Data Description

To generate this RSDoS Attack Metadata dataset, we process 5-minute intervals of the raw telescope data extracting the response packets sent by victims of randomly and uniformly spoofed Denial-of-Service attacks (backscatter packets). Activity that related to the same victim is summarized in an 'attack vector', following the definitions and methodology described by Moore et al. (2006). We continue to update the attack vectors as long as related activity is still observed.
Once an attack completed, we record the accumulated statistics. We also geolocate the targeted IP address using NetAcuity Edge Premium Edition data and determine its origin AS using Routeviews Prefix-to-AS mappings (pfx2as) data.
For more information please see the RSDoS documentation.

Caveats that apply to this dataset

This dataset and the types of worm and denial-of-service attack traffic contained therein are representative only of some spoofed source denial-of-service attacks. Many denial-of-service attackers do not spoof source IP addresses when they attack their victim, in which case backscatter would not appear on a telescope. Attackers can also spoof in a non-random fashion, which will incur an uneven distribution of backscatter across the IPv4 address space, and may cause backscatter traffic to miss any telescope lenses. Note that the telescope does not send any packets in response, which also limits insight into the traffic it sees.

Data Access Policy

In 2021 CAIDA completed an NSF-funded CI-SUSTAIN project "Sustainable Tools for Analysis and Research on Darknet Unsolicited Traffic" (STARDUST). NSF’s expectation is that this funding has enabled CAIDA to sustain Telescope data collection, curation, and sharing through users' contributions. We are now undertaking efforts to put in place the mechanisms that allow such contributions. This includes service agreements and data licensing for academic and commercial data use, as well as new data access options. If you are interested in finding more information about the access options and pricing please fill out and submit the CAIDA UCSD Network Telescope Datasets Request Form.

Acceptable Use Agreement

Access to these data is subject to the terms of the following CAIDA Acceptable Use Agreement

Referencing this Dataset

When referencing this data (as required by the AUA), please use:

UCSD Network Telescope Daily Randomly and Uniformly Spoofed Denial-of-Service (RSDoS) Attack Metadata - <dates used>,
https://www.caida.org/catalog/datasets/telescope-daily-rsdos/

UCSD Network Telescope Datasets

• Historical and Near-Real-Time Network Telescope Dataset
• Aggregated Traffic Data in FlowTuple format
• Daily RSDoS Attack Metadata
• Two Years of Daily RSDoS Attack Metadata (downloadable paper supplement)
• Annotated Anonymized Telescope Packets Sampler
• Three Days Of Conficker Dataset
• CAIDA UCSD Network Telescope Traffic Samples
• Witty Worm Dataset
• Code-Red Worms Dataset
• Patch Tuesday Dataset
• Two days in November 2008 Dataset
• Telescope Educational Dataset
• Telescope Dataset on the Sipscan
• Telescope Darknet Scanners Dataset

For more information on the UCSD Network Telescope, see:

• https://www.caida.org/projects/network_telescope/

For more information on the CoralReef Software Suite, see:

• https://www.caida.org/catalog/software/coralreef/

For more information on the Corsaro Software Suite, see:

• https://catalog.caida.org/software/corsaro

For a non-exhaustive list of Non-CAIDA publications using Network Telescope data, see:

• UCSD Network Telescope papers
• Backscatter-related papers