ResearchSpace
An analysis on the re-emergence of SQL Slammer worm using network telescope data
JavaScript is disabled for your browser. Some features of this site may not work without it.
- ResearchSpace
- →
- Research Publications/Outputs
- →
- Conference Publications
- →
- View Item
| dc.contributor.author |
Chindipha, SD
|
|
| dc.contributor.author |
Irwin, Barry VW
|
|
| dc.date.accessioned | 2017-11-02T13:03:16Z | |
| dc.date.available | 2017-11-02T13:03:16Z | |
| dc.date.issued | 2017-09 | |
| dc.identifier.citation | Chindipha, S.D. and Irwin, B.V.W. 2017. An analysis on the re-emergence of SQL Slammer worm using network telescope data. Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain, 3-10 September 2017 | en_US |
| dc.identifier.isbn | 978-0-620-76756-9 | |
| dc.identifier.uri | http://www.satnac.org.za//proceedings/2017/SATNAC%202017%20Proceedings%20Final.pdf | |
| dc.identifier.uri | http://hdl.handle.net/10204/9705 | |
| dc.description | Paper presented at Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain, 3-10 September 2017 | en_US |
| dc.description.abstract | The SQL Slammer worm is a self propagated computer virus that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic. An observation of network traffic captured in the Rhodes University’s network telescopes shows that traffic observed in it shows an escalation in the number of packets captured by the telescopes between January 2014 and December 2016 when the expected traffic was meant to take a constant decline in UDP packets from port 1434. Using data captured over a period of 84 months, the analysis done in this study identified top ten /24 source IP addresses that Slammer worm repeatedly used for this attack together with their geolocation. It also shows the trend of UDP 1434 packets received by the two network telescopes from January 2009 to December 2015. In line with epidemic model, the paper has shown how this traffic fits in as SQL Slammer worm attack. Consistent number of packets observed in the two telescopes between 2014 and 2016 shows qualities of the Slammer worm attack. Basic time series and decomposition of additive time series graphs have been used to show trend and observed UDP packets over the time frame of study. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | SATNAC | en_US |
| dc.relation.ispartofseries | Worklist;19658 | |
| dc.subject | Code-Red | en_US |
| dc.subject | Worm | en_US |
| dc.subject | SQL Slammer | en_US |
| dc.subject | Network telescope | en_US |
| dc.subject | Packet | en_US |
| dc.title | An analysis on the re-emergence of SQL Slammer worm using network telescope data | en_US |
| dc.type | Conference Presentation | en_US |
| dc.identifier.apacitation | Chindipha, S., & Irwin, B. V. (2017). An analysis on the re-emergence of SQL Slammer worm using network telescope data. SATNAC. http://hdl.handle.net/10204/9705 | en_ZA |
| dc.identifier.chicagocitation | Chindipha, SD, and Barry VW Irwin. "An analysis on the re-emergence of SQL Slammer worm using network telescope data." (2017): http://hdl.handle.net/10204/9705 | en_ZA |
| dc.identifier.vancouvercitation | Chindipha S, Irwin BV, An analysis on the re-emergence of SQL Slammer worm using network telescope data; SATNAC; 2017. http://hdl.handle.net/10204/9705 . | en_ZA |
| dc.identifier.ris | TY - Conference Presentation AU - Chindipha, SD AU - Irwin, Barry VW AB - The SQL Slammer worm is a self propagated computer virus that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic. An observation of network traffic captured in the Rhodes University’s network telescopes shows that traffic observed in it shows an escalation in the number of packets captured by the telescopes between January 2014 and December 2016 when the expected traffic was meant to take a constant decline in UDP packets from port 1434. Using data captured over a period of 84 months, the analysis done in this study identified top ten /24 source IP addresses that Slammer worm repeatedly used for this attack together with their geolocation. It also shows the trend of UDP 1434 packets received by the two network telescopes from January 2009 to December 2015. In line with epidemic model, the paper has shown how this traffic fits in as SQL Slammer worm attack. Consistent number of packets observed in the two telescopes between 2014 and 2016 shows qualities of the Slammer worm attack. Basic time series and decomposition of additive time series graphs have been used to show trend and observed UDP packets over the time frame of study. DA - 2017-09 DB - ResearchSpace DP - CSIR KW - Code-Red KW - Worm KW - SQL Slammer KW - Network telescope KW - Packet LK - https://researchspace.csir.co.za PY - 2017 SM - 978-0-620-76756-9 T1 - An analysis on the re-emergence of SQL Slammer worm using network telescope data TI - An analysis on the re-emergence of SQL Slammer worm using network telescope data UR - http://hdl.handle.net/10204/9705 ER - | en_ZA |
