[188997] in North American Network Operators' Group
Re: BGP FlowSpec
daemon@ATHENA.MIT.EDU (Tyler Haske)
Thu Apr 28 22:00:44 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <74A6998A-1023-499C-8BE3-E2936405EACD@technikum-wien.at>
From: Tyler Haske <tyler.haske@gmail.com>
Date: Thu, 28 Apr 2016 11:37:22 -0400
To: Martin Bacher <ti14m028@technikum-wien.at>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Martin,
> Last but not least: I am also looking for anonymized statistical data
about DDoS attacks which I could use in the thesis. I am mainly interested
in data about the
> type of attacks, attack time, sources, source and destination ports, and
so on. I know this something which is generally not shared, so I would
really appreciate it if
> someone would be able to share such data.
Many companies are extremely reluctant to share their attack data. But
that's OK, because there are other ways to get it.
Have you investigated backscatter analysis? It's used to see ongoing and
current Internet scope DDoS attacks.
Inferring Internet Denial of Service Activity
https://cseweb.ucsd.edu/~savage/papers/UsenixSec01.pdf
Analyzing Large DDoS Attacks Using Multiple Data Sources
https://www.cs.utah.edu/~kobus/docs/ddos.lsad.pdf
ISP Security - Real World Techniques
https://www.nanog.org/meetings/nanog23/presentations/greene.ppt
A Summary of DoS/DDoS Prevention, Monitoring and Mitigation Techniques in a
Service Provider Environment
https://www.sans.org/reading-room/whitepapers/intrusion/summary-dos-ddos-prevention-monitoring-mitigation-techniques-service-provider-enviro-1212
Maybe you have access to some public IPs, then you can do this data
collection yourself.
Regards,
Tyler
