All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

POSTER: Reflected attacks abusing honeypots

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F13%3A00065737" target="_blank" >RIV/00216224:14610/13:00065737 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.1145/2508859.2512523" target="_blank" >http://dx.doi.org/10.1145/2508859.2512523</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1145/2508859.2512523" target="_blank" >10.1145/2508859.2512523</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    POSTER: Reflected attacks abusing honeypots

  • Original language description

    We present the observation of distributed denial-of-service attacks that use reflection of the flooding traffic off reflectors. This type of attack was used in massive attacks against internet infrastructure of Czech Republic in March, 2013. Apart from common hosts in the network, honeypots were abused as the reflectors. It caused the false positive incident detection and helped attackers. Honeypots, which are by default set to accept any incoming network connection, unintentionally amplified the effectof reflection. We present an analysis of the attack from the point of view of honeypots and show the risks of having honeypots respond to any incoming traffic. We also discuss the possibilities of attack detection and mitigation and present lessons learned from handling the attack. We point out a lack of communication and data sharing during the observed attack.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    IN - Informatics

  • OECD FORD branch

Result continuities

  • Project

    <a href="/en/project/VG20132015103" target="_blank" >VG20132015103: Cybernetic Proving Ground</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2013

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

  • ISBN

    9781450324779

  • ISSN

  • e-ISSN

  • Number of pages

    4

  • Pages from-to

    1449-1452

  • Publisher name

    ACM

  • Place of publication

    New York, NY, USA

  • Event location

    Berlin, Germany

  • Event date

    Jan 1, 2013

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

POSTER: Dragging Attackers to Honeypots for Effective Analysis of Cybernetic ThreatsFlow-based Monitoring of HoneypotsNeural network classifier of attacks in IP telephony