ResearchSpace

An analysis on the re-emergence of SQL Slammer worm using network telescope data

Show simple item record

dc.contributor.author Chindipha, SD
dc.contributor.author Irwin, Barry VW
dc.date.accessioned 2017-11-02T13:03:16Z
dc.date.available 2017-11-02T13:03:16Z
dc.date.issued 2017-09
dc.identifier.citation Chindipha, S.D. and Irwin, B.V.W. 2017. An analysis on the re-emergence of SQL Slammer worm using network telescope data. Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain, 3-10 September 2017 en_US
dc.identifier.isbn 978-0-620-76756-9
dc.identifier.uri http://www.satnac.org.za//proceedings/2017/SATNAC%202017%20Proceedings%20Final.pdf
dc.identifier.uri http://hdl.handle.net/10204/9705
dc.description Paper presented at Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain, 3-10 September 2017 en_US
dc.description.abstract The SQL Slammer worm is a self propagated computer virus that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic. An observation of network traffic captured in the Rhodes University’s network telescopes shows that traffic observed in it shows an escalation in the number of packets captured by the telescopes between January 2014 and December 2016 when the expected traffic was meant to take a constant decline in UDP packets from port 1434. Using data captured over a period of 84 months, the analysis done in this study identified top ten /24 source IP addresses that Slammer worm repeatedly used for this attack together with their geolocation. It also shows the trend of UDP 1434 packets received by the two network telescopes from January 2009 to December 2015. In line with epidemic model, the paper has shown how this traffic fits in as SQL Slammer worm attack. Consistent number of packets observed in the two telescopes between 2014 and 2016 shows qualities of the Slammer worm attack. Basic time series and decomposition of additive time series graphs have been used to show trend and observed UDP packets over the time frame of study. en_US
dc.language.iso en en_US
dc.publisher SATNAC en_US
dc.relation.ispartofseries Worklist;19658
dc.subject Code-Red en_US
dc.subject Worm en_US
dc.subject SQL Slammer en_US
dc.subject Network telescope en_US
dc.subject Packet en_US
dc.title An analysis on the re-emergence of SQL Slammer worm using network telescope data en_US
dc.type Conference Presentation en_US
dc.identifier.apacitation Chindipha, S., & Irwin, B. V. (2017). An analysis on the re-emergence of SQL Slammer worm using network telescope data. SATNAC. http://hdl.handle.net/10204/9705 en_ZA
dc.identifier.chicagocitation Chindipha, SD, and Barry VW Irwin. "An analysis on the re-emergence of SQL Slammer worm using network telescope data." (2017): http://hdl.handle.net/10204/9705 en_ZA
dc.identifier.vancouvercitation Chindipha S, Irwin BV, An analysis on the re-emergence of SQL Slammer worm using network telescope data; SATNAC; 2017. http://hdl.handle.net/10204/9705 . en_ZA
dc.identifier.ris TY - Conference Presentation AU - Chindipha, SD AU - Irwin, Barry VW AB - The SQL Slammer worm is a self propagated computer virus that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic. An observation of network traffic captured in the Rhodes University’s network telescopes shows that traffic observed in it shows an escalation in the number of packets captured by the telescopes between January 2014 and December 2016 when the expected traffic was meant to take a constant decline in UDP packets from port 1434. Using data captured over a period of 84 months, the analysis done in this study identified top ten /24 source IP addresses that Slammer worm repeatedly used for this attack together with their geolocation. It also shows the trend of UDP 1434 packets received by the two network telescopes from January 2009 to December 2015. In line with epidemic model, the paper has shown how this traffic fits in as SQL Slammer worm attack. Consistent number of packets observed in the two telescopes between 2014 and 2016 shows qualities of the Slammer worm attack. Basic time series and decomposition of additive time series graphs have been used to show trend and observed UDP packets over the time frame of study. DA - 2017-09 DB - ResearchSpace DP - CSIR KW - Code-Red KW - Worm KW - SQL Slammer KW - Network telescope KW - Packet LK - https://researchspace.csir.co.za PY - 2017 SM - 978-0-620-76756-9 T1 - An analysis on the re-emergence of SQL Slammer worm using network telescope data TI - An analysis on the re-emergence of SQL Slammer worm using network telescope data UR - http://hdl.handle.net/10204/9705 ER - en_ZA


Files in this item

This item appears in the following Collection(s)

Show simple item record