Using network flow data to analyse distributed reflection denial of service (DRDoS) attacks, as observed on the South African national research and education network (SANReN): A postmortem analysis of the memcached attack on the SANReN
Using network flow data to analyse distributed reflection denial of service (DRDoS) attacks, as observed on the South African national research and education network (SANReN): A postmortem analysis of the memcached attack on the SANReN
Distributed Denial of Service (DDoS) attacks cause significant disruption on critical networks within South Africa. Timely detection and mitigation is a key concern for the SANReN Cyber Security Incident Response Team (CSIRT). This paper presents an analysis on the Memcached reflection DDoS attack which occurred in February 2018. The attack was the largest DDoS attack to date. By analysing the attack and the impact it had on the SANReN network, this paper aims to show how network flow data can be used to detect network attacks, and perform post attack analysis to prevent future network attacks. The attack time-line is divided into three main phases: pre-attack, peek attack period and post attack residue.
Reference:
Burke, I.D., Herbert, A. and Mooi, R.D. 2018. Using network flow data to analyse distributed reflection denial of service (DRDoS) attacks, as observed on the South African national research and education network (SANReN): A postmortem analysis of the memcached attack on the SANReN. Annual conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT 2018), Port Elizabeth, 26-28 September 2018, pp. 164-170
Burke, I. D., Herbert, A., & Mooi, R. D. (2018). Using network flow data to analyse distributed reflection denial of service (DRDoS) attacks, as observed on the South African national research and education network (SANReN): A postmortem analysis of the memcached attack on the SANReN. Association for Computing Machinery. http://hdl.handle.net/10204/10682
Burke, Ivan D, A Herbert, and Roderick D Mooi. "Using network flow data to analyse distributed reflection denial of service (DRDoS) attacks, as observed on the South African national research and education network (SANReN): A postmortem analysis of the memcached attack on the SANReN." (2018): http://hdl.handle.net/10204/10682
Burke ID, Herbert A, Mooi RD, Using network flow data to analyse distributed reflection denial of service (DRDoS) attacks, as observed on the South African national research and education network (SANReN): A postmortem analysis of the memcached attack on the SANReN; Association for Computing Machinery; 2018. http://hdl.handle.net/10204/10682 .
Copyright: 2018 ACM. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publisher's website: https://dl.acm.org/citation.cfm?doid=3278681.3278701