bc-thesis/tex/references.bib
2021-05-17 21:10:50 +02:00

432 lines
16 KiB
BibTeX
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

% ============================================================================ %
% https://web.eecs.umich.edu/~zmao/Papers/conextDefendHijack07.pdf
@inproceedings{Zhang2007PracticalDA,
title={Practical defenses against BGP prefix hijacking},
author={Z. Zhang and Y. Zhang and Y. Hu and Z. Morley Mao},
booktitle={CoNEXT '07},
doi={10.1145/1364654.1364658},
year=2007,
}
@article{Santanna2018BooterLG,
title={Booter list generation: The basis for investigating DDoS-for-hire websites},
author={J. J. Santanna and J. D. Vries and R. Schmidt and D. Tuncer and L. Granville and A. Pras},
journal={Int. J. Netw. Manag.},
year={2017},
volume={28},
doi={10.1002/nem.2008},
}
@misc{ShodanNTPd,
title={NTPd devices},
author={Shodan},
publisher={Shodan},
howpublished={\url{https://www.shodan.io/search?query=ntpd}},
year=2021,
month=mar,
note={[online] Accessed: 2021-03-06},
}
@inproceedings{rfc4271bgp4,
number="{Technical report 4271}",
institution={Internet Engineering Task Force},
publisher={Internet Engineering Task Force},
doi={10.17487/RFC4271},
howpublished={\url{https://datatracker.ietf.org/doc/html/rfc4271}},
author={Yakov Rekhter and Susan Hares and Tony Li},
title={{A Border Gateway Protocol 4 (BGP-4)}},
pagetotal=104,
pages=4,
year=2006,
month=jan,
note="{Also available as \url{https://datatracker.ietf.org/doc/html/rfc4271}}"
}
@techreport{rfc3704multihomed,
series={Request for Comments},
number=3704,
institution={Internet Engineering Task Force},
publisher={Internet Engineering Task Force},
doi={10.17487/RFC3704},
howpublished={\url{https://datatracker.ietf.org/doc/html/rfc4271}},
author={Fred Baker and Pekka Savola},
title={{Ingress Filtering for Multihomed Networks}},
pagetotal=16,
year=2004,
month=mar,
note="{Also available as \url{https://datatracker.ietf.org/doc/html/rfc4271}}"
}
@techreport{rfc793tcp,
series={Request for Comments},
number=793,
institution={Internet Engineering Task Force},
publisher={Internet Engineering Task Force},
doi={10.17487/RFC0793},
howpublished={\url{https://datatracker.ietf.org/doc/html/rfc793}},
author={},
title={{Transmission Control Protocol}},
pagetotal=91,
year=1981,
month=sep,
note="{Also available as \url{https://datatracker.ietf.org/doc/html/rfc793}}"
}
@techreport{rfc1918,
series={Request for Comments},
number=1918,
institution={Internet Engineering Task Force},
publisher={Internet Engineering Task Force},
doi={10.17487/RFC1918},
howpublished={\url{https://datatracker.ietf.org/doc/html/rfc1918}},
author={Robert Moskowitz and Daniel Karrenberg and Yakov Rekhter and Eliot Lear and Geert Jan de Groot},
title={{Address Allocation for Private Internets}},
pagetotal=9,
year=1996,
month=feb,
note="{Also available as \url{https://datatracker.ietf.org/doc/html/rfc1918}}"
}
@techreport{rfc3882,
series={Request for Comments},
number=3882,
institution={Internet Engineering Task Force},
publisher={Internet Engineering Task Force},
doi={10.17487/RFC3882},
howpublished={\url{https://datatracker.ietf.org/doc/html/rfc3882}},
author={Doughan Turk},
title={{Configuring BGP to Block Denial-of-Service Attacks}},
pagetotal=8,
year=2004,
month=oct,
abstract={This document describes an operational technique that uses BGP communities to remotely trigger black-holing of a particular destination network to block denial-of-service attacks. Black-holing can be applied on a selection of routers rather than all BGP-speaking routers in the network. The document also describes a sinkhole tunnel technique using BGP communities and tunnels to pull traffic into a sinkhole router for analysis. This memo provides information for the Internet community.},
note="{Also available as \url{https://datatracker.ietf.org/doc/html/rfc3882}}"
}
@techreport{rfc5735,
series={Request for Comments},
number=5735,
institution={Internet Engineering Task Force},
publisher={Internet Engineering Task Force},
doi={10.17487/RFC5735},
howpublished={\url{https://datatracker.ietf.org/doc/html/rfc5735}},
author={Michelle Cotton and Leo Vegoda},
title={{Special Use IPv4 Addresses}},
pagetotal=10,
year=2010,
month=jan,
abstract={This document obsoletes RFC 3330. It describes the global and other specialized IPv4 address blocks that have been assigned by the Internet Assigned Numbers Authority (IANA). It does not address IPv4 address space assigned to operators and users through the Regional Internet Registries, nor does it address IPv4 address space assigned directly by IANA prior to the creation of the Regional Internet Registries. It also does not address allocations or assignments of IPv6 addresses or autonomous system numbers. This memo documents an Internet Best Current Practice.},
note="{Also available as \url{https://datatracker.ietf.org/doc/html/rfc5735}}"
}
@techreport{rfc6298,
series={Request for Comments},
number=6298,
institution={Internet Engineering Task Force},
publisher={Internet Engineering Task Force},
doi={10.17487/RFC6298},
howpublished={\url{https://datatracker.ietf.org/doc/html/rfc6298}},
author={Matt Sargent and Jerry Chu and Dr. Vern Paxson and Mark Allman},
title={{Computing TCP's Retransmission Timer}},
pagetotal=11,
year=2011,
month="{June}",
abstract={This document defines the standard algorithm that Transmission Control Protocol (TCP) senders are required to use to compute and manage their retransmission timer. It expands on the discussion in Section 4.2.3.1 of RFC 1122 and upgrades the requirement of supporting the algorithm from a SHOULD to a MUST. This document obsoletes RFC 2988. {[}STANDARDS-TRACK{]}},
note="{Also available as \url{https://datatracker.ietf.org/doc/html/rfc6298}}"
}
@techreport{rfc6598,
series={Request for Comments},
number=6598,
institution={Internet Engineering Task Force},
publisher={Internet Engineering Task Force},
doi={10.17487/RFC6598},
howpublished={\url{https://datatracker.ietf.org/doc/html/rfc6598}},
author={Jason Weil and Victor Kuarsingh and Chris Donley and Christopher Liljenstolpe and Marla Azinger},
title={{IANA-Reserved IPv4 Prefix for Shared Address Space}},
pagetotal=11,
year=2012,
month=apr,
abstract={This document obsoletes RFC 3330. It describes the global and other specialized IPv4 address blocks that have been assigned by the Internet Assigned Numbers Authority (IANA). It does not address IPv4 address space assigned to operators and users through the Regional Internet Registries, nor does it address IPv4 address space assigned directly by IANA prior to the creation of the Regional Internet Registries. It also does not address allocations or assignments of IPv6 addresses or autonomous system numbers. This memo documents an Internet Best Current Practice.},
note="{Also available as \url{https://datatracker.ietf.org/doc/html/rfc6598}}"
}
@misc{prefixavgsize,
title={Average prefix length},
author={Geoff Huston},
publisher={potaroo.net},
howpublished={\url{https://bgp.potaroo.net/cgi-bin/plota?file=%2fvar%2fdata%2fbgp%2fas2%2e0%2fbgp%2daverage%2dprefix%2etxt&descr=Average%20prefix%20length&ylabel=Average%20prefix%20length&with=step}},
note={[online] Accessed: 2021-05-11},
}
@misc{prefixavgupdatedsize,
title={Average prefix size updated},
author={Geoff Huston},
publisher={potaroo.net},
howpublished={\url{https://bgp.potaroo.net/cgi-bin/plota?file=%2fvar%2fdata%2fbgp%2fas2%2e0%2fbgp%2dupd%2davgprefsize%2etxt&descr=Average%20prefix%20size%20updated&ylabel=Average%20prefix%20size%20updated&with=step}},
note={[online] Accessed: 2021-05-11},
}
@misc{teamcymru,
title={The Bogon Reference},
author="{Team Cymru}",
publisher={Team Cymru},
howpublished={\url{https://team-cymru.com/community-services/bogon-reference/}},
note={[online] Accessed: 2021-05-02},
}
@inproceedings{Zhang2007LowRateTD,
title={Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing},
author={Y. Zhang and Z. Morley Mao and J. Wang},
booktitle={NDSS},
doi={10.1.1.137.5004},
year=2007,
}
% cisco
@misc{cisco2020report,
title={Cisco Annual Internet Report (20182023) White Paper},
author={Cisco},
publisher={Cisco},
howpublished={\url{https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html}},
year=2020,
month=mar,
note={[online] Accessed: 2021-05-02},
}
% cf
% https://www.cloudflare.com/en-gb/learning/ddos/memcached-ddos-attack/
@misc{cfmemcached,
title={Memcached DDoS Attack},
author={Cloudflare},
publisher={Cloudflare},
howpublished={\url{https://www.cloudflare.com/en-gb/learning/ddos/memcached-ddos-attack/}},
note={[online] Accessed: 2021-05-03},
}
% akamai
% https://blogs.akamai.com/2015/06/dns-amplification-attacks-and-truncated-responses.html
@misc{akamaidnsampl,
title={DNS Amplification Attacks and Truncated Responses},
author={Akamai},
publisher={Akamai},
howpublished={\url{https://blogs.akamai.com/2015/06/dns-amplification-attacks-and-truncated-responses.html}},
year=2015,
month="{June}",
note={[online] Accessed: 2021-04-03},
}
% akamai 2021 ddoses
% https://blogs.akamai.com/2021/03/in-our-2020-ddos-retrospective
@misc{akamai2021ddos,
title={2021: VOLUMETRIC DDOS ATTACKS RISING FAST},
author={Tom Emmons},
publisher={Akamai},
howpublished={\url{https://blogs.akamai.com/2021/03/in-our-2020-ddos-retrospective}},
year=2021,
month=mar,
note={[online] Accessed: 2021-05-03},
}
% https://blogs.akamai.com/2021/01/part-i-retrospective-2020-ddos-was-back-bigger-and-badder-than-ever-before.html
@misc{akamai2020ddosretrospect,
title={PART I: RETROSPECTIVE 2020: DDOS WAS BACK -- BIGGER AND BADDER THAN EVER BEFORE},
author={Tom Emmons},
publisher={Akamai},
howpublished={\url{https://blogs.akamai.com/2021/01/part-i-retrospective-2020-ddos-was-back-bigger-and-badder-than-ever-before.html}},
year=2021,
month=jan,
note={[online] Accessed: 2021-05-03},
}
% https://www.akamai.com/us/en/multimedia/documents/ebooks/ddos-defense-in-a-hybrid-cloud-world.pdf
@misc{akamaiddosdefence,
title={DDoS Defense in a Hybrid Cloud World},
author={Akamai},
publisher={Akamai},
howpublished={\url{https://www.akamai.com/us/en/multimedia/documents/ebooks/ddos-defense-in-a-hybrid-cloud-world.pdf}},
note={[online] Accessed: 2021-05-03},
year=2021,
}
@misc{linuxretransmission,
title={Linux Networking Documentation >> SNMP Counter},
author="{The kernel development community}",
howpublished={\url{https://www.kernel.org/doc/html/latest/networking/snmp\_counter.html\#tcp-retransmission-and-congestion-control}},
note={[online] Accessed: 2021-05-10},
}
@misc{linuxbtrfs,
title={Linux Btrfs Sysadmin Guide},
author="{The kernel development community}",
howpublished={\url{https://btrfs.wiki.kernel.org/index.php/SysadminGuide#Copy_on_Write_.28CoW.29}},
note={[online] Accessed: 2021-03-12},
}
@misc{cloudinit,
title={The standard for customising cloud instances},
author={Canonical},
publisher={GitHub},
journal={GitHub repository},
howpublished={\url{https://github.com/canonical/cloud-init}},
year=2021,
note={[online] Accessed: 2021-04-09},
}
@misc{metasploit,
title={Metasploit Framework},
author={rapid7},
publisher={GitHub},
journal={GitHub repository},
howpublished={\url{https://github.com/rapid7/metasploit-framework}},
year=2021,
note={[online] Accessed: 2021-04-03},
}
@misc{libvirt-tf-provider,
title={Terraform provider to provision infrastructure with Linux's KVM using libvirt},
author="{Duncan Mac-Vicar P.}",
publisher={GitHub},
journal={GitHub repository},
howpublished={\url{https://github.com/dmacvicar/terraform-provider-libvirt}},
year=2021,
note={[online] Accessed: 2021-04-08},
}
@misc{fnm-wayback,
title={Archived view of FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support},
author="{The Internet Archive}",
publisher={Wayback Machine},
journal={GitHub repository},
howpublished={\url{https://web.archive.org/web/20210330122630/https://github.com/pavel-odintsov/fastnetmon/tree/master}},
year=2021,
note={[online] Accessed: 2021-04-01},
}
@misc{fnm-early-wayback,
title={Archived view of FastNetMon from January 2021},
author="{The Internet Archive}",
publisher={Wayback Machine},
journal={GitHub repository},
howpublished={\url{https://web.archive.org/web/20210111231449/https://github.com/pavel-odintsov/fastnetmon/}},
year=2021,
note={[online] Accessed: 2021-04-02},
}
@misc{fnm-search-wayback,
title={Archived view of GitHub search for FastNetMon},
author="{The Internet Archive}",
publisher={Wayback Machine},
journal={GitHub repository},
howpublished={\url{https://web.archive.org/web/20210330135951/https://github.com/search?utf8=%E2%9C%93&q=fastnetmon}},
year=2021,
note={[online] Accessed: 2021-04-02},
}
@misc{fnm-freebsd-wayback,
title={Archived view of FreeBSD forum thread on FastNetMon},
author="{The Internet Archive}",
publisher={Wayback Machine},
journal={The FreeBSD Forums},
howpublished={\url{https://web.archive.org/web/20210407104407/https://forums.freebsd.org/threads/fastnetmon-open-source-tool-to-detect-ddos-ddos.62032/}},
year=2017,
note={[online] Accessed: 2021-04-07},
}
@misc{fnm-fork-wayback,
title={FastNetMon - Archived view of Wofbit's fork with preserved history},
author="{The Internet Archive}",
publisher={Wayback Machine},
journal={GitHub repository},
howpublished={\url{https://web.archive.org/web/20210516225746/https://github.com/Wofbit/fastnetmon}},
year=2021,
note={[online] Accessed: 2021-05-16},
}
@misc{fnm-pulls-wayback,
title={Archived view of FastNetMon's closed Pull Requests},
author="{The Internet Archive}",
publisher={Wayback Machine},
journal={GitHub repository},
howpublished={\url{https://web.archive.org/web/20210329183006/https://github.com/pavel-odintsov/fastnetmon/pulls?q=is%3Apr+is%3Aclosed}},
year=2021,
note={[online] Accessed: 2021-03-29},
}
@misc{fastnetmonorig,
title={FasNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support},
author={Pavel Odintsov},
publisher={GitHub},
journal={GitHub repository},
howpublished={\url{https://github.com/pavel-odintsov/fastnetmon}},
year=2021,
note={[online] Accessed: 2021-04-13},
}
@misc{fastnetmonfork,
title={FastNetMon fork with preserved history},
author={Pavel Odintsov},
publisher={GitHub},
journal={GitHub repository},
howpublished={\url{https://github.com/Wofbit/fastnetmon}},
year=2021,
note={[online] Accessed: 2021-04-13},
}
@misc{fastnetmonng,
title={FastNetMon NG},
author={P. Odintsov and A. Mirre},
publisher={git.dotya.ml},
journal={git repository},
howpublished={\url{https://git.dotya.ml/wanderer/fastnetmon-ng}},
year=2021,
note={[online] Accessed: 2021-05-04},
}
@misc{Boye2012NetfilterCT,
title={Netfilter Connection Tracking and NAT Implementation},
author={Magnus Boye},
year=2012,
howpublished={\url{https://wiki.aalto.fi/download/attachments/69901948/netfilter-paper.pdf}},
note={[online] Accessed: 2021-05-05},
}
@misc{Westphal2017CT,
title={improvements to conntrack table overflow handling},
booktitle={Netdev 2.1, The Technical Conference on Linux Networking},
author={Florian Westphal},
howpublished={\url{https://netdevconf.info/2.1/papers/conntrack.pdf}},
pages=2,
year=2017,
month=apr,
note={[online] Accessed: 2021-05-06},
}
@phdthesis{Quoitin2006BGPbasedIT,
title={BGP-based interdomain traffic engineering},
author={Bruno Quoitin},
school={Université catholique de Louvain},
year=2006,
month=aug,
howpublished={\url{http://inl.info.ucl.ac.be/system/files/Quoitin-PhD.pdf}},
note={[online] Accessed: 2021-05-02},
}
% unused maybe
@article{AbuAmara2014ACS,
title={A combined solution for the Internet access denial caused by malicious Internet service providers},
author={Marwan Abu-Amara},
journal={SECURITY AND COMMUNICATION NETWORKS},
year=2014,
volume={7},
pages={2078-2093},
doi={10.1002/sec.92},
}
% ============================================================================ %