Booter services continue to provide popular DDoS-as-a-service platforms and
enable anyone irrespective of their technical ability, to execute DDoS attacks
with devastating impact. Since booters are a serious threat to Internet
operations and can cause significant financial and reputational damage, they
also draw the attention of law enforcement agencies and related counter
activities. In this paper, we investigate booter-based DDoS attacks in the wild
and the impact of an FBI takedown targeting 15 booter websites in December 2018
from the perspective of a major IXP and two ISPs. We study and compare attack
properties of multiple booter services by launching Gbps-level attacks against
our own infrastructure. To understand spatial and temporal trends of the DDoS
traffic originating from booters we scrutinize 5 months, worth of inter-domain
traffic. We observe that the takedown only leads to a temporary reduction in
attack traffic. Additionally, one booter was found to quickly continue
operation by using a new domain for its website