Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services

TitleStress Testing the Booters: Understanding and Undermining the Business of DDoS Services
Publication TypeUnpublished
Year of Publication2015
AuthorsKarami, M.., Park Y.., & McCoy D.
Other Numbers3813

DDoS-for-hire services, also known as booters, have commoditized DDoS attacks and enabled abusive subscribers of these services to cheaply extort, harass and intimidate businesses and people by knocking them offline. However, due to the underground nature of these booters, little is known about their underlying technical and business structure. In this paper we empirically measure many facets of their technical and payment infrastructure. We also perform an analysis of leaked and scraped data from three major booters---Asylum Stresser, Lizard Stresser and VDO---which provides us with an in-depth view of their customers and victims. Finally, we conduct a large-scale payment intervention in collaboration with PayPal and evaluate its effectiveness. Based on our analysis we show that these services are responsible for hundreds of thousands of DDoS attacks and identify potentially promising methods of increasing booters' costs and undermining these services.


This work was partially supported by funding provided to ICSI through National Science Foundation grant CNS : 1237076 (“Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives”). Additional funding was provided by Google. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation or of Google.

Bibliographic Notes

eprint arXiv:1508.03410

Abbreviated Authors

M. Karami, Y. Park, and D. McCoy

ICSI Research Group

Networking and Security

ICSI Publication Type