To request access this dataset you will need to login with an IMPACT account. Accounts are free. If you don't have one please register.

Summary

DS-0776
FRGP_NTP_Flow_Data_anon-20131201
Dataset
University of Southern California-Information Sciences Institute
University of Southern California-Information Sciences Institute
12/01/2013
02/28/2014
37 (lowest rank is 48)

Category & Restrictions

Traffic Flow Data
traffic flow data, denial of service
Quasi-Restricted
true

Description


NTP reflection attack

3 months of daily Network Time Protocol (NTP) traffic in the form of Argus flows. The IP addresses are fully anonymized using a prefix-preserving algorithm. The flows are on a 10Gb/s link between a regional and a content ISP. The traffic involves several academic and research institutions. The dataset also includes NTP traffic collected at a University. The dataset contains NTP DDoS reflection attack traffic. These attacks are triggered by the attackers via sending monlist queries with spoofed source IP addresses to vulnerable hosts running NTP. These vulnerable hosts respond with a list of last clients (up to 600), typically producing large replies compared to the small queries.

Additional Details

726.7GB
true
false
research organizations, frgp_ntp_flow_data_anon-20131201, cybercrime, img college, dos, network time protocol, internet security, data anonymization, application layer protocols, ntp, denial of service attack, cyberwarfare, information privacy, virginia tech hokies, university of southern california-information sciences institute, reflector, 776, attack, cyberattack, data protection, reflection attack, internet relay chat, exploit, research institute
DOS Reflector attack NTP