To request access this dataset you will need to login with an IMPACT account. Accounts are free. If you don't have one please register.


University of Southern California-Information Sciences Institute
University of Southern California-Information Sciences Institute
36 (lowest rank is 56)

Category & Restrictions

Traffic Flow Data
traffic flow data, denial of service


NTP reflection attack

3 months of daily Network Time Protocol (NTP) traffic in the form of Argus flows. The IP addresses are fully anonymized using a prefix-preserving algorithm. The flows are on a 10Gb/s link between a regional and a content ISP. The traffic involves several academic and research institutions. The dataset also includes NTP traffic collected at a University. The dataset contains NTP DDoS reflection attack traffic. These attacks are triggered by the attackers via sending monlist queries with spoofed source IP addresses to vulnerable hosts running NTP. These vulnerable hosts respond with a list of last clients (up to 600), typically producing large replies compared to the small queries.

Additional Details

ntp, sciences, institute, california, southern, flow, attack, 776, frgp_ntp_flow_data_anon-20131201, anon, 20131201, frgp, dos, reflector, anonymized, 2013, university of southern california-information sciences institute, reflection, traffic, flows, queries, dataset, hosts, vulnerable, includes, algorithm, monlist, academic, attacks, compared, attackers, protocol, collected, isp, source, form, prefix, triggered, argus, time, respond, producing, running, network, typically, 10gb, institutions, spoofed, replies, 600, daily, involves, preserving, traffic flow data, months, clients, regional, link, list, ddos, content, sending
DOS Reflector attack NTP