UDP scan and meassurement of public UDP services that could be used in relation to Amplified DDoS attacks. The dataset consists of 20 UDP Services and 21 attack vectors. Data is collected in a JSON format with both the request and response.

Study Details

So you think IoT DDoS botnets are dangerous - Bypassing ISP and Enterprise Anti-DDoS with 90’s technology
RVASec 2018, Hack.lu 2018, IDA Driving IT 2018
Dennis Rand
eCrimeLabs - Contact

Dataset Details

The dataset is composed through a custom service scanner that mimiks a single packet from an attack and records the response. Services covering: Chargen, DNS, SSDP, Portmap, SIP, TFTP, NetBIOS, MSSQL, Steam, NTP(Monlist/Readvar), SNMP, mDNS, QOTD, ICA, Sentinel, RIPv1, Quake3, CoAP, LDAP, Memcached. Notice the data collected does not include the UDP header only the data. I acknowledge that the scans has not been run on a fully regular basis. The data was used as part of a Proof-of-Concept in relation to a new attack vector named MaxPain

File Download

File NameMetaDataSHA-1 FingerprintSizeUpdated At
2016_data.tar unavailable EB3025321FEF4455E68F010114BF449CC9F5FB34 34 GB 2018-11-20
2017_data.tar unavailable 5F6B7493BEAD2317E988AAAEB78705748B86D2EA 119 GB 2018-11-20
2018_data.tar unavailable 71B342433A6DC7D45A088CE444BBDCDB6B00D940 81 GB 2018-11-20