LANDER:DoS traces-20020629 From Predict README version: 4036, last modified: 2014-06-6. This file describes the trace dataset "DoS_traces-20020629" provided by the LANDER project. Contents • 1 LANDER Metadata • 2 Dataset Contents • 3 Individual Trace Description • 4 Citation • 5 Results Using This Dataset • 6 User Annotations LANDER Metadata ┌───────────────────────────┬────────────────────────────────────────────────────────────────────────────────────┐ │ dataSetName │ DoS_traces-20020629 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ status │ usc-web-and-predict │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ shortDesc │ Set of 3 DoS attacks from 2002 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ longDesc │ This dataset contains three attacks. The first attack is a reflector attack that │ │ │ sends echo reply packets targeted to a victim within Los Nettos. The attacks lasts │ │ │ for 244 seconds. The second attack is a TCP no-flags attack that originates within │ │ │ Los Nettos and lasts for 721 seconds. The third attack is a ip-proto 255 attack │ │ │ that send 60B packets and originates with Los Nettos. It lasts for 930 seconds. │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ datasetClass │ Restricted │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ commercialAllowed │ true │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ requestReviewRequired │ true │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ productReviewRequired │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ ongoingMeasurement │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ submissionMethod │ Upload │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionStartDate │ 2002-06-29 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionStartTime │ 15:34:15 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionEndDate │ 2002-08-14 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionEndTime │ 00:01:42 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityStartDate │ 2012-01-27 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityStartTime │ 17:04:42 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityEndDate │ 2030-01-01 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityEndTime │ 00:00:00 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ anonymization │ cryptopan/full │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ archivingAllowed │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ keywords │ category:ip-packet-headers, subcategory:ip-packet-headers, packet-header, dos, │ │ │ one-time │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ format │ dag │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ access │ https │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ hostName │ USC-LANDER │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ providerName │ USC │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ groupingId │ │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ groupingSummaryFlag │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ retrievalInstructions │ download │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ byteSize │ 4439670784 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ expirationDays │ 14 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ uncompressedSize │ 4439526397 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ impactDoi │ 10.23721/109/1353558 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ useAgreement │ dua-ni-160816 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ irbRequired │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ privateAccessInstructions │ See https://ant.isi.edu/datasets/#getting-datasets for information on obtaining │ │ │ this dataset. │ │ │ See │ └───────────────────────────┴────────────────────────────────────────────────────────────────────────────────────┘ Dataset Contents DoS_traces-20020629.README.txt     copy of this README attack18/     attacktrace.anon tcpdump output     output.tcpdpriv tcpdpriv output     .sha1sum SHA-1 checksum attack29/     attacktrace.anon     output.tcpdpriv     .sha1sum SHA-1 checksum attack4/     attacktrace.anon     output.tcpdpriv     .sha1sum SHA-1 checksum Each subdirectory has one of the attacks. The .anon file is tcpdump format, output from tcpdpriv run with parameters -A50 -P99. The output.tcpdpriv file contains any error messages from running tcpdpriv. The file ".sha1sum" contains SHA1 checksums of individual compressed files. The integrity of the distribution thus can be checked by independently calculating SHA1 sums of files and comparing them with those listed in the file. If you have the sha1sum utility installed on your system, you can do that by executing: sha1sum --check .sha1sum This has to be done before files are uncompressed. Individual Trace Description The first attack (directory: attack4) is a reflector attack that sends echo reply packets targeted to a victim (anonymized IP address 128.125.3.43) within Los Nettos. The attacks lasts for 244 seconds, starting 102 seconds into the trace (15:35:57 UTC). This trace was taken 2002-06-29 starting at 15:34:15 UTC. The second attack (directory: attack18) is a TCP no-flags attack that originates within Los Nettos, starts at time 01:37:25 UTC, lasts for 721 seconds. The victim is at anonymized IP address 89.1.89.241. The trace was taken 2002-07-11 starting at 1:34:38 UTC. The third attack (directory: attack29) is a ip-proto 255 attack that send 60B packets and originates with Los Nettos. It lasts for 930 seconds and starts at time 23:46:12 UTC. The victim is at anonymized IP address 88.89.192.119. The trace was taken 2002-08-14 starting at 23:45:46 UTC. Citation If you use this trace to conduct additional research, please cite it as: Scrambled Internet Trace Measurement dataset, PREDICT ID USC-LANDER/DoS_traces-20020629. Traces taken 2002-06-29 to 2002-08-14. Provided by the USC/LANDER project http://www.isi.edu/ant/lander. Results Using This Dataset Traces similar to this one have been used the following previously published work: • Alefiya Hussain, John Heidemann, and Christos Papadopoulos. A Framework for Classifying Denial of Service Attacks. In Proceedings of the ACM SIGCOMM Conference, pp. 99-110. Karlsruhe, Germany, ACM. August, 2003. http://www.isi.edu/~johnh/PAPERS/Hussain03b.html • Alefiya Hussain, John Heidemann, and Christos Papadopoulos. Identification of Repeated DoS Attacks using Network Traffic Forensics. Technical Report ISI-TR-2003-577b, USC/Information Sciences Institute, August, 2003. Originally released August 2003, updated June 2004. http://www.isi.edu/~johnh/PAPERS/Hussain03c.html User Annotations Currently no annotations. Categories: • LANDER • LANDER:Datasets • Datasets