In August 2017, NSFOCUS’s DDoS situation awareness platform detected anoma-lous bandwidth usage over a customer’s network, which, upon analysis, was confirmed to be a distributed denial-of-service (DDoS) attack. The attack was characterized by different types of traffic, including TCP flood, HTTP flood, and DNS flood. Tracing source IP addresses, we found that the attack had originated from malware found on set top boxes (STBs), a type of terminal device of cable TV (CATV). Then we captured a sample of traffic for further analysis of the attack behavior pattern.
Please click on the following link below to download your free report: