POSTER: Reflected attacks abusing honeypots

HUSÁK, Martin and Martin VIZVÁRY. POSTER: Reflected attacks abusing honeypots. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. New York, NY, USA: ACM, 2013, p. 1449-1452. ISBN 978-1-4503-2477-9. Available from: https://dx.doi.org/10.1145/2508859.2512523.

Other formats: BibTeX LaTeX RIS

Basic information
Original name	POSTER: Reflected attacks abusing honeypots
Authors	HUSÁK, Martin (203 Czech Republic, guarantor, belonging to the institution) and Martin VIZVÁRY (703 Slovakia, belonging to the institution).
Edition	New York, NY, USA, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, p. 1449-1452, 4 pp. 2013.
Publisher	ACM

Other information
Original language	English
Type of outcome	Proceedings paper
Field of Study	10201 Computer sciences, information science, bioinformatics
Country of publisher	United States of America
Confidentiality degree	is not subject to a state or trade secret
Publication form	storage medium (CD, DVD, flash disk)
RIV identification code	RIV/00216224:14610/13:00065737
Organization unit	Institute of Computer Science
ISBN	978-1-4503-2477-9
ISSN	1543-7221
Doi	http://dx.doi.org/10.1145/2508859.2512523
Keywords in English	communication; data sharing; ddos attack; honeypot; mitigation; reflection
Tags	rivok
Tags	International impact, Reviewed
Changed by	Changed by: Mgr. Marta Novotná Buršíková, učo 15689. Changed: 16/3/2016 15:23.

Abstract

We present the observation of distributed denial-of-service attacks that use reflection of the flooding traffic off reflectors. This type of attack was used in massive attacks against internet infrastructure of Czech Republic in March, 2013. Apart from common hosts in the network, honeypots were abused as the reflectors. It caused the false positive incident detection and helped attackers. Honeypots, which are by default set to accept any incoming network connection, unintentionally amplified the effect of reflection. We present an analysis of the attack from the point of view of honeypots and show the risks of having honeypots respond to any incoming traffic. We also discuss the possibilities of attack detection and mitigation and present lessons learned from handling the attack. We point out a lack of communication and data sharing during the observed attack.

Links
VG20132015103, research and development project	Name: Kybernetický polygon (Acronym: KYPO)
VG20132015103, research and development project	Investor: Ministry of the Interior of the CR, Cybernetic Proving Ground

Type	Name	Uploaded/Created by	Uploaded/Created
	reflected_attacks_abusing_honeypots.pdf	Husák, M.	22/11/2013
Properties Address within IS https://is.muni.cz/auth/publication/1129155/reflected_attacks_abusing_honeypots.pdf Address for the users outside IS https://is.muni.cz/publication/1129155/reflected_attacks_abusing_honeypots.pdf Address within Manager https://is.muni.cz/auth/publication/1129155/reflected_attacks_abusing_honeypots.pdf?info Address within Manager for the users outside IS https://is.muni.cz/publication/1129155/reflected_attacks_abusing_honeypots.pdf?info Uploaded/Created Fri 22/11/2013 11:30, RNDr. Martin Husák, Ph.D. Rights Right to read anyone on the Internet a concrete person RNDr. Martin Vizváry, učo 255917 a concrete person RNDr. Martin Husák, Ph.D., učo 256631 Right to upload Right to administer: a concrete person RNDr. Martin Vizváry, učo 255917 a concrete person RNDr. Martin Husák, Ph.D., učo 256631 Attributes reflected_attacks_abusing_honeypots.pdf Application Open the file Download file. Address within IS https://is.muni.cz/auth/publication/1129155/reflected_attacks_abusing_honeypots.pdf Address for the users outside IS https://is.muni.cz/publication/1129155/reflected_attacks_abusing_honeypots.pdf File type PDF (application/pdf) Size 391,9 KB Hash md5 c71f119ca79384ae2e7d59aacb64c6b7 Uploaded/Created Fri 22/11/2013 11:30 reflected_attacks_abusing_honeypots.txt Application Open the file Download file. Address within IS https://is.muni.cz/auth/publication/1129155/reflected_attacks_abusing_honeypots.txt Address for the users outside IS https://is.muni.cz/publication/1129155/reflected_attacks_abusing_honeypots.txt File type plain text (text/plain) Size 15 KB Hash md5 4962ea8fa7dc6ac21d4c0575a802a28d Uploaded/Created Fri 22/11/2013 11:32
	reflected_attacks_abusing_honeypots_poster.pdf	Husák, M.	22/11/2013
Properties Address within IS https://is.muni.cz/auth/publication/1129155/reflected_attacks_abusing_honeypots_poster.pdf Address for the users outside IS https://is.muni.cz/publication/1129155/reflected_attacks_abusing_honeypots_poster.pdf Address within Manager https://is.muni.cz/auth/publication/1129155/reflected_attacks_abusing_honeypots_poster.pdf?info Address within Manager for the users outside IS https://is.muni.cz/publication/1129155/reflected_attacks_abusing_honeypots_poster.pdf?info Uploaded/Created Fri 22/11/2013 11:31, RNDr. Martin Husák, Ph.D. Rights Right to read anyone on the Internet a concrete person RNDr. Martin Vizváry, učo 255917 a concrete person RNDr. Martin Husák, Ph.D., učo 256631 Right to upload Right to administer: a concrete person RNDr. Martin Vizváry, učo 255917 a concrete person RNDr. Martin Husák, Ph.D., učo 256631 Attributes reflected_attacks_abusing_honeypots_poster.pdf Application Open the file Download file. Address within IS https://is.muni.cz/auth/publication/1129155/reflected_attacks_abusing_honeypots_poster.pdf Address for the users outside IS https://is.muni.cz/publication/1129155/reflected_attacks_abusing_honeypots_poster.pdf File type PDF (application/pdf) Size 4,2 MB Hash md5 b2cb61f286089f362d559c774a481966 Uploaded/Created Fri 22/11/2013 11:31 reflected_attacks_abusing_honeypots_poster.txt Application Open the file Download file. Address within IS https://is.muni.cz/auth/publication/1129155/reflected_attacks_abusing_honeypots_poster.txt Address for the users outside IS https://is.muni.cz/publication/1129155/reflected_attacks_abusing_honeypots_poster.txt File type plain text (text/plain) Size 3,3 KB Uploaded/Created Fri 22/11/2013 11:33

Print
Report a file uploaded without authorization. Displayed: 1/5/2024 21:06

POSTER: Reflected attacks abusing honeypots

Properties

Rights

reflected_attacks_abusing_honeypots.pdf

reflected_attacks_abusing_honeypots.txt

Properties

Rights

reflected_attacks_abusing_honeypots_poster.pdf

reflected_attacks_abusing_honeypots_poster.txt

Other applications