Below is an analysis of the vDOS database log leek. It was done using an ELK stack which can be found here:
Types of attacks The below pie chart shows the different types of attacks. It shows that more than 50% of the attacks were DNS based attacks followed by NTP. This doesn’t come as a big shock as these protocols can easily be amplified due to the amount of misconfigured servers publicly available
vDOS was a booter service ran out of Israel allowing anyone to DDOS victims. In July 2016 Brian Krebs obtained a database dump from the booter service giving insight into the techniques used and victims of the service.
You can see Brian’s posts here:
To analyse the database I’ve written a Vagrantfile which installs the ELK stack and uses logstash to put the vDOS log file into Elasticsearch, Kibana can then be used to analyse the data.