To request access this dataset you will need to login with an IMPACT account. Accounts are free. If you don't have one please register.

Summary

DS-0478
FRGPNTPFlowData-20131201
Dataset
Colorado State University
Colorado State University
12/01/2013
02/28/2014
39 (lowest rank is 55)

Category & Restrictions

Traffic Flow Data
traffic flow data, denial of service
Restricted
true

1.Researcher shall not extract, transfer, or duplicate the provided data outside the compute environment of the Data Provider/Host that house the data, without written authorization from the Colorado State IMPACT PI team. Researcher agrees that derivative information from the provided data can be transferred and used in accordance with the Researcher obligations and other terms of this Agreement, only if sensitive information (including IP addresses) has been anonymized and/or removed.
2. Researcher acknowledges    that the actions of Researcher while using the compute environment/resources provided by the data Provider/Host are subject to logging and monitoring at any time and without prior consent. The data Provider/Host may terminate access to the datasets and compute resources at anytime, for any reason and without prior warning to the Researcher.
3. Researcher agrees that compute resources (such as real and/or virtual machine's processing power, memory and network bandwidth) provided by the Data Provider/Host to the Researcher for downloading and processing the data, are shared resources. Thus, Researcher agrees that such resources/services are provided on a best effort basis.

Description


NTP reflection attack

3 months of daily Network Time Protocol (NTP) traffic in the form of Argus flows. The flows are on a 10Gb/s link between a regional and a content ISP. The traffic involves several academic and research institutions. The dataset also includes NTP traffic collected at a University. The dataset contains NTP DDoS reflection attack traffic. These attacks are triggered by the attackers via sending monlist queries with spoofed source IP addresses to vulnerable hosts running NTP. These vulnerable hosts respond with a list of last clients (up to 600), typically producing large replies compared to the small queries.

Additional Details

N/A
true
false
research organizations, img college, network time protocol, dos, application layer protocols, denial of service attack, cyberwarfare, virginia tech hokies, 478, frgpntpflowdata-20131201, colorado state university, reflection attack, internet relay chat, exploit, research institute