dc.contributor.author |
Chindipha, SD
|
|
dc.contributor.author |
Irwin, Barry VW
|
|
dc.date.accessioned |
2017-11-02T13:03:16Z |
|
dc.date.available |
2017-11-02T13:03:16Z |
|
dc.date.issued |
2017-09 |
|
dc.identifier.citation |
Chindipha, S.D. and Irwin, B.V.W. 2017. An analysis on the re-emergence of SQL Slammer worm using network telescope data. Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain, 3-10 September 2017 |
en_US |
dc.identifier.isbn |
978-0-620-76756-9 |
|
dc.identifier.uri |
http://www.satnac.org.za//proceedings/2017/SATNAC%202017%20Proceedings%20Final.pdf
|
|
dc.identifier.uri |
http://hdl.handle.net/10204/9705
|
|
dc.description |
Paper presented at Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain, 3-10 September 2017 |
en_US |
dc.description.abstract |
The SQL Slammer worm is a self propagated computer virus that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic. An observation of network traffic captured in the Rhodes University’s network telescopes shows that traffic observed in it shows an escalation in the number of packets captured by the telescopes between January 2014 and December 2016 when the expected traffic was meant to take a constant decline in UDP packets from port 1434. Using data captured over a period of 84 months, the analysis done in this study identified top ten /24 source IP addresses that Slammer worm repeatedly used for this attack together with their geolocation. It also shows the trend of UDP 1434 packets received by the two network telescopes from January 2009 to December 2015. In line with epidemic model, the paper has shown how this traffic fits in as SQL Slammer worm attack. Consistent number of packets observed in the two telescopes between 2014 and 2016 shows qualities of the Slammer worm attack. Basic time series and decomposition of additive time series graphs have been used to show trend and observed UDP packets over the time frame of study. |
en_US |
dc.language.iso |
en |
en_US |
dc.publisher |
SATNAC |
en_US |
dc.relation.ispartofseries |
Worklist;19658 |
|
dc.subject |
Code-Red |
en_US |
dc.subject |
Worm |
en_US |
dc.subject |
SQL Slammer |
en_US |
dc.subject |
Network telescope |
en_US |
dc.subject |
Packet |
en_US |
dc.title |
An analysis on the re-emergence of SQL Slammer worm using network telescope data |
en_US |
dc.type |
Conference Presentation |
en_US |
dc.identifier.apacitation |
Chindipha, S., & Irwin, B. V. (2017). An analysis on the re-emergence of SQL Slammer worm using network telescope data. SATNAC. http://hdl.handle.net/10204/9705 |
en_ZA |
dc.identifier.chicagocitation |
Chindipha, SD, and Barry VW Irwin. "An analysis on the re-emergence of SQL Slammer worm using network telescope data." (2017): http://hdl.handle.net/10204/9705 |
en_ZA |
dc.identifier.vancouvercitation |
Chindipha S, Irwin BV, An analysis on the re-emergence of SQL Slammer worm using network telescope data; SATNAC; 2017. http://hdl.handle.net/10204/9705 . |
en_ZA |
dc.identifier.ris |
TY - Conference Presentation
AU - Chindipha, SD
AU - Irwin, Barry VW
AB - The SQL Slammer worm is a self propagated computer virus that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic. An observation of network traffic captured in the Rhodes University’s network telescopes shows that traffic observed in it shows an escalation in the number of packets captured by the telescopes between January 2014 and December 2016 when the expected traffic was meant to take a constant decline in UDP packets from port 1434. Using data captured over a period of 84 months, the analysis done in this study identified top ten /24 source IP addresses that Slammer worm repeatedly used for this attack together with their geolocation. It also shows the trend of UDP 1434 packets received by the two network telescopes from January 2009 to December 2015. In line with epidemic model, the paper has shown how this traffic fits in as SQL Slammer worm attack. Consistent number of packets observed in the two telescopes between 2014 and 2016 shows qualities of the Slammer worm attack. Basic time series and decomposition of additive time series graphs have been used to show trend and observed UDP packets over the time frame of study.
DA - 2017-09
DB - ResearchSpace
DP - CSIR
KW - Code-Red
KW - Worm
KW - SQL Slammer
KW - Network telescope
KW - Packet
LK - https://researchspace.csir.co.za
PY - 2017
SM - 978-0-620-76756-9
T1 - An analysis on the re-emergence of SQL Slammer worm using network telescope data
TI - An analysis on the re-emergence of SQL Slammer worm using network telescope data
UR - http://hdl.handle.net/10204/9705
ER -
|
en_ZA |