, Voicu Groza, Carlos Raniery P. dos Santos
    Place of PublicationUSA
    PublisherIEEE Computer Society
    Pages432-440
    Number of pages9
    ISBN (Print)978-3-901882-76-0
    DOIs
    Publication statusPublished - 11 May 2015
    EventIFIP/IEEE International Symposium on Integrated Network Management 2015: Integrated Management in the Age of Big Data - Ottawa, Canada
    Duration: 11 May 201515 May 2015
    http://im2015.ieee-im.org/

    Publication series

    Name
    PublisherIEEE Computer Society

    Conference

    ConferenceIFIP/IEEE International Symposium on Integrated Network Management 2015
    Abbreviated titleIM 2015
    CountryCanada
    CityOttawa
    Period11/05/1515/05/15
    Internet address

    Keywords

    • EWI-26166
    • DACS: Booters
    • booter
    • METIS-312682
    • database analysis
    • DDoS
    • IR-96840
    • stresser

    Cite this

    Cardoso de Santanna, J. J., Durban, R., Sperotto, A., & Pras, A. (2015). Inside Booters: an analysis on operational databases. In R. Badonnel, J. Xiao, S. Ata, F. De Turck, V. Groza, & C. R. P. dos Santos (Eds.), IFIP/IEEE International Symposium on Integrated Network Management (IM 2015) (pp. 432-440). USA: IEEE Computer Society. https://doi.org/10.1109/INM.2015.7140320
    Cardoso de Santanna, José Jair ; Durban, Romain ; Sperotto, Anna ; Pras, Aiko. / Inside Booters: an analysis on operational databases. IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). editor / Remi Badonnel ; Jin Xiao ; Shingo Ata ; Filip De Turck ; Voicu Groza ; Carlos Raniery P. dos Santos. USA : IEEE Computer Society, 2015. pp. 432-440
    @inproceedings{d9a36b327d75437ca82c67d0c957f8c9,
    title = "Inside Booters: an analysis on operational databases",
    abstract = "Distributed Denial of Service (DDoS) attacks are an increasing threat on the Internet. One of the reasons is that Web sites selling attacks for prices starting from $1.00 are becoming popular. These Web sites, called Booters, facilitate attacks by making transparent the needed infrastructure to perform attacks and by lowering the knowledge to control it. As a consequence, any user on the Internet is able to launch attacks at any time. Although security experts and operators acknowledge the potential of Booters for DDoS attacks, little is known about Booters operational aspects in terms of users, attacks and infrastructure. The existing works that investigate this phenomenon are all restricted to the analysis of a single Booter and therefore provide a narrow overview of the phenomenon. In this paper we extend the existing work by providing an extensive analysis on 15 distinct Booters. We analyze their operational databases containing logs of users, attacks, and the infrastructure used to perform attacks. Among our findings we reveal that (i) some Booters have several database records completely equal, (ii) users that access Booters via proxies and VPNs performed much more attacks than those that accessed using a single IP address, and (iii) the infrastructure used to perform attacks is slightly different from what is known through existing work. The contribution of our work is to bring awareness of Booter characteristics facilitating future works to mitigate this phenomenon.",
    keywords = "EWI-26166, DACS: Booters, booter, METIS-312682, database analysis, DDoS, IR-96840, stresser",
    author = "{Cardoso de Santanna}, {Jos{\'e} Jair} and Romain Durban and Anna Sperotto and Aiko Pras",
    note = "10.1109/INM.2015.7140320",
    year = "2015",
    month = "5",
    day = "11",
    doi = "10.1109/INM.2015.7140320",
    language = "Undefined",
    isbn = "978-3-901882-76-0",
    publisher = "IEEE Computer Society",
    pages = "432--440",
    editor = "Remi Badonnel and Jin Xiao and Shingo Ata and {De Turck}, Filip and Voicu Groza and {dos Santos}, {Carlos Raniery P.}",
    booktitle = "IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)",
    address = "United States",

    }

    Cardoso de Santanna, JJ, Durban, R, Sperotto, A & Pras, A 2015, Inside Booters: an analysis on operational databases. in R Badonnel, J Xiao, S Ata, F De Turck, V Groza & CRP dos Santos (eds), IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). IEEE Computer Society, USA, pp. 432-440, IFIP/IEEE International Symposium on Integrated Network Management 2015, Ottawa, Canada, 11/05/15. https://doi.org/10.1109/INM.2015.7140320

    Inside Booters: an analysis on operational databases. / Cardoso de Santanna, José Jair; Durban, Romain; Sperotto, Anna; Pras, Aiko.

    IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). ed. / Remi Badonnel; Jin Xiao; Shingo Ata; Filip De Turck; Voicu Groza; Carlos Raniery P. dos Santos. USA : IEEE Computer Society, 2015. p. 432-440.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Inside Booters: an analysis on operational databases

    AU - Cardoso de Santanna, José Jair

    AU - Durban, Romain

    AU - Sperotto, Anna

    AU - Pras, Aiko

    N1 - 10.1109/INM.2015.7140320

    PY - 2015/5/11

    Y1 - 2015/5/11

    N2 - Distributed Denial of Service (DDoS) attacks are an increasing threat on the Internet. One of the reasons is that Web sites selling attacks for prices starting from $1.00 are becoming popular. These Web sites, called Booters, facilitate attacks by making transparent the needed infrastructure to perform attacks and by lowering the knowledge to control it. As a consequence, any user on the Internet is able to launch attacks at any time. Although security experts and operators acknowledge the potential of Booters for DDoS attacks, little is known about Booters operational aspects in terms of users, attacks and infrastructure. The existing works that investigate this phenomenon are all restricted to the analysis of a single Booter and therefore provide a narrow overview of the phenomenon. In this paper we extend the existing work by providing an extensive analysis on 15 distinct Booters. We analyze their operational databases containing logs of users, attacks, and the infrastructure used to perform attacks. Among our findings we reveal that (i) some Booters have several database records completely equal, (ii) users that access Booters via proxies and VPNs performed much more attacks than those that accessed using a single IP address, and (iii) the infrastructure used to perform attacks is slightly different from what is known through existing work. The contribution of our work is to bring awareness of Booter characteristics facilitating future works to mitigate this phenomenon.

    AB - Distributed Denial of Service (DDoS) attacks are an increasing threat on the Internet. One of the reasons is that Web sites selling attacks for prices starting from $1.00 are becoming popular. These Web sites, called Booters, facilitate attacks by making transparent the needed infrastructure to perform attacks and by lowering the knowledge to control it. As a consequence, any user on the Internet is able to launch attacks at any time. Although security experts and operators acknowledge the potential of Booters for DDoS attacks, little is known about Booters operational aspects in terms of users, attacks and infrastructure. The existing works that investigate this phenomenon are all restricted to the analysis of a single Booter and therefore provide a narrow overview of the phenomenon. In this paper we extend the existing work by providing an extensive analysis on 15 distinct Booters. We analyze their operational databases containing logs of users, attacks, and the infrastructure used to perform attacks. Among our findings we reveal that (i) some Booters have several database records completely equal, (ii) users that access Booters via proxies and VPNs performed much more attacks than those that accessed using a single IP address, and (iii) the infrastructure used to perform attacks is slightly different from what is known through existing work. The contribution of our work is to bring awareness of Booter characteristics facilitating future works to mitigate this phenomenon.

    KW - EWI-26166

    KW - DACS: Booters

    KW - booter

    KW - METIS-312682

    KW - database analysis

    KW - DDoS

    KW - IR-96840

    KW - stresser

    U2 - 10.1109/INM.2015.7140320

    DO - 10.1109/INM.2015.7140320

    M3 - Conference contribution

    SN - 978-3-901882-76-0

    SP - 432

    EP - 440

    BT - IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)

    A2 - Badonnel, Remi

    A2 - Xiao, Jin

    A2 - Ata, Shingo

    A2 - De Turck, Filip

    A2 - Groza, Voicu

    A2 - dos Santos, Carlos Raniery P.

    PB - IEEE Computer Society

    CY - USA

    ER -

    Cardoso de Santanna JJ, Durban R, Sperotto A, Pras A. Inside Booters: an analysis on operational databases. In Badonnel R, Xiao J, Ata S, De Turck F, Groza V, dos Santos CRP, editors, IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). USA: IEEE Computer Society. 2015. p. 432-440 https://doi.org/10.1109/INM.2015.7140320