SlideShare a Scribd company logo

Fact Sheets : Network Status in Bangladesh

Bangladesh Network Operators Group
Bangladesh Network Operators Group

Fact Sheets : Network Status in Bangladesh

Internet
1 of 31
Download to read offline
1 Fact Sheets : Network Status in Bangladesh
2 2 • Network engineer and enthusiast for a long time • Working as a Trainer/Analyst @ APNIC • Have an exposer with multi-vendor multi-platform different technologies • A security minded person • Would love to contribute to the community zobair.khan@apnic.net $ whois MD ZOBAIR KHAN
3 3 Acknowledgement • Data and contents taken from SHODAN, APNIC, Cloudflare
4 4 Bangladesh Prefixes – IPv4 rex.apnic.net
5 5 Bangladesh Prefixes – IPv6 rex.apnic.net
6 6 IPv6 Deployment stats.labs.apnic.net/ipv6/BD
7 7 IPv6 Deployment – Top Networks ASN AS Name IPv6 Capable IPv6 Preferred AS13335 CLOUDFLARENET 99.36% 98.44% AS21859 ZEN-ECN 48.64% 48.25% AS133168 SUOSAT-AS-AP Shahjalal University of Science and Technology 49.43% 47.53% AS24389 GRAMEENPHONE-AS-AP GrameenPhone Ltd. 48.19% 47.47% AS134595 VELOCITYINTERNET-AS-AP Velocity Internet 28.89% 28.78% AS134712 PIPEXNETWORK-BD Pipex Network 22.19% 22.19% AS138338 CTGNET-AS-AP CTG.NET 21.44% 21.44% AS45245 BANGLALINK-AS Banglalink Digital Communications Ltd 21.79% 21.39% AS133954 EXORDONLINE-BD Exord Online 16.83% 16.62% AS138915 KAOPU-HK Kaopu Cloud HK Limited 16.44% 15.07% AS150729 MDMIRAZHOSSAIN-AS-AP Digraj Internet Service Provider 13.22% 13.22% AS134128 MEGASPEEDNET-AS Mega Speed Net 10.15% 9.90% AS139786 RAINBOW-AS-AP Rainbow Network 9.19% 9.19% AS135098 BSN-AS-AP Bright Star Network 6.81% 6.81% AS58826 ICOMBANGLADESHLTD-BD ping by ICOM Bangladesh Ltd 6.04% 6.04% AS137023 ASIAN-AS-AP ASIAN CITY ONLINE BD LTD. 5.98% 5.98% AS134732 DOTINTERNET-AS-AP Dot Internet 6.04% 5.67% AS142006 GLOBAL5-AS-AP Global ICT Network 5.47% 5.47% AS138621 CITY-NET-COM-AS-AP City Net Communication 4.68% 4.68% AS24432 AXIATA-ROBI-AS-AP TM International Bangladesh Ltd.Internet service Provider,Gulshan-1,Dhaka-1212 4.82% 4.67% stats.labs.apnic.net/ipv6/BD
8 8 Top Ports shodan.io
9 9 Port 53 More than 70k ports are open More than 60k have recursion enabled Vulnerable to DNS exploits including amplification attack, cache poisoning, spoofing etc Lots of Mikrotik devices Filter if not needed Introduce ACL in recursion Do security hardening for Mikrotik
10 10 Port 161 More than 70k ports are open Around 20k have SNMP version 1 enabled with public community Information like Interface description, IP addresses, routing table etc. can be accessed without any authorization. Lots of Mikrotik devices Use SNMP version 3 Introduce ACL and different SNMP community name Do security hardening for Mikrotik
11 11 Port 2000 More than 70k ports are open Almost all of them are Mikrotik Bandwidth Test Server Opens another attach surface for the attackers Turn it off in production network Do security hardening for Mikrotik
12 12 Port 179 More than 55k ports are open 3k are running BGP Attack surface for DDoS, BGP Hijack, Route Leak, Internet Disruption etc. Use ACL, GTTL, BGP MD5 or TCP-AO, RPKI, MANRS, BCP 194
13 13 Port 80 More than 50k ports are open More than 9k are from Mikrotik All the interface details and PPPoE usernames are visible without any authorization in Mikrotik via port 80 Attack surface for Apache, nginx, Microsoft IIS, Cisco/Mikrotik HTTP etc. Use firewall, TLS
14 14 RPKI – ROA IPv4 stats.labs.apnic.net
15 15 RPKI – ROA IPv4 Origin ASN ASN Name ASN Economy Route prefix delegation Validity No. of routes 23923 AGNI-AS BD apnic invalidAS 6 63890 AIBL-AS-AP BD apnic invalidML 4 136215 SB-AS-AP BD apnic invalidAS 2 58527 DGHS-GOV-BD BD apnic invalidML 2 150389 SPRINTNET-AS-AP BD apnic invalidML 2 139016 EXONHOST-AS-AP BD apnic invalidML 2 151488 AML-AS-AP BD apnic invalidML 2 58715 EARTHTELECOMMUNICATION-AS BD apnic invalidAS 1 38562 IOLBD-AS BD apnic invalidAS 1 64037 FIRSTNFASTITLTD-AS-AP BD apnic invalidAS 1
16 16 RPKI – ROA IPv6 stats.labs.apnic.net
17 17 RPKI – ROA IPv6 Origin ASN ASN Name ASN Economy Route prefix delegation Validity No. of routes 150385 HKN-AS-AP BD apnic invalidML 60 137961 ABUZZITLIMITED-AS-AP BD apnic invalidML 28 38071 AFTABIT-BD-AS-AP BD apnic invalidML 26 140612 DESHCOMMUNICATIONS-AS-AP BD apnic invalidML 17 17471 CYBERNET-BD-AS BD apnic invalidML 12 132438 APONIT-AS-AP BD apnic invalidML 10 64074 ABS-AS-AP BD apnic invalidML 8 138544 HK-ONLINE-AS BD apnic invalidML 8 9230 BOL-BD-AP BD apnic invalidML 6 134970 TUHINENTERPRISE-AS-AP BD apnic invalidML 6
18 18 RPKI – ROV stats.labs.apnic.net
19 19 RPKI – Summary radar.cloudflare.com
20 20 DDoS – Network Layer radar.cloudflare.com
21 21 DDoS – Network Layer Attack Vector radar.cloudflare.com
22 22 DDoS – Application Layer radar.cloudflare.com
23 23 DDoS – Application Layer Activity radar.cloudflare.com
24 24 DDoS – BD DDoS Source radar.cloudflare.com DDoS Attack Trends for 2023 Q3
25 25 DDoS – Emerging Threats radar.cloudflare.com DDoS Attack Trends for 2023 Q3
26 26 Routing - Leaks radar.cloudflare.com
27 27 Routing - Hijacks radar.cloudflare.com
28 28 Security Status Summary https://exposure.shodan.io/#/BD
29 29 Rising Security Concerns • 5G Security Concerns • IoT (Internet of Things) Security • AI and Machine Learning Threats • Supply Chain Attacks • Zero-Day Exploits and Advanced Persistent Threats (APTs) • Phishing • Cloud Security Challenges • Quantum Computing Impact • Biometric Security Risks • Human Element and Insider Threats • Regulatory Compliance and Privacy Concerns
30 30 Security Hardening References • https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router • https://blog.mikrotik.com/security/ • https://www.cisecurity.org/cis-benchmarks • https://www.sans.org/white-papers/ • https://cheatsheetseries.owasp.org/index.html • https://csrc.nist.gov/publications/sp • https://www.manrs.org/about/ • https://academy.apnic.net/ • https://www.team-cymru.com/ • https://www.apnic.net/community/security/ • https://sec.cloudapps.cisco.com/security/center/publicationListing.x • https://blog.cloudflare.com/
31 31 Questions !!!

Recommended

A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
Bangladesh Network Operators Group
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
Thomas Morin
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
Thomas Graf
 
Staring into the eBPF Abyss
Staring into the eBPF AbyssStaring into the eBPF Abyss
Staring into the eBPF Abyss
Sasha Goldshtein
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
Thomas Graf
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
All Things Open
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with Falco
Michael Ducy
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 

Recommended

A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
Bangladesh Network Operators Group
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
Thomas Morin
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
Thomas Graf
 
Staring into the eBPF Abyss
Staring into the eBPF AbyssStaring into the eBPF Abyss
Staring into the eBPF Abyss
Sasha Goldshtein
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
Thomas Graf
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
All Things Open
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with Falco
Michael Ducy
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container security
John Kinsella
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservices
Thomas Graf
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
PLUMgrid
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep Dive
Michal Rostecki
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Bangladesh Network Operators Group
 
eBPF Basics
eBPF BasicseBPF Basics
eBPF Basics
Michael Kehoe
 
HTTP/3 for everyone
HTTP/3 for everyoneHTTP/3 for everyone
HTTP/3 for everyone
Daniel Stenberg
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
Thomas Graf
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDP
Thomas Graf
 
eBPF/XDP
eBPF/XDP eBPF/XDP
eBPF/XDP
Netronome
 
What you have to know about Certified Kubernetes Administrator (CKA)
What you have to know about Certified Kubernetes Administrator (CKA)What you have to know about Certified Kubernetes Administrator (CKA)
What you have to know about Certified Kubernetes Administrator (CKA)
Opsta
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPF
Raphaël PINSON
 
Advanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAFAdvanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAF
Avi Networks
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
Thomas Graf
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)
JuHwan Lee
 
Linux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network SecurityLinux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network Security
Thomas Graf
 
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
Raphaël PINSON
 
Wireguard VPN
Wireguard VPNWireguard VPN
Wireguard VPN
All Things Open
 
Envoy and Kafka
Envoy and KafkaEnvoy and Kafka
Envoy and Kafka
Adam Kotwasinski
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
Shu Sugimoto
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
EC-Council
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
MyNOG
 

More Related Content

What's hot

HTTP/3 for everyone
HTTP/3 for everyoneHTTP/3 for everyone
HTTP/3 for everyone
Daniel Stenberg
 
eBPF/XDP
eBPF/XDP eBPF/XDP
eBPF/XDP
Netronome
 
Advanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAFAdvanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAF
Avi Networks
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)
JuHwan Lee
 

What's hot (20)

Understanding container security
Understanding container securityUnderstanding container security
Understanding container security
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservices
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep Dive
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
eBPF Basics
eBPF BasicseBPF Basics
eBPF Basics
 
HTTP/3 for everyone
HTTP/3 for everyoneHTTP/3 for everyone
HTTP/3 for everyone
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDP
 
eBPF/XDP
eBPF/XDP eBPF/XDP
eBPF/XDP
 
What you have to know about Certified Kubernetes Administrator (CKA)
What you have to know about Certified Kubernetes Administrator (CKA)What you have to know about Certified Kubernetes Administrator (CKA)
What you have to know about Certified Kubernetes Administrator (CKA)
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPF
 
Advanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAFAdvanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAF
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)
 
Linux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network SecurityLinux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network Security
 
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
 
Wireguard VPN
Wireguard VPNWireguard VPN
Wireguard VPN
 
Envoy and Kafka
Envoy and KafkaEnvoy and Kafka
Envoy and Kafka
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 

Similar to Fact Sheets : Network Status in Bangladesh

TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
EC-Council
 
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
gogo6
 

Similar to Fact Sheets : Network Status in Bangladesh (20)

TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
 
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South Asia
 
Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!
 
LKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure ConnectionsLKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure Connections
 
LKNOG3-Keynote
LKNOG3-KeynoteLKNOG3-Keynote
LKNOG3-Keynote
 
LkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
LkNOG 3: Strengthening the Internet infrastructure in Sri LankaLkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
LkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
 
Forward Networks - Networking Field Day 13 presentation
Forward Networks - Networking Field Day 13 presentationForward Networks - Networking Field Day 13 presentation
Forward Networks - Networking Field Day 13 presentation
 
SLT-IX Setting up an Internet Exchange : Sri Lankan experience
SLT-IX Setting up an Internet Exchange : Sri Lankan experienceSLT-IX Setting up an Internet Exchange : Sri Lankan experience
SLT-IX Setting up an Internet Exchange : Sri Lankan experience
 
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
ICANN APAC-TWNIC Engagement Forum: Internet Number Registry Services - The Ne...
 
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
IoT Field Area Network Solutions & Integration of IPv6 Standards by Patrick G...
 
Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015
Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015
Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015
 
768K Day - Internet Doomsday: is it real?
768K Day - Internet Doomsday: is it real?768K Day - Internet Doomsday: is it real?
768K Day - Internet Doomsday: is it real?
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
RPKI Introduction by Randy Bush
RPKI Introduction by Randy BushRPKI Introduction by Randy Bush
RPKI Introduction by Randy Bush
 
RPKI with rpki.net Tools
RPKI with rpki.net ToolsRPKI with rpki.net Tools
RPKI with rpki.net Tools
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN Controller
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 

More from Bangladesh Network Operators Group

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 
Measuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create Value
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
Route Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachRoute Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS Approach
 

Recently uploaded

pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理
SS
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
c6eb683559b3
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
kumargunjan9515
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理
F
 

Recently uploaded (20)

pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...
 
Washington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers ShirtWashington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers Shirt
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
 
一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理
 

Fact Sheets : Network Status in Bangladesh

  • 1. 1 Fact Sheets : Network Status in Bangladesh
  • 2. 2 2 • Network engineer and enthusiast for a long time • Working as a Trainer/Analyst @ APNIC • Have an exposer with multi-vendor multi-platform different technologies • A security minded person • Would love to contribute to the community zobair.khan@apnic.net $ whois MD ZOBAIR KHAN
  • 3. 3 3 Acknowledgement • Data and contents taken from SHODAN, APNIC, Cloudflare
  • 4. 4 4 Bangladesh Prefixes – IPv4 rex.apnic.net
  • 5. 5 5 Bangladesh Prefixes – IPv6 rex.apnic.net
  • 7. 7 7 IPv6 Deployment – Top Networks ASN AS Name IPv6 Capable IPv6 Preferred AS13335 CLOUDFLARENET 99.36% 98.44% AS21859 ZEN-ECN 48.64% 48.25% AS133168 SUOSAT-AS-AP Shahjalal University of Science and Technology 49.43% 47.53% AS24389 GRAMEENPHONE-AS-AP GrameenPhone Ltd. 48.19% 47.47% AS134595 VELOCITYINTERNET-AS-AP Velocity Internet 28.89% 28.78% AS134712 PIPEXNETWORK-BD Pipex Network 22.19% 22.19% AS138338 CTGNET-AS-AP CTG.NET 21.44% 21.44% AS45245 BANGLALINK-AS Banglalink Digital Communications Ltd 21.79% 21.39% AS133954 EXORDONLINE-BD Exord Online 16.83% 16.62% AS138915 KAOPU-HK Kaopu Cloud HK Limited 16.44% 15.07% AS150729 MDMIRAZHOSSAIN-AS-AP Digraj Internet Service Provider 13.22% 13.22% AS134128 MEGASPEEDNET-AS Mega Speed Net 10.15% 9.90% AS139786 RAINBOW-AS-AP Rainbow Network 9.19% 9.19% AS135098 BSN-AS-AP Bright Star Network 6.81% 6.81% AS58826 ICOMBANGLADESHLTD-BD ping by ICOM Bangladesh Ltd 6.04% 6.04% AS137023 ASIAN-AS-AP ASIAN CITY ONLINE BD LTD. 5.98% 5.98% AS134732 DOTINTERNET-AS-AP Dot Internet 6.04% 5.67% AS142006 GLOBAL5-AS-AP Global ICT Network 5.47% 5.47% AS138621 CITY-NET-COM-AS-AP City Net Communication 4.68% 4.68% AS24432 AXIATA-ROBI-AS-AP TM International Bangladesh Ltd.Internet service Provider,Gulshan-1,Dhaka-1212 4.82% 4.67% stats.labs.apnic.net/ipv6/BD
  • 9. 9 9 Port 53 More than 70k ports are open More than 60k have recursion enabled Vulnerable to DNS exploits including amplification attack, cache poisoning, spoofing etc Lots of Mikrotik devices Filter if not needed Introduce ACL in recursion Do security hardening for Mikrotik
  • 10. 10 10 Port 161 More than 70k ports are open Around 20k have SNMP version 1 enabled with public community Information like Interface description, IP addresses, routing table etc. can be accessed without any authorization. Lots of Mikrotik devices Use SNMP version 3 Introduce ACL and different SNMP community name Do security hardening for Mikrotik
  • 11. 11 11 Port 2000 More than 70k ports are open Almost all of them are Mikrotik Bandwidth Test Server Opens another attach surface for the attackers Turn it off in production network Do security hardening for Mikrotik
  • 12. 12 12 Port 179 More than 55k ports are open 3k are running BGP Attack surface for DDoS, BGP Hijack, Route Leak, Internet Disruption etc. Use ACL, GTTL, BGP MD5 or TCP-AO, RPKI, MANRS, BCP 194
  • 13. 13 13 Port 80 More than 50k ports are open More than 9k are from Mikrotik All the interface details and PPPoE usernames are visible without any authorization in Mikrotik via port 80 Attack surface for Apache, nginx, Microsoft IIS, Cisco/Mikrotik HTTP etc. Use firewall, TLS
  • 14. 14 14 RPKI – ROA IPv4 stats.labs.apnic.net
  • 15. 15 15 RPKI – ROA IPv4 Origin ASN ASN Name ASN Economy Route prefix delegation Validity No. of routes 23923 AGNI-AS BD apnic invalidAS 6 63890 AIBL-AS-AP BD apnic invalidML 4 136215 SB-AS-AP BD apnic invalidAS 2 58527 DGHS-GOV-BD BD apnic invalidML 2 150389 SPRINTNET-AS-AP BD apnic invalidML 2 139016 EXONHOST-AS-AP BD apnic invalidML 2 151488 AML-AS-AP BD apnic invalidML 2 58715 EARTHTELECOMMUNICATION-AS BD apnic invalidAS 1 38562 IOLBD-AS BD apnic invalidAS 1 64037 FIRSTNFASTITLTD-AS-AP BD apnic invalidAS 1
  • 16. 16 16 RPKI – ROA IPv6 stats.labs.apnic.net
  • 17. 17 17 RPKI – ROA IPv6 Origin ASN ASN Name ASN Economy Route prefix delegation Validity No. of routes 150385 HKN-AS-AP BD apnic invalidML 60 137961 ABUZZITLIMITED-AS-AP BD apnic invalidML 28 38071 AFTABIT-BD-AS-AP BD apnic invalidML 26 140612 DESHCOMMUNICATIONS-AS-AP BD apnic invalidML 17 17471 CYBERNET-BD-AS BD apnic invalidML 12 132438 APONIT-AS-AP BD apnic invalidML 10 64074 ABS-AS-AP BD apnic invalidML 8 138544 HK-ONLINE-AS BD apnic invalidML 8 9230 BOL-BD-AP BD apnic invalidML 6 134970 TUHINENTERPRISE-AS-AP BD apnic invalidML 6
  • 20. 20 20 DDoS – Network Layer radar.cloudflare.com
  • 21. 21 21 DDoS – Network Layer Attack Vector radar.cloudflare.com
  • 22. 22 22 DDoS – Application Layer radar.cloudflare.com
  • 23. 23 23 DDoS – Application Layer Activity radar.cloudflare.com
  • 24. 24 24 DDoS – BD DDoS Source radar.cloudflare.com DDoS Attack Trends for 2023 Q3
  • 25. 25 25 DDoS – Emerging Threats radar.cloudflare.com DDoS Attack Trends for 2023 Q3
  • 29. 29 29 Rising Security Concerns • 5G Security Concerns • IoT (Internet of Things) Security • AI and Machine Learning Threats • Supply Chain Attacks • Zero-Day Exploits and Advanced Persistent Threats (APTs) • Phishing • Cloud Security Challenges • Quantum Computing Impact • Biometric Security Risks • Human Element and Insider Threats • Regulatory Compliance and Privacy Concerns
  • 30. 30 30 Security Hardening References • https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router • https://blog.mikrotik.com/security/ • https://www.cisecurity.org/cis-benchmarks • https://www.sans.org/white-papers/ • https://cheatsheetseries.owasp.org/index.html • https://csrc.nist.gov/publications/sp • https://www.manrs.org/about/ • https://academy.apnic.net/ • https://www.team-cymru.com/ • https://www.apnic.net/community/security/ • https://sec.cloudapps.cisco.com/security/center/publicationListing.x • https://blog.cloudflare.com/