Know Your Enemy: Analysis of 24 Hours Internet Attacks
03 Jan 2018
Abstract
For the past decades, bots and botnets have been on the front page of newspapers and are one of the main topics of discussion in the news media. The range of the attacks and their targets have been increasing. 1 A recent example, the Mirai network - a botnet built through insecure Internet of Things (IoT) devices -, has been at the center of attention after it provoked an internet outage primarily on the East Coast. 2 A study also found that “80 percent of spam was sent by botnets by 2009”. 3 Despite this, most of our everyday life relies heavily on the internet and is still vulnerable to malicious attacks. This paper aims to explore where such attacks originate and how the attacks occur. We set up and decided to observe what happens to an internet-facing server that should not encounter anything but local network activity. To investigate further, we set up honeypots on that server to see how the flow of trafic changed, and what bots and other clients would do. We wish to share our findings and thus humbly contribute to more awareness about the risks faced by anyone using the internet.
Authors
- Tim Britton
- Ian Liu-Johnston
- Ian Cugnière
- Swati Gupta
- Danton Rodriguez
- Julien Barbier
- Sebastien Tricaud