The use of vulnerable Network Time Protocol servers as reflectors in Distributed Denial of Service attacks has been gaining popularity
since the end of 2013. In the past, reflection Denial of Service attacks were carried out using mainly DNS servers, but the realization
of the high amplification scale that NTP servers can provide sparked the use of this type of attack. Reflection attacks are particularly
unfavorable because an attacker never uses their real IP address, which makes finding the source of an attack a difficult task. It would
be useful to be able to gather information from attack packets in order to characterize them and potentially learn more about an attacker.
Since NTP amplification is a relatively new method of attack, there has not been much thorougher research surrounding it. The aim of this
project was to to explore two packet captures in the form of an analysis into certain packet characteristics to learn more about NTP amplification attacks. The use of TTL analysis (with respect to other packet characteristics) of
reflected DDoS attacks, was also carried out to see if it would shed light on important or interesting information.