POSTER: Reflected attacks abusing honeypots

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F13%3A00065737" target="_blank" >RIV/00216224:14610/13:00065737 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1145/2508859.2512523" target="_blank" >http://dx.doi.org/10.1145/2508859.2512523</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/2508859.2512523" target="_blank" >10.1145/2508859.2512523</a>

Jazyk výsledku

angličtina

Název v původním jazyce

POSTER: Reflected attacks abusing honeypots

Popis výsledku v původním jazyce

We present the observation of distributed denial-of-service attacks that use reflection of the flooding traffic off reflectors. This type of attack was used in massive attacks against internet infrastructure of Czech Republic in March, 2013. Apart from common hosts in the network, honeypots were abused as the reflectors. It caused the false positive incident detection and helped attackers. Honeypots, which are by default set to accept any incoming network connection, unintentionally amplified the effectof reflection. We present an analysis of the attack from the point of view of honeypots and show the risks of having honeypots respond to any incoming traffic. We also discuss the possibilities of attack detection and mitigation and present lessons learned from handling the attack. We point out a lack of communication and data sharing during the observed attack.

Název v anglickém jazyce

POSTER: Reflected attacks abusing honeypots

Popis výsledku anglicky

We present the observation of distributed denial-of-service attacks that use reflection of the flooding traffic off reflectors. This type of attack was used in massive attacks against internet infrastructure of Czech Republic in March, 2013. Apart from common hosts in the network, honeypots were abused as the reflectors. It caused the false positive incident detection and helped attackers. Honeypots, which are by default set to accept any incoming network connection, unintentionally amplified the effectof reflection. We present an analysis of the attack from the point of view of honeypots and show the risks of having honeypots respond to any incoming traffic. We also discuss the possibilities of attack detection and mitigation and present lessons learned from handling the attack. We point out a lack of communication and data sharing during the observed attack.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/VG20132015103" target="_blank" >VG20132015103: Kybernetický polygon</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2013

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

ISBN

9781450324779

ISSN

—

e-ISSN

—

Počet stran výsledku

4

Strana od-do

1449-1452

Název nakladatele

ACM

Místo vydání

New York, NY, USA

Místo konání akce

Berlin, Germany

Datum konání akce

1. 1. 2013

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—