To request access this dataset you will need to login with an IMPACT account. Accounts are free. If you don't have one please register.


Colorado State University
Colorado State University
39 (lowest rank is 56)

Category & Restrictions

Traffic Flow Data
traffic flow data, denial of service

1.Researcher shall not extract, transfer, or duplicate the provided data outside the compute environment of the Data Provider/Host that house the data, without written authorization from the Colorado State IMPACT PI team. Researcher agrees that derivative information from the provided data can be transferred and used in accordance with the Researcher obligations and other terms of this Agreement, only if sensitive information (including IP addresses) has been anonymized and/or removed.
2. Researcher acknowledges    that the actions of Researcher while using the compute environment/resources provided by the data Provider/Host are subject to logging and monitoring at any time and without prior consent. The data Provider/Host may terminate access to the datasets and compute resources at anytime, for any reason and without prior warning to the Researcher.
3. Researcher agrees that compute resources (such as real and/or virtual machine's processing power, memory and network bandwidth) provided by the Data Provider/Host to the Researcher for downloading and processing the data, are shared resources. Thus, Researcher agrees that such resources/services are provided on a best effort basis.


NTP reflection attack

3 months of daily Network Time Protocol (NTP) traffic in the form of Argus flows. The flows are on a 10Gb/s link between a regional and a content ISP. The traffic involves several academic and research institutions. The dataset also includes NTP traffic collected at a University. The dataset contains NTP DDoS reflection attack traffic. These attacks are triggered by the attackers via sending monlist queries with spoofed source IP addresses to vulnerable hosts running NTP. These vulnerable hosts respond with a list of last clients (up to 600), typically producing large replies compared to the small queries.

Additional Details

colorado, frgpntpflowdata, 478, 20131201, frgpntpflowdata-20131201, colorado state university, anonymized, 2013, ntp, attack, reflection, traffic, queries, dataset, hosts, vulnerable, flows, content, network, ddos, running, compared, producing, respond, sending, time, attackers, argus, form, link, regional, months, triggered, flow, monlist, academic, attacks, protocol, source, collected, involves, typically, includes, clients, traffic flow data, daily, 600, replies, spoofed, institutions, 10gb, list, isp