vDOS log analysis

Below is an analysis of the vDOS database log leek. It was done using an ELK stack which can be found here: http://www.toms-blog.com/post/vdos-analysis-elk-stack-vagrant/ Types of attacks The below pie chart shows the different types of attacks. It shows that more than 50% of the attacks were DNS based attacks followed by NTP. This doesn’t come as a big shock as these protocols can easily be amplified due to the amount of misconfigured servers publicly available

vDOS analysis with ELK stack and Vagrant

vDOS was a booter service ran out of Israel allowing anyone to DDOS victims. In July 2016 Brian Krebs obtained a database dump from the booter service giving insight into the techniques used and victims of the service. You can see Brian’s posts here: https://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/ https://krebsonsecurity.com/2016/09/israeli-online-attack-service-vdos-earned-600000-in-two-years/ To analyse the database I’ve written a Vagrantfile which installs the ELK stack and uses logstash to put the vDOS log file into Elasticsearch, Kibana can then be used to analyse the data.