To request access this dataset you will need to login with an IMPACT
account. Accounts are free. If you don't have one please
register.
Summary
DS-0776
FRGP_NTP_Flow_Data_anon-20131201
Dataset
University of Southern California-Information Sciences Institute
University of Southern California-Information Sciences Institute
12/01/2013
02/28/2014
36 (lowest rank is 56)
Description
NTP reflection attack
3 months of daily Network Time Protocol (NTP) traffic in the form of Argus flows. The IP addresses are fully anonymized using a prefix-preserving algorithm. The flows are on a 10Gb/s link between a regional and a content ISP. The traffic involves several academic and research institutions. The dataset also includes NTP traffic collected at a University. The dataset contains NTP DDoS reflection attack traffic. These attacks are triggered by the attackers via sending monlist queries with spoofed source IP addresses to vulnerable hosts running NTP. These vulnerable hosts respond with a list of last clients (up to 600), typically producing large replies compared to the small queries.
Additional Details
726.7GB
true
false
ntp, sciences, institute, california, southern, flow, attack, 776, frgp_ntp_flow_data_anon-20131201, anon, 20131201, frgp, dos, reflector, anonymized, 2013, university of southern california-information sciences institute, reflection, traffic, flows, queries, dataset, hosts, vulnerable, includes, algorithm, monlist, academic, attacks, compared, attackers, protocol, collected, isp, source, form, prefix, triggered, argus, time, respond, producing, running, network, typically, 10gb, institutions, spoofed, replies, 600, daily, involves, preserving, traffic flow data, months, clients, regional, link, list, ddos, content, sending
DOS Reflector attack NTP