Drawing the Foul: Operation of a DDoS Honeypot

Wednesday, February 1, 2017 - 9:30am10:00am

Damian Menscher, Security Reliability Engineer, Google


Botnet growth allows DDoS attacks to outpace Moore's Law, and novel attack styles create additional challenges. Meanwhile, most defenders share limited technical information about attacks, often limiting reports to exaggerated bandwidth estimates. We propose information gathering via the operation of a DDoS honeypot -- a victim site likely to attract interesting attacks -- and present our findings from the operation of KrebsOnSecurity.com.

Damian Menscher, Security Reliability Engineer, Google

Damian Menscher is responsible for DDoS defense at Google, where he studied hundreds of DDoS attacks over the past decade. He uses his experience to design automated defenses for common attacks. Prior to joining Google, Damian completed a PhD in computational particle physics.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@conference {202509,
author = {Damian Menscher},
title = {Drawing the Foul: Operation of a {DDoS} Honeypot},
year = {2017},
address = {Oakland, CA},
publisher = {USENIX Association},
month = jan

Presentation Video