Analysis of NTP DRDoS attacks’ performance effects and mitigation techniques
Sarrafpour, Bahman; Abbaro, C.; Pitton, I.; Young, C.; Madipour, Farhad
Citation:Sassani (Sarrafpour), B. A., Abbaro, C., Pitton, I., Young, C., & Mehdipour, F. (2016, December). Analysis of NTP DRDoS Attacks’ Performance Effects and Mitigation Techniques. Paper presented at 14th Privacy, Security, and Trust Annual Conference, Auckland, New Zealand.
Permanent link to Research Bank record:http://hdl.handle.net/10652/3747
Denial of Service (DoS) attacks are a type of interruption (malicious and/or unintended) that restrict or completely deny services meant for legitimate users. One of the most relevant DoS attacks is Distributed Denial of Service (DDoS) attack which is a variant of DoS, but on a larger scale using previously compromised, malware infected computers known as “bots” or “zombies”. DDoS attack occurs by generating large amounts of traffic towards an intended victim. This paper focuses on analyzing a variant of DDoS attacks known as Network Time Protocol (NTP) Distributed Reflective Denial of Service (DRDoS) attack. The impact of the attack will be measured in the utilization of processor, memory, network and ping of most relevant devices. Further focus is on the host and network based layered “defense indepth” of NTP DRDoS attack mitigation techniques.