Přehled o publikaci
2013
POSTER: Reflected attacks abusing honeypots
HUSÁK, Martin and Martin VIZVÁRYBasic information
Original name
POSTER: Reflected attacks abusing honeypots
Authors
HUSÁK, Martin and Martin VIZVÁRY
Edition
New York, NY, USA, communications security, p. 1449-1452, 4 pp. 2013
Publisher
ACM
Other information
Language
English
Type of outcome
Proceedings paper
Field of Study
Informatics
Country of publisher
United States of America
Confidentiality degree
is not subject to a state or trade secret
Publication form
storage medium (CD, DVD, flash disk)
Marked to be transferred to RIV
Yes
RIV identification code
RIV/00216224:14610/13:00065737
Organization
Ústav výpočetní techniky – Repository – Repository
ISBN
978-1-4503-2477-9
ISSN
Keywords in English
communication; data sharing; ddos attack; honeypot; mitigation; reflection
Links
VG20132015103, research and development project.
Changed: 1/9/2020 17:26, RNDr. Daniel Jakubík
Abstract
In the original language
We present the observation of distributed denial-of-service attacks that use reflection of the flooding traffic off reflectors. This type of attack was used in massive attacks against internet infrastructure of Czech Republic in March, 2013. Apart from common hosts in the network, honeypots were abused as the reflectors. It caused the false positive incident detection and helped attackers. Honeypots, which are by default set to accept any incoming network connection, unintentionally amplified the effect of reflection. We present an analysis of the attack from the point of view of honeypots and show the risks of having honeypots respond to any incoming traffic. We also discuss the possibilities of attack detection and mitigation and present lessons learned from handling the attack. We point out a lack of communication and data sharing during the observed attack.
