| Presentation | 2021-03-02 Study on analyzing Memcached DRDoS attacks and their infrastructures Mizuki Kondo, Natsuo Shintani, Daisuke Makita, Katsunari Yoshioka, Tsutomu Matsumoto, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Internet-facing Memcached services are known to have been misused as powerful reflectors of DRDoS attacks. In this paper, we first utilize high-interaction Memcached honeypots and Internet-wide scan results to analyze how high the amplification factors of Memcached attacks in the wild can be and how many open Memcached services there are. As a result, we report that the amplification factors of most attacks observed by the honeypots are indeed extremely high, up to about 140,000. Moreover, we find there are still over 15,000 reflectors in the wild scattering over 1,000 AS. We then analyze how the attack infrastructures are constructed and operated. We find that 81 IPs in 7 AS are responsible for over 360,000 attacks (58% of all attacks we observed), scanning and storing large payload on reflectors and actually performing attacks. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DRDoS Attacks / Memcached / Honeypots / Attack Infrastructure |
| Paper # | ICSS2020-45 |
| Date of Issue | 2021-02-22 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2021/3/1(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Online |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Security, Trust, etc. |
| Chair | Hiroki Takakura(NII) |
| Vice Chair | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Secretary | Katsunari Yoshioka(NICT) / Kazunori Kamiya(KDDI labs.) |
| Assistant | Keisuke Kito(Mitsubishi Electric) / Toshihiro Yamauchi(Okayama Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Study on analyzing Memcached DRDoS attacks and their infrastructures |
| Sub Title (in English) | |
| Keyword(1) | DRDoS Attacks |
| Keyword(2) | Memcached |
| Keyword(3) | Honeypots |
| Keyword(4) | Attack Infrastructure |
| 1st Author's Name | Mizuki Kondo |
| 1st Author's Affiliation | Yokohama National University(YNU) |
| 2nd Author's Name | Natsuo Shintani |
| 2nd Author's Affiliation | Yokohama National University(YNU) |
| 3rd Author's Name | Daisuke Makita |
| 3rd Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| 4th Author's Name | Katsunari Yoshioka |
| 4th Author's Affiliation | Yokohama National University(YNU) |
| 5th Author's Name | Tsutomu Matsumoto |
| 5th Author's Affiliation | Yokohama National University(YNU) |
| Date | 2021-03-02 |
| Paper # | ICSS2020-45 |
| Volume (vol) | vol.120 |
| Number (no) | ICSS-384 |
| Page | pp.pp.114-119(ICSS), |
| #Pages | 6 |
| Date of Issue | 2021-02-22 (ICSS) |