Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
www.caida.org > publications : papers : 2006 : backscatter_dos
Inferring Internet Denial-of-Service Activity
D. Moore, C. Shannon, D. Brown, G. Voelker, and S. Savage, "Inferring Internet Denial-of-Service Activity", ACM Transactions on Computer Systems, vol. 24, no. 2, pp. 115--139, May 2006.
|   View full paper:    PDF    |  Citation:    BibTeX   |

Inferring Internet Denial-of-Service Activity

David Moore 1
Colleen Shannon 1
Doug Brown 2, 3
Geoffrey Voelker 3
Stefan Savage 3
1

CAIDA, San Diego Supercomputer Center, University of California San Diego

2

New York University

3

University of California, San Diego

In this paper, we seek to address a simple question: "How prevalent are denial-of-service attacks in the Internet?" Our motivation is to quantitatively understand the nature of the current threat as well as to enable longer-term analyses of trends and recurring patterns of attacks. We present a new technique, called "backscatter analysis", that provides a conservative estimate of worldwide denial-of-service activity. We use this approach on 22 traces (each covering a week or more) gathered over three years from 2001 through 2004. Across this corpus we quantitatively assess the number, duration and focus of attacks, and qualitatively characterize their behavior. In total, we observed over 68,000 attacks directed at over 34,000 distinct victim IP addresses -- ranging from well-known e-commerce companies such as Amazon and Hotmail to small foreign ISPs and dial-up connections. We believe our technique is the rst to provide quantitative estimates of Internet-wide denial-of-service activity and that this paper describes the most comprehensive public measurements of such activity to date.

Keywords: network telescope, security
  Last Modified: Wed Oct-11-2017 17:03:53 PDT
  Page URL: http://www.caida.org/publications/papers/2006/backscatter_dos/index.xml