LANDER:FRGP NTP Flow Data anon-20131201 From Predict Jump to navigation Jump to search The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead. README version: 7965, last modified: 2017-08-28. This file describes the trace dataset "FRGP_NTP_Flow_Data_anon-20131201" provided by the LANDER project. The most recent version of this file can be found on-line at https://wiki.isi.edu/predict/index.php?title=LANDER:FRGP_NTP_Flow_Data_anon-20131201. [ ] Contents • 1 LANDER Metadata • 2 Dataset Contents • 3 Dataset Generation • 4 Citation • 5 Results Using This Dataset • 6 User Annotations LANDER Metadata (https://wiki.isi.edu/predict/index.php?title=LANDER:FRGP_NTP_Flow_Data_anon-20131201/landermeta) ┌─────────────────────────┬────────────────────────────────────────────────────────────────────────────────────────┐ │dataSetName │FRGP_NTP_Flow_Data_anon-20131201 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │status │usc-web-and-predict │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │shortDesc │NTP reflection attack │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │longDesc │3 months of daily Network Time Protocol (NTP) traffic in the form of Argus flows. The IP│ │ │addresses are fully anonymized using a prefix-preserving algorithm. The flows are on a │ │ │10Gb/s link between a regional and a content ISP. The traffic involves several academic │ │ │and research institutions. The dataset also includes NTP traffic collected at a │ │ │University. The dataset contains NTP DDoS reflection attack traffic. These attacks are │ │ │triggered by the attackers via sending monlist queries with spoofed source IP addresses │ │ │to vulnerable hosts running NTP. These vulnerable hosts respond with a list of last │ │ │clients (up to 600), typically producing large replies compared to the small queries. │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │datasetClass │Quasi-Restricted │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │commercialAllowed │true │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │requestReviewRequired │false │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │productReviewRequired │false │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │ongoingMeasurement │false │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │submissionMethod │Upload │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │collectionStartDate │2013-12-01 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │collectionStartTime │00:00:00 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │collectionEndDate │2014-02-28 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │collectionEndTime │00:00:00 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │availabilityStartDate │2017-08-28 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │availabilityStartTime │00:00:00 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │availabilityEndDate │2030-01-01 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │availabilityEndTime │00:00:00 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │anonymization │cryptopan/full │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │archivingAllowed │false │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │keywords │category:traffic-flow-data, subcategory:continuous-flow-data, DOS, Reflector attack, NTP│ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │format │argus │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │access │https │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │hostName │USC-LANDER │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │providerName │USC │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │groupingId │ │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │groupingSummaryFlag │false │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │retrievalInstructions │download │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │byteSize │780617646080 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │expirationDays │14 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │uncompressedSize │3579937538976 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │impactDoi │10.23721/109/1377045 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │useAgreement │dua-ni-160816 │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │irbRequired │false │ ├─────────────────────────┼────────────────────────────────────────────────────────────────────────────────────────┤ │privateAccessInstructions│See http://www.isi.edu/ant/traces/index.html#getting_datasets for information on │ │ │obtaining this dataset. │ │ │See https://wiki.isi.edu/predict/index.php?title=LANDER:FRGP_NTP_Flow_Data_anon-20131201│ │ │for details on this dataset. │ └─────────────────────────┴────────────────────────────────────────────────────────────────────────────────────────┘ Dataset Contents FRGP_NTP_Flow_Data_anon-20131201.README.txt      copy of this README Data/     lander1-YYYY-MM         ntp-data-YYYY-MM-DD.HHMM.*.argus.gz argus files (compressed with gzip); Each file has 12 hours worth of data. Dataset Generation The dataset represents a fully anonymized--with a prefix-preserving algorithm-- real NTP traffic collected at a regional ISP and a University. Only NTP traffic was extracted from the originally captured traffic. This traffic includes both legitimate and and attack NTP traffic. The attack traffic is a result of vulnerable NTP servers responding to monlist or version queries with spoofed victims IPs. Citation If you use this trace to conduct additional research, please cite it as: FRGP (www.frgp.net) Continuous Flow Dataset, IMPACT ID: USC-LANDER/FRGP_NTP_Flow_Data_anon-20131201/rev7965 . Traces taken 2013-12-01 to 2014-02-28. Provided by the USC/LANDER project (http://www.isi.edu/ant/lander). Results Using This Dataset • Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks by Jakub Czyz, Michael Kallitsis, Manaf Gharaibeh, Christos Papadopoulos, Michael Bailey, Manish Karir, In Proceedings of the 14th ACM SIGCOMM Conference on Internet Measurement (IMC '14), Vancouver, BC, Canada, November 2014. User Annotations Suggestion: Edit the annotations at https://wiki.isi.edu/predict/index.php?title=LANDERNOTES:FRGP_NTP_Flow_Data_anon-20131201&action=edit Currently no annotations. Retrieved from "https://wiki.isi.edu/predict/index.php?title=LANDER:FRGP_NTP_Flow_Data_anon-20131201&oldid=7965" Categories: • Datasets • LANDER • LANDER:Datasets • LANDER:Datasets:CSU • LANDER:Datasets:CSU:FRGP Navigation menu Personal tools • Wikiexport • Talk • Preferences • Watchlist • Contributions • Log out Namespaces • LANDER • Discussion [ ] English Views • Read • Edit • View history • Watch [ ] More • Move _____________________ [ Search ] [ Go ] Navigation • Main page • Providers • Datasets • Results • Categories • Recent changes • Random page • Help Tools • What links here • Related changes • Upload file • Special pages • Permanent link • Page information • This page was last edited on 28 August 2017, at 17:17. • Content is available under Attribution-Share Alike 3.0 Unported unless otherwise noted. • Privacy policy • About Predict • Disclaimers • Attribution-Share Alike 3.0 Unported • Powered by MediaWiki