SlideShare a Scribd company logo

Background noise of the Internet

Bangladesh Network Operators Group
Bangladesh Network Operators Group

I will share a study based on incoming traffic to our darknet which is just monitoring and discarding packets. So basically there is no user traffic, but still we are observing many incoming traffic. Mostly those are scanning but also we found many interesting activities. The same might be happing to every Internet facing host, and it's important to understand the current situation of the Internet.

1 of 33
Download to read offline
Background noise of the Internet Matsuzaki ‘maz’ Yoshinobu <maz@iij.ad.jp> bdNOG10 maz@iij.ad.jp 1
I receive a packet because it’s: • A part of my communication (^_^) • Something else (T_T) • Those ‘something else’ are considered as background noise of the Internet, mostly unwanted traffic. • Every internet facing host is receiving such packets Today’s topic bdNOG10 maz@iij.ad.jp 2
PPP-EXP • This study is conducted by Pool Protection Project (PPP-EXP) • PPP-EXP was started by IIJ and JPNIC to protect the JPNIC free IPv4 pool from abuse • https://www.attn.jp/ppp/ • The setup • Announcing prefixes by AS2522 • Monitoring and discarding packets to the prefixes • Simple zone file for the reverse zones • only SOA and NS (no PTR records) bdNOG10 maz@iij.ad.jp 3
Classifications of noises • The sender is an initiator • Scanning • Virus spreading • Attacking • Something mistake • The sender is a reflector • Victim of IP spoofing attack • SYN-Flooding and etc. • Something mistake bdNOG10 maz@iij.ad.jp 4
The sender is an initiator • Intentionally sending traffic to ‘us’ bdNOG10 maz@iij.ad.jp 5 sender = initiator
The sender is a reflector • The original sender sends an IP spoofing packet to a host, and the host then send *back* a reply to ‘us’ The source address of the packet is spoofed as ‘us’ bdNOG10 maz@iij.ad.jp 6 sender = reflector
Disclaimer • I don’t know the actual intent of the packets, so the most of reasons mentioned in this slides are my ‘guess’ • The fact • We receive some amount of packets on the Internet facing hosts • Guesses • Scanning • Reflections • Weird implementations • Mistake bdNOG10 maz@iij.ad.jp 7
The data • Duration: 2019/01/10 00:00~24:00(JST) • Fully captured incoming packets toward the prefixes • many pcap files • about 6 hunreds million packets • 2758 packets/host/day bdNOG10 maz@iij.ad.jp 8
Mostly TCP packets TCP 95% (577340492) UDP 4% (26945104) ICMP 1% (3897454) IP6 0% (2153) bdNOG10 maz@iij.ad.jp 9
And mostly TCP-SYN SYN 98% (563062001) SYN-ACK 2% (12229116) OTHER 0% (2049375) bdNOG10 maz@iij.ad.jp 10
The TCP Flag variations • SYN 563062001 • SYN-ACK 12229116 • SYN-ECE-CWR 941603 • RST 555637 • RST-ACK 293503 • ACK 106575 • SYN-ACK-ECE 52175 • SYN-ACK-ECE-CWR 44801 • FIN-SYN-RST-PSH-ACK-URG 21745 • SYN-ACK-CWR 10423 • PSH-ACK 9532 • FIN-PSH-ACK 4434 • SYN-RST 4258 • FIN-ACK 2817 • RST-ECE 502 • RST-ECE-CWR 445 • RST-CWR 433 • SYN-PSH 364 • none 63 • RST-PSH 32 • FIN 17 • PSH 6 • PSH-ACK-URG-CWR 3 • FIN-SYN-RST-ACK-URG-CWR 2 • FIN-RST-PSH-ACK-URG-CWR 1 • SYN-PSH-CWR 1 • CWR 1 • FIN-SYN-RST-PSH-ACK-URG-CWR 1 • RST-PSH-ACK-ECE-CWR 1 bdNOG10 maz@iij.ad.jp 11
The major destination ports TCP-SYN destinations • 23 73958566 • 52869 34724310 • 8545 14738763 • 22 13507821 • 445 11378107 • 80 10794925 • 8080 9323605 • 4776 7615618 • 4784 7602022 • 1433 5755354 UDP destinations • 389 2445405 • 4776 2381843 • 4784 2354203 • 1900 2287302 • 50328 1191988 • 50592 1190070 • 50336 1188298 • 50584 1180976 • 11211 1064441 • 19 754180 bdNOG10 maz@iij.ad.jp 12
Packets distribution: Sender Thenumberofoccurrences The number of packets sent by a source Many hosts sending a few packets A few sending a LOT bdNOG10 maz@iij.ad.jp 13
A few hosts sending a lot of packets • Ukrainian IP (31609992 packets) • TCP-SYN to TCP/1025-10000 • USA IP (10793632 packets) • TCP-SYN to TCP/52869 • Dutch IP (10572421 packets) • TCP-SYN to TCP/52869 • HongKong IP (7330971 packets) • TCP-SYN to TCP/3031 and other 546 ports • Ireland 8 IPs (total 51607564packets) • TCP-SYN to TCP/53601-60800 bdNOG10 maz@iij.ad.jp 14
TCP/23 scanners Thenumberofoccurrences The number of packets sent by a source bdNOG10 maz@iij.ad.jp 15 Existing around here
Security services based on scanning results • Many others, and each of them is scanning you • More new services means more scanning packets to your network bdNOG10 maz@iij.ad.jp 16
Many hosts sending a few $%. . # % b8 b%, #% #% #,# $ , b1b %%#%#%%#% # .b@5 b LT ZOb%$ $]$$$$.bb $b$$, b Kb $$$b $%%b $ %bIK Mb $,bb6### ;2#$# ##### $]$$%$.bbK $%b$II%b K b% ,b$$ $b b %b %bb######### #K%. $]$$ $.bb b b b $ b M $b$L b ,bM%L bbK .PK $.U # C ## $]$$ $.bbL, MbM%% b I MbIL $b , bK MLb b Lbb##### ##]### .PT $]$$ $.bb Mb M ,b % b , b $ b M $b$L%Mb % bbMU O O $.U ## A $]$$ $.bbI, Lb%$,,bI$L,bI b I Lb$M $b M b %bb#a#####.DT#$##L% $]$$ $.bb %b b b Mb $ b b %b bb.W . LZ LLX %.Z $]$$ $.bb b b % b b b $%b$% %b bb .#4%.[ .: ##%. $]$$,$.bb % b % bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb%.WL $%. . # ,%%b8 b%, #% #% #,# $ , b1b %%#%#%%#% # .b@5 b LT ZOb $ $]$$$$.bb $b$$ $b $ b $$$b $%%b L MbIK Mb $,bb6##$ #2#$#T #### $]$$%$.bbK $%b$II%b K b% ,b$$% bIL%$b %$$b L bb############3#T# $]$$ $.bb,KL b b$$$$b$$$$b$$$$b$$$$b % b$$$$bb##_ ######## ### $%. . $# , b8 b%, #% #% #,# , %$b1b %%#%#%%#% # .b7 bD>F b LW %, %% b¥PTb bU ZPUT bDS % , <9 >b[ , bL X $ TU ¥ Lb F b LT ZOb$ $]$$$$.bb $$b$$ b I b $$$b $$ b M KbIK Mb $,bb6##0 2#$##F#### $]$$%$.bbK $%b$II%bIKL b% ,bMK Lb b$$$$b$$$$bb#########T###### $]$$ $.bb $$ bMMMM K b$$$$b$ $ b$ ,b$ $ b$,$ bb####FP########## $]$$ $.bb$$ bM I b$$$$b$$$$b$%$ b$ $ bbbbbbbbbbbb# ########## $%. . %#,% %b8 b%, #% #% #,# , %$b1b %%#%#%%#% # .b7 bD>F b LW %, %% b¥PTb bU ZPUT bDS % , <9 >b[ bL X $ TU ¥ Lb F b LT ZOb$ $]$$$$.bb $$b$$ b I b $$$b $$ b M bIK Mb $,bb6##0 2#$##E#### $]$$%$.bbK $%b$II%bIKL b% ,bMK Lb b$$$$b$$$$bb#########T###### $]$$ $.bb $$ bMMMM K$ b$$$$b$ $ b$ ,b$ $ b$,$ bb####F########### $]$$ $.bb$$ bM %Ib$$$$b$$$$b$%$ b$ $ bbbbbbbbbbbb# ########## They send UDP packets, and then send TCP-SYN to the same destination port Probably... BitTorrent! bdNOG10 maz@iij.ad.jp 17
This might be a P2P as well -/7/07/4+./3204vEKv./2+43+3.+.65+20142v;v/.6+.-.+..2+/-/+4337vNAK)vd]f_k`v145 -n----7vv12--v-.^Yv3Z-¥v1---v03..v[¥Y0v4¥1[v0¥[3vvB+++c+=+3+++rH:+ -n--.-7vv¥Z32v40[Yv¥-]0v-/^]v-.]3v]1]Yv155¥vY¥05vv+]j+++++++++D++5 -n--/-7vv[/.Yv3.]/v[.50v[11]v^.3/v[..6v665¥v¥/34vv++Y++++J+Z+++++_ -n--0-7vv20]Yv¥2Z[v4456vZ[^6v]0Z2v.Y.1v34--v/566vvL+++m+++++++_+&+ -n--1-7vv0..0v2155v-][6v4/0]v15/]v[][6v66.Zv-^^2vv.+M+++i;D+++++++ -n--2-7vv--45v1¥3^v464/v]53[v2¥^.v5¥Z-v¥/-.v.5[/vv+nIgoi+dU+++++++ -n--3-7vv..05v5-]4v4.¥2v[1Y1v[-Z]v/Z0^vY0Z]vZ[]¥vv+5++h+++++(<++++ 9t ; -n-.5-7vv]6Z.v-165v.-/6v¥]43v¥2^4v4ZZ¥v.[..v-Y1/vv+++++'+l++q++++? -n-.6-7vv-[Y3vZ]Z2v266[v2¥^Yv/¥Z-v5Y54v3]3^v2]24vv++++ +U+ +++fgVP -n-.Y-7vvY-]-v3^/^v551¥vY12¥v[06]v662]v/]Y/vY-0Yvv++g,+I+U+++V+++7 -n-.Z-7vv[4¥¥v3]6^v^51Yv.Y/2v4Y/0v/Z]4v./-5vZ]Z.vv++f++F+# !(+++++ -n-.[-7vv34/¥v¥^]]v^5-0v[Y0ZvY.30v66[]v51Z5v54[Zvv_ +++++8+[++++++ -n-.¥-7vv62^1v3Y5¥vZ]-0v0.05v/32Zv.^04v3/2[v3415vv++b+++.5$S+4ZT_D -n-.]-7vv-513v03^^v[44^v0Z]4v3.20v0331v-ZZ[v/^6^vv+C3+++8+YL3¥++,+ -n-.^-7vv0..6vYZ]]v.Z¥Zv/3Z^v03[0vvvvvvvvvvvvvvvvv.+++++$+3+ -/7/0714+245.55vEKv.4.+03+10+5+0-501v;v/.6+.-.+..2+/-/+4337vNAK)vd]f_k`v15/ -n----7vv12--v-.^]v3Z-^v1---v00..vZ250vYZ/1v/Z-5vvB+++c+=+0++++"(+ -n--.-7vv¥Z32v40[Yv454/v-/^]v-.]Yv//.Zv3]5]vZ/34vv+]j+ni++++ +f++_ -n--/-7vv]^]3v¥Z-¥v¥6/3v6[54v/5[6v31Y1v61]3v^.[^vv+++++$++&+¥+++++ -n--0-7vv]]3-v3623v5[¥2v3].4v.11Yv204]v5/Y4v.2[6vv+ a ++f++FLs++++ -n--1-7vv40¥5v3ZY3v[Z[]v¥0[6v0^1/vZ6Z1v01[4v^..[vvj+c+++++<?++1+++ -n--2-7vv6/03v3./4v3[4Yv344.v.¥]0vY/Y.v6Z^[vZ651vv+3Y%d _h++++++++ -n--3-7vv-^/2v0113v¥Z1¥v04-1v[610v45Y5vZ244v0^^[vv+#1C+I4++@n++m<+ 9t ; -n-.5-7vv]¥^4v35]Zv[¥Y6vZ-4/v[3[.vY//.v322]v0--4vv++`++++i+++ ]V-+ -n-.6-7vv6]¥0v[023v]/.Yv0Z.Zv^641v[61.v]¥2^v]Y2Yvv+++ ++8++k+>+W+ -n-.Y-7vv¥220v[1/0v^Z41v.1[/vZ2Z2v3/66v.06.v6^Z-vv+L+!+k++++Z+++++ -n-.Z-7vv]03/v-3[3v^Y1.v3-^1v01Y5v02Y-v53/-v^Y2[vv+Z+++> +1+2++++T -n-.[-7vv^.Z]v^¥3[vZ/..vY¥]3v[2.-v4^24v/-6¥v-450vv+++d+++++++P++++ -n-.¥-7vv^^5Zv1646v1Z/5v3¥4^v[^//v.^23v[-65v0.Z.vv++Eo &e++ + ++.+ -n-.]-7vv¥3/]v6[-5v0]1Yv]¥5/v¥53[v¥5^4v-6¥]v^654vv++++;F+++d++++++ -n-.^-7vv]5[.v-.01v]5][v0/Z5v5¥[^v5¥1¥v35Z¥vvvvvvv+++1++/++++I`+ bdNOG10 maz@iij.ad.jp 18
Many hosts sending a few • There might be a wrong node information in the P2P network. • Based on that, many hosts are trying to connect the *nodes* • I guess users of the senders are not aware of this • Why such a wrong node information? • Someone made mistake on his/her configuration? • Someone is attacking the P2P network by injecting wrong nodes? • The number of unique senders might be indicating the number of P2P users bdNOG10 maz@iij.ad.jp 19
Packets distribution: Receiver bdNOG10 maz@iij.ad.jp 20 Average 2758 packets/host A few hosts are receiving a lot Thenumberofoccurrences The number of packets received by a host
A few hosts receiving the most of many packets from the many hosts Probably by a P2P application based on wrong nodes information bdNOG10 maz@iij.ad.jp 21 Thenumberofoccurrences The number of packets received by a hostThe number of packets sent by a sender
Oh, yes. I see IP6 (41) packet 0, 3 00) " , 0 ) , -.,0, 2 ) 0 ) 30 " . 2 - 4), " ) 0 " " - 1 ,( .,10 . ,) 0 0 , ) 0 3 " 3 " 3 " 3 " 2 3 The PTR record of the sender looks like a HTTP server -> www134.cs.uic.edu Seems like it’s searching a router bdNOG10 maz@iij.ad.jp 22
This explains that bdNOG10 maz@iij.ad.jp 23
IP6 (41) 6to4 packet (,1'.1')&(-..)-]8 ] ' '$] ),($]KF]((0-)$] ]'$] CI ] 57 $] T ]8 X-] ( $] PI ]0) (0)& &00&(]2](, &)''& )& 1]8 -] CD ' ).-- $] KO () $]P CF T] 4 ] - ] C[ CF] PI 1] ) ]) ' 1- ''1 '',1 '011)'' & ]2])'')10 E 1)')E110 E 1)')E&-,)- 1] 7 CI ] & $]E O ' )-E(] E TT E $] S ')(),-'.$]CE ]).,00,.,(,$] KP]).)''$] K P ] O ( -'$P $P $ CE :9$P $ EC ] $] PI ]' ' ''''1 ,'']'',E]) DC] '''] D)0]- .']E', ]- '( 6&&@&&3&& P &>E& ' ''('1 0 E ])')E]-'')].-- ]'')']'-.E]) ' ]- '' &&&$ &XP&&&¥ & & ' '')'1 '',]' '0]'''']'''']''''])'' ])'')]0 E 3&&&&&&&&&&&&&&& ' '' '1 )')E]'''']'''']'''']0 E ])')E]'(DD] &$&&&&&&&&&$&&&& ' '' '1 (. .] ).]C (]0E'D] '()]-C '])-E(]'''' &&& &&&&&& 3 &&& ' '','1 ')' ]',,']'('(]' ')]'(' ]' ' &&& &&&&&&&& bdNOG10 maz@iij.ad.jp 24
6to4 reflections • Someone is using 6to4 with an IPv4 address from our prefix, and we got a reply Using 6to4 with wrong IPv4 address configuration 6to4 relay bdNOG10 maz@iij.ad.jp 25
6to4 reflections • Guesses • Configuration error and weird implementation made 6to4 enabled, and the host tried to access the Internet through it? • Someone using 6to4 space for IPv6 SYN-flooding? • We also observe ’ICMP6 TTL expired’ packet related to 6to4 bdNOG10 maz@iij.ad.jp 26
Sudden traffic • 300Mbps toward a single destination • Many sources from different countries and economies • UDP, random source and destination port • Don’t fragment, 1052 bytes bdNOG10 maz@iij.ad.jp 27
The sudden traffic • Firstly I assumed a P2P, but it looks strange • I couldn’t feel the intent of ‘commutation’ from the payloads • That’s just my feeling • So I counted • The byte distribution of the payload bdNOG10 maz@iij.ad.jp 28
Byte distributions sometimes tell something pdf docx jpg m4apptx bdNOG10 maz@iij.ad.jp 29
The byte distribution is too flat The UDP datagram bdNOG10 maz@iij.ad.jp 30
Analysis of the sudden traffic • The payload is totally random • No intention for communication • OK, I suppose this a DDoS attack • But to the destination that is not serving anything? • Just mistake? • Lesson learned • Without any particular reason, sometimes you suddenly become a target of DDoS bdNOG10 maz@iij.ad.jp 31
There was this kind of packet as well.. - - , P45P , P0P , -P625 P D I P -PP P , P< P P> P > P <P9 9<PP3 E 8 -PP<: P ;9P P< 9 P 9P P P PP > 11 -PP P P P P > P < P ;P ; PP1111 ;< I -PP P >P P >P P P ; ;P PP;< 9 D ; / DA 0 -PP P P P P P P P : PP< I>I . -PP P P P P P :P P PP I>I . >I -PP P P < P <P P P > P , <PP I 9DED -PP > P P < P P >P ,P < >P PPE 9DED E -PP <P P P P P P P PP 5 -PP P P P P P P P PP >I > -PP P P P : P P P P PPI . >I -PP P P P P P P P PP I>I I>I , -PP P P P P P P 9PPPPPPP >I ;<P I P P;<P 9 DP P;<P DIP P;<P EEIP P;< . IP II - 777 :AD . ; E< P:AD . P:AD . I>I P 777 ; I I>I . ; E<P PI>I . PI>I . I>I P PI>I P 777. ; E<P PI>I . I>I . >I P IP P P9DED E P P9DED E P 5P P 777P >I P>I . >I PI>I PI>I P>I bdNOG10 maz@iij.ad.jp 32
Summary • We have background noise in the Internet (IPv4) • Malicious activities are observed • Yes, of course • Security service providers are also scanning you • Some other non-intentional or aftereffect-ish activities are also happening in the Internet • If you are unlucky, you might receive many packets without any particular reason bdNOG10 maz@iij.ad.jp 33

Recommended

Call Tracking with Twilio - Cloudstock 2010
Call Tracking with Twilio - Cloudstock 2010Call Tracking with Twilio - Cloudstock 2010
Call Tracking with Twilio - Cloudstock 2010Twilio Inc
 
mod_perl 2.0 For Speed Freaks!
mod_perl 2.0 For Speed Freaks!mod_perl 2.0 For Speed Freaks!
mod_perl 2.0 For Speed Freaks!
Philippe M. Chiasson
 
What is suid, sgid and sticky bit
What is suid, sgid and sticky bit What is suid, sgid and sticky bit
What is suid, sgid and sticky bit
Meenu Chopra
 
Hadoop 101 - Kansas City Big Data Summit 2014
Hadoop 101 - Kansas City Big Data Summit 2014Hadoop 101 - Kansas City Big Data Summit 2014
Hadoop 101 - Kansas City Big Data Summit 2014
skahler
 
Kamailio and VoIP Wild World
Kamailio and VoIP Wild WorldKamailio and VoIP Wild World
Kamailio and VoIP Wild World
Daniel-Constantin Mierla
 
How the internet works
How the internet worksHow the internet works
How the internet works
Sharon Chen
 
HTTP/2, SPDY e Otimizações Web - Front In Maceió 2014 - Sérgio Lopes
HTTP/2, SPDY e Otimizações Web - Front In Maceió 2014 - Sérgio LopesHTTP/2, SPDY e Otimizações Web - Front In Maceió 2014 - Sérgio Lopes
HTTP/2, SPDY e Otimizações Web - Front In Maceió 2014 - Sérgio Lopes
Caelum
 
Threat hunting != Throwing arrow! Hunting for adversaries in your it environment
Threat hunting != Throwing arrow! Hunting for adversaries in your it environmentThreat hunting != Throwing arrow! Hunting for adversaries in your it environment
Threat hunting != Throwing arrow! Hunting for adversaries in your it environment
Nahidul Kibria
 

Recommended

Call Tracking with Twilio - Cloudstock 2010
Call Tracking with Twilio - Cloudstock 2010Call Tracking with Twilio - Cloudstock 2010
Call Tracking with Twilio - Cloudstock 2010Twilio Inc
 
mod_perl 2.0 For Speed Freaks!
mod_perl 2.0 For Speed Freaks!mod_perl 2.0 For Speed Freaks!
mod_perl 2.0 For Speed Freaks!
Philippe M. Chiasson
 
What is suid, sgid and sticky bit
What is suid, sgid and sticky bit What is suid, sgid and sticky bit
What is suid, sgid and sticky bit
Meenu Chopra
 
Hadoop 101 - Kansas City Big Data Summit 2014
Hadoop 101 - Kansas City Big Data Summit 2014Hadoop 101 - Kansas City Big Data Summit 2014
Hadoop 101 - Kansas City Big Data Summit 2014
skahler
 
Kamailio and VoIP Wild World
Kamailio and VoIP Wild WorldKamailio and VoIP Wild World
Kamailio and VoIP Wild World
Daniel-Constantin Mierla
 
How the internet works
How the internet worksHow the internet works
How the internet works
Sharon Chen
 
HTTP/2, SPDY e Otimizações Web - Front In Maceió 2014 - Sérgio Lopes
HTTP/2, SPDY e Otimizações Web - Front In Maceió 2014 - Sérgio LopesHTTP/2, SPDY e Otimizações Web - Front In Maceió 2014 - Sérgio Lopes
HTTP/2, SPDY e Otimizações Web - Front In Maceió 2014 - Sérgio Lopes
Caelum
 
Threat hunting != Throwing arrow! Hunting for adversaries in your it environment
Threat hunting != Throwing arrow! Hunting for adversaries in your it environmentThreat hunting != Throwing arrow! Hunting for adversaries in your it environment
Threat hunting != Throwing arrow! Hunting for adversaries in your it environment
Nahidul Kibria
 
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)James Clause
 
4Developers: Dns vs webapp
4Developers: Dns vs webapp4Developers: Dns vs webapp
4Developers: Dns vs webapp
PROIDEA
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
維泰 蔡
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全
維泰 蔡
 
Chapter07.official language policy (1)
Chapter07.official language policy (1)Chapter07.official language policy (1)
Chapter07.official language policy (1)
Arjun Manghav Puthanpurayil
 
Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識
維泰 蔡
 
Архитектура коммутаторов Cisco Catalyst 6500
Архитектура коммутаторов Cisco Catalyst 6500Архитектура коммутаторов Cisco Catalyst 6500
Архитектура коммутаторов Cisco Catalyst 6500Cisco Russia
 
INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13
INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13
INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13ROBERTO GARCIA HERNANDEZ
 
Vhdl ppt
Vhdl pptVhdl ppt
Vhdl ppt
Nishanth P V
 
[Harvard CS264] 04 - Intermediate-level CUDA Programming
[Harvard CS264] 04 - Intermediate-level CUDA Programming[Harvard CS264] 04 - Intermediate-level CUDA Programming
[Harvard CS264] 04 - Intermediate-level CUDA Programming
npinto
 
CPDL - Charging Plan Definition Language
CPDL - Charging Plan Definition LanguageCPDL - Charging Plan Definition Language
CPDL - Charging Plan Definition Language
Daniel-Constantin Mierla
 
OSGi - beyond the myth
OSGi - beyond the mythOSGi - beyond the myth
OSGi - beyond the myth
Clément Escoffier
 
การสื่อสารข้อมูลทางคอมพิวเตอร์
การสื่อสารข้อมูลทางคอมพิวเตอร์การสื่อสารข้อมูลทางคอมพิวเตอร์
การสื่อสารข้อมูลทางคอมพิวเตอร์chukiat008
 
MongoDB - Monitoring and queueing
MongoDB - Monitoring and queueingMongoDB - Monitoring and queueing
MongoDB - Monitoring and queueing
Boxed Ice
 
MongoDB - Monitoring & queueing
MongoDB - Monitoring & queueingMongoDB - Monitoring & queueing
MongoDB - Monitoring & queueing
Boxed Ice
 
Peebles-3D Symposium-03 Mar 2016
Peebles-3D Symposium-03 Mar 2016Peebles-3D Symposium-03 Mar 2016
Peebles-3D Symposium-03 Mar 2016Ross Peebles
 
CAR Email 9.17.02
CAR Email 9.17.02CAR Email 9.17.02
CAR Email 9.17.02
Obama White House
 
[AKIBA.AWS] VPN接続とルーティングの基礎
[AKIBA.AWS] VPN接続とルーティングの基礎[AKIBA.AWS] VPN接続とルーティングの基礎
[AKIBA.AWS] VPN接続とルーティングの基礎
Shuji Kikuchi
 
Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011the nciia
 
Syndicated content on your web pages
Syndicated content on your web pagesSyndicated content on your web pages
Syndicated content on your web pages
Jon Warbrick
 
সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...
সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...
সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...mdmahafuz
 
Bash Geekcamp
Bash GeekcampBash Geekcamp
Bash Geekcamp
guest7f4365d
 

More Related Content

What's hot

A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)James Clause
 
4Developers: Dns vs webapp
4Developers: Dns vs webapp4Developers: Dns vs webapp
4Developers: Dns vs webapp
PROIDEA
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
維泰 蔡
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全
維泰 蔡
 
Chapter07.official language policy (1)
Chapter07.official language policy (1)Chapter07.official language policy (1)
Chapter07.official language policy (1)
Arjun Manghav Puthanpurayil
 
Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識
維泰 蔡
 

What's hot (6)

A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
 
4Developers: Dns vs webapp
4Developers: Dns vs webapp4Developers: Dns vs webapp
4Developers: Dns vs webapp
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全
 
Chapter07.official language policy (1)
Chapter07.official language policy (1)Chapter07.official language policy (1)
Chapter07.official language policy (1)
 
Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識
 

Similar to Background noise of the Internet

Архитектура коммутаторов Cisco Catalyst 6500
Архитектура коммутаторов Cisco Catalyst 6500Архитектура коммутаторов Cisco Catalyst 6500
Архитектура коммутаторов Cisco Catalyst 6500Cisco Russia
 
INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13
INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13
INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13ROBERTO GARCIA HERNANDEZ
 
Vhdl ppt
Vhdl pptVhdl ppt
Vhdl ppt
Nishanth P V
 
[Harvard CS264] 04 - Intermediate-level CUDA Programming
[Harvard CS264] 04 - Intermediate-level CUDA Programming[Harvard CS264] 04 - Intermediate-level CUDA Programming
[Harvard CS264] 04 - Intermediate-level CUDA Programming
npinto
 
CPDL - Charging Plan Definition Language
CPDL - Charging Plan Definition LanguageCPDL - Charging Plan Definition Language
CPDL - Charging Plan Definition Language
Daniel-Constantin Mierla
 
OSGi - beyond the myth
OSGi - beyond the mythOSGi - beyond the myth
OSGi - beyond the myth
Clément Escoffier
 
การสื่อสารข้อมูลทางคอมพิวเตอร์
การสื่อสารข้อมูลทางคอมพิวเตอร์การสื่อสารข้อมูลทางคอมพิวเตอร์
การสื่อสารข้อมูลทางคอมพิวเตอร์chukiat008
 
MongoDB - Monitoring and queueing
MongoDB - Monitoring and queueingMongoDB - Monitoring and queueing
MongoDB - Monitoring and queueing
Boxed Ice
 
MongoDB - Monitoring & queueing
MongoDB - Monitoring & queueingMongoDB - Monitoring & queueing
MongoDB - Monitoring & queueing
Boxed Ice
 
Peebles-3D Symposium-03 Mar 2016
Peebles-3D Symposium-03 Mar 2016Peebles-3D Symposium-03 Mar 2016
Peebles-3D Symposium-03 Mar 2016Ross Peebles
 
CAR Email 9.17.02
CAR Email 9.17.02CAR Email 9.17.02
CAR Email 9.17.02
Obama White House
 
[AKIBA.AWS] VPN接続とルーティングの基礎
[AKIBA.AWS] VPN接続とルーティングの基礎[AKIBA.AWS] VPN接続とルーティングの基礎
[AKIBA.AWS] VPN接続とルーティングの基礎
Shuji Kikuchi
 
Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011the nciia
 
Syndicated content on your web pages
Syndicated content on your web pagesSyndicated content on your web pages
Syndicated content on your web pages
Jon Warbrick
 
সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...
সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...
সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...mdmahafuz
 
Bash Geekcamp
Bash GeekcampBash Geekcamp
Bash Geekcamp
guest7f4365d
 
Resilient Taunton Watershed Network: Shaping the Future of Your Community
Resilient Taunton Watershed Network: Shaping the Future of Your CommunityResilient Taunton Watershed Network: Shaping the Future of Your Community
Resilient Taunton Watershed Network: Shaping the Future of Your Community
greenbelt82
 
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеТанки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Yandex
 
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Geert Van Pamel
 

Similar to Background noise of the Internet (20)

Архитектура коммутаторов Cisco Catalyst 6500
Архитектура коммутаторов Cisco Catalyst 6500Архитектура коммутаторов Cisco Catalyst 6500
Архитектура коммутаторов Cisco Catalyst 6500
 
INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13
INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13
INSTALACION DE PERFILES PCF DE VPN CISCO EN AMBIENTE LINUX UBUNTU 13
 
Vhdl ppt
Vhdl pptVhdl ppt
Vhdl ppt
 
[Harvard CS264] 04 - Intermediate-level CUDA Programming
[Harvard CS264] 04 - Intermediate-level CUDA Programming[Harvard CS264] 04 - Intermediate-level CUDA Programming
[Harvard CS264] 04 - Intermediate-level CUDA Programming
 
CPDL - Charging Plan Definition Language
CPDL - Charging Plan Definition LanguageCPDL - Charging Plan Definition Language
CPDL - Charging Plan Definition Language
 
OSGi - beyond the myth
OSGi - beyond the mythOSGi - beyond the myth
OSGi - beyond the myth
 
การสื่อสารข้อมูลทางคอมพิวเตอร์
การสื่อสารข้อมูลทางคอมพิวเตอร์การสื่อสารข้อมูลทางคอมพิวเตอร์
การสื่อสารข้อมูลทางคอมพิวเตอร์
 
MongoDB - Monitoring and queueing
MongoDB - Monitoring and queueingMongoDB - Monitoring and queueing
MongoDB - Monitoring and queueing
 
MongoDB - Monitoring & queueing
MongoDB - Monitoring & queueingMongoDB - Monitoring & queueing
MongoDB - Monitoring & queueing
 
Peebles-3D Symposium-03 Mar 2016
Peebles-3D Symposium-03 Mar 2016Peebles-3D Symposium-03 Mar 2016
Peebles-3D Symposium-03 Mar 2016
 
CAR Email 9.17.02
CAR Email 9.17.02CAR Email 9.17.02
CAR Email 9.17.02
 
[AKIBA.AWS] VPN接続とルーティングの基礎
[AKIBA.AWS] VPN接続とルーティングの基礎[AKIBA.AWS] VPN接続とルーティングの基礎
[AKIBA.AWS] VPN接続とルーティングの基礎
 
Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011Cooper Union - SociaLite - Open 2011
Cooper Union - SociaLite - Open 2011
 
Syndicated content on your web pages
Syndicated content on your web pagesSyndicated content on your web pages
Syndicated content on your web pages
 
সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...
সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...
সুন্দরবনের কাছে রামপাল কয়লা বিদ্যুৎ কেন্দ্রের পরিবেশগত প্রভাব নিরুপন বা ইআইএ ...
 
Bash Geekcamp
Bash GeekcampBash Geekcamp
Bash Geekcamp
 
Resilient Taunton Watershed Network: Shaping the Future of Your Community
Resilient Taunton Watershed Network: Shaping the Future of Your CommunityResilient Taunton Watershed Network: Shaping the Future of Your Community
Resilient Taunton Watershed Network: Shaping the Future of Your Community
 
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеТанки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
 
Google と Apple に見るオープンソースの活用
Google と Apple に見るオープンソースの活用Google と Apple に見るオープンソースの活用
Google と Apple に見るオープンソースの活用
 
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
Implementing a home gateway with Linux - Firewall - Router - Proxy server - D...
 

More from Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Bangladesh Network Operators Group
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Bangladesh Network Operators Group
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
Bangladesh Network Operators Group
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
Bangladesh Network Operators Group
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
Bangladesh Network Operators Group
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
Bangladesh Network Operators Group
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
Bangladesh Network Operators Group
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
Bangladesh Network Operators Group
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
Bangladesh Network Operators Group
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Bangladesh Network Operators Group
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
Bangladesh Network Operators Group
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
Bangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
Bangladesh Network Operators Group
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
Bangladesh Network Operators Group
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Bangladesh Network Operators Group
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
Bangladesh Network Operators Group
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
Bangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
Bangladesh Network Operators Group
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
Bangladesh Network Operators Group
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
Bangladesh Network Operators Group
 

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Recently uploaded

国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 

Recently uploaded (20)

国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 

Background noise of the Internet

  • 1. Background noise of the Internet Matsuzaki ‘maz’ Yoshinobu <maz@iij.ad.jp> bdNOG10 maz@iij.ad.jp 1
  • 2. I receive a packet because it’s: • A part of my communication (^_^) • Something else (T_T) • Those ‘something else’ are considered as background noise of the Internet, mostly unwanted traffic. • Every internet facing host is receiving such packets Today’s topic bdNOG10 maz@iij.ad.jp 2
  • 3. PPP-EXP • This study is conducted by Pool Protection Project (PPP-EXP) • PPP-EXP was started by IIJ and JPNIC to protect the JPNIC free IPv4 pool from abuse • https://www.attn.jp/ppp/ • The setup • Announcing prefixes by AS2522 • Monitoring and discarding packets to the prefixes • Simple zone file for the reverse zones • only SOA and NS (no PTR records) bdNOG10 maz@iij.ad.jp 3
  • 4. Classifications of noises • The sender is an initiator • Scanning • Virus spreading • Attacking • Something mistake • The sender is a reflector • Victim of IP spoofing attack • SYN-Flooding and etc. • Something mistake bdNOG10 maz@iij.ad.jp 4
  • 5. The sender is an initiator • Intentionally sending traffic to ‘us’ bdNOG10 maz@iij.ad.jp 5 sender = initiator
  • 6. The sender is a reflector • The original sender sends an IP spoofing packet to a host, and the host then send *back* a reply to ‘us’ The source address of the packet is spoofed as ‘us’ bdNOG10 maz@iij.ad.jp 6 sender = reflector
  • 7. Disclaimer • I don’t know the actual intent of the packets, so the most of reasons mentioned in this slides are my ‘guess’ • The fact • We receive some amount of packets on the Internet facing hosts • Guesses • Scanning • Reflections • Weird implementations • Mistake bdNOG10 maz@iij.ad.jp 7
  • 8. The data • Duration: 2019/01/10 00:00~24:00(JST) • Fully captured incoming packets toward the prefixes • many pcap files • about 6 hunreds million packets • 2758 packets/host/day bdNOG10 maz@iij.ad.jp 8
  • 9. Mostly TCP packets TCP 95% (577340492) UDP 4% (26945104) ICMP 1% (3897454) IP6 0% (2153) bdNOG10 maz@iij.ad.jp 9
  • 10. And mostly TCP-SYN SYN 98% (563062001) SYN-ACK 2% (12229116) OTHER 0% (2049375) bdNOG10 maz@iij.ad.jp 10
  • 11. The TCP Flag variations • SYN 563062001 • SYN-ACK 12229116 • SYN-ECE-CWR 941603 • RST 555637 • RST-ACK 293503 • ACK 106575 • SYN-ACK-ECE 52175 • SYN-ACK-ECE-CWR 44801 • FIN-SYN-RST-PSH-ACK-URG 21745 • SYN-ACK-CWR 10423 • PSH-ACK 9532 • FIN-PSH-ACK 4434 • SYN-RST 4258 • FIN-ACK 2817 • RST-ECE 502 • RST-ECE-CWR 445 • RST-CWR 433 • SYN-PSH 364 • none 63 • RST-PSH 32 • FIN 17 • PSH 6 • PSH-ACK-URG-CWR 3 • FIN-SYN-RST-ACK-URG-CWR 2 • FIN-RST-PSH-ACK-URG-CWR 1 • SYN-PSH-CWR 1 • CWR 1 • FIN-SYN-RST-PSH-ACK-URG-CWR 1 • RST-PSH-ACK-ECE-CWR 1 bdNOG10 maz@iij.ad.jp 11
  • 12. The major destination ports TCP-SYN destinations • 23 73958566 • 52869 34724310 • 8545 14738763 • 22 13507821 • 445 11378107 • 80 10794925 • 8080 9323605 • 4776 7615618 • 4784 7602022 • 1433 5755354 UDP destinations • 389 2445405 • 4776 2381843 • 4784 2354203 • 1900 2287302 • 50328 1191988 • 50592 1190070 • 50336 1188298 • 50584 1180976 • 11211 1064441 • 19 754180 bdNOG10 maz@iij.ad.jp 12
  • 13. Packets distribution: Sender Thenumberofoccurrences The number of packets sent by a source Many hosts sending a few packets A few sending a LOT bdNOG10 maz@iij.ad.jp 13
  • 14. A few hosts sending a lot of packets • Ukrainian IP (31609992 packets) • TCP-SYN to TCP/1025-10000 • USA IP (10793632 packets) • TCP-SYN to TCP/52869 • Dutch IP (10572421 packets) • TCP-SYN to TCP/52869 • HongKong IP (7330971 packets) • TCP-SYN to TCP/3031 and other 546 ports • Ireland 8 IPs (total 51607564packets) • TCP-SYN to TCP/53601-60800 bdNOG10 maz@iij.ad.jp 14
  • 15. TCP/23 scanners Thenumberofoccurrences The number of packets sent by a source bdNOG10 maz@iij.ad.jp 15 Existing around here
  • 16. Security services based on scanning results • Many others, and each of them is scanning you • More new services means more scanning packets to your network bdNOG10 maz@iij.ad.jp 16
  • 17. Many hosts sending a few $%. . # % b8 b%, #% #% #,# $ , b1b %%#%#%%#% # .b@5 b LT ZOb%$ $]$$$$.bb $b$$, b Kb $$$b $%%b $ %bIK Mb $,bb6### ;2#$# ##### $]$$%$.bbK $%b$II%b K b% ,b$$ $b b %b %bb######### #K%. $]$$ $.bb b b b $ b M $b$L b ,bM%L bbK .PK $.U # C ## $]$$ $.bbL, MbM%% b I MbIL $b , bK MLb b Lbb##### ##]### .PT $]$$ $.bb Mb M ,b % b , b $ b M $b$L%Mb % bbMU O O $.U ## A $]$$ $.bbI, Lb%$,,bI$L,bI b I Lb$M $b M b %bb#a#####.DT#$##L% $]$$ $.bb %b b b Mb $ b b %b bb.W . LZ LLX %.Z $]$$ $.bb b b % b b b $%b$% %b bb .#4%.[ .: ##%. $]$$,$.bb % b % bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb%.WL $%. . # ,%%b8 b%, #% #% #,# $ , b1b %%#%#%%#% # .b@5 b LT ZOb $ $]$$$$.bb $b$$ $b $ b $$$b $%%b L MbIK Mb $,bb6##$ #2#$#T #### $]$$%$.bbK $%b$II%b K b% ,b$$% bIL%$b %$$b L bb############3#T# $]$$ $.bb,KL b b$$$$b$$$$b$$$$b$$$$b % b$$$$bb##_ ######## ### $%. . $# , b8 b%, #% #% #,# , %$b1b %%#%#%%#% # .b7 bD>F b LW %, %% b¥PTb bU ZPUT bDS % , <9 >b[ , bL X $ TU ¥ Lb F b LT ZOb$ $]$$$$.bb $$b$$ b I b $$$b $$ b M KbIK Mb $,bb6##0 2#$##F#### $]$$%$.bbK $%b$II%bIKL b% ,bMK Lb b$$$$b$$$$bb#########T###### $]$$ $.bb $$ bMMMM K b$$$$b$ $ b$ ,b$ $ b$,$ bb####FP########## $]$$ $.bb$$ bM I b$$$$b$$$$b$%$ b$ $ bbbbbbbbbbbb# ########## $%. . %#,% %b8 b%, #% #% #,# , %$b1b %%#%#%%#% # .b7 bD>F b LW %, %% b¥PTb bU ZPUT bDS % , <9 >b[ bL X $ TU ¥ Lb F b LT ZOb$ $]$$$$.bb $$b$$ b I b $$$b $$ b M bIK Mb $,bb6##0 2#$##E#### $]$$%$.bbK $%b$II%bIKL b% ,bMK Lb b$$$$b$$$$bb#########T###### $]$$ $.bb $$ bMMMM K$ b$$$$b$ $ b$ ,b$ $ b$,$ bb####F########### $]$$ $.bb$$ bM %Ib$$$$b$$$$b$%$ b$ $ bbbbbbbbbbbb# ########## They send UDP packets, and then send TCP-SYN to the same destination port Probably... BitTorrent! bdNOG10 maz@iij.ad.jp 17
  • 18. This might be a P2P as well -/7/07/4+./3204vEKv./2+43+3.+.65+20142v;v/.6+.-.+..2+/-/+4337vNAK)vd]f_k`v145 -n----7vv12--v-.^Yv3Z-¥v1---v03..v[¥Y0v4¥1[v0¥[3vvB+++c+=+3+++rH:+ -n--.-7vv¥Z32v40[Yv¥-]0v-/^]v-.]3v]1]Yv155¥vY¥05vv+]j+++++++++D++5 -n--/-7vv[/.Yv3.]/v[.50v[11]v^.3/v[..6v665¥v¥/34vv++Y++++J+Z+++++_ -n--0-7vv20]Yv¥2Z[v4456vZ[^6v]0Z2v.Y.1v34--v/566vvL+++m+++++++_+&+ -n--1-7vv0..0v2155v-][6v4/0]v15/]v[][6v66.Zv-^^2vv.+M+++i;D+++++++ -n--2-7vv--45v1¥3^v464/v]53[v2¥^.v5¥Z-v¥/-.v.5[/vv+nIgoi+dU+++++++ -n--3-7vv..05v5-]4v4.¥2v[1Y1v[-Z]v/Z0^vY0Z]vZ[]¥vv+5++h+++++(<++++ 9t ; -n-.5-7vv]6Z.v-165v.-/6v¥]43v¥2^4v4ZZ¥v.[..v-Y1/vv+++++'+l++q++++? -n-.6-7vv-[Y3vZ]Z2v266[v2¥^Yv/¥Z-v5Y54v3]3^v2]24vv++++ +U+ +++fgVP -n-.Y-7vvY-]-v3^/^v551¥vY12¥v[06]v662]v/]Y/vY-0Yvv++g,+I+U+++V+++7 -n-.Z-7vv[4¥¥v3]6^v^51Yv.Y/2v4Y/0v/Z]4v./-5vZ]Z.vv++f++F+# !(+++++ -n-.[-7vv34/¥v¥^]]v^5-0v[Y0ZvY.30v66[]v51Z5v54[Zvv_ +++++8+[++++++ -n-.¥-7vv62^1v3Y5¥vZ]-0v0.05v/32Zv.^04v3/2[v3415vv++b+++.5$S+4ZT_D -n-.]-7vv-513v03^^v[44^v0Z]4v3.20v0331v-ZZ[v/^6^vv+C3+++8+YL3¥++,+ -n-.^-7vv0..6vYZ]]v.Z¥Zv/3Z^v03[0vvvvvvvvvvvvvvvvv.+++++$+3+ -/7/0714+245.55vEKv.4.+03+10+5+0-501v;v/.6+.-.+..2+/-/+4337vNAK)vd]f_k`v15/ -n----7vv12--v-.^]v3Z-^v1---v00..vZ250vYZ/1v/Z-5vvB+++c+=+0++++"(+ -n--.-7vv¥Z32v40[Yv454/v-/^]v-.]Yv//.Zv3]5]vZ/34vv+]j+ni++++ +f++_ -n--/-7vv]^]3v¥Z-¥v¥6/3v6[54v/5[6v31Y1v61]3v^.[^vv+++++$++&+¥+++++ -n--0-7vv]]3-v3623v5[¥2v3].4v.11Yv204]v5/Y4v.2[6vv+ a ++f++FLs++++ -n--1-7vv40¥5v3ZY3v[Z[]v¥0[6v0^1/vZ6Z1v01[4v^..[vvj+c+++++<?++1+++ -n--2-7vv6/03v3./4v3[4Yv344.v.¥]0vY/Y.v6Z^[vZ651vv+3Y%d _h++++++++ -n--3-7vv-^/2v0113v¥Z1¥v04-1v[610v45Y5vZ244v0^^[vv+#1C+I4++@n++m<+ 9t ; -n-.5-7vv]¥^4v35]Zv[¥Y6vZ-4/v[3[.vY//.v322]v0--4vv++`++++i+++ ]V-+ -n-.6-7vv6]¥0v[023v]/.Yv0Z.Zv^641v[61.v]¥2^v]Y2Yvv+++ ++8++k+>+W+ -n-.Y-7vv¥220v[1/0v^Z41v.1[/vZ2Z2v3/66v.06.v6^Z-vv+L+!+k++++Z+++++ -n-.Z-7vv]03/v-3[3v^Y1.v3-^1v01Y5v02Y-v53/-v^Y2[vv+Z+++> +1+2++++T -n-.[-7vv^.Z]v^¥3[vZ/..vY¥]3v[2.-v4^24v/-6¥v-450vv+++d+++++++P++++ -n-.¥-7vv^^5Zv1646v1Z/5v3¥4^v[^//v.^23v[-65v0.Z.vv++Eo &e++ + ++.+ -n-.]-7vv¥3/]v6[-5v0]1Yv]¥5/v¥53[v¥5^4v-6¥]v^654vv++++;F+++d++++++ -n-.^-7vv]5[.v-.01v]5][v0/Z5v5¥[^v5¥1¥v35Z¥vvvvvvv+++1++/++++I`+ bdNOG10 maz@iij.ad.jp 18
  • 19. Many hosts sending a few • There might be a wrong node information in the P2P network. • Based on that, many hosts are trying to connect the *nodes* • I guess users of the senders are not aware of this • Why such a wrong node information? • Someone made mistake on his/her configuration? • Someone is attacking the P2P network by injecting wrong nodes? • The number of unique senders might be indicating the number of P2P users bdNOG10 maz@iij.ad.jp 19
  • 20. Packets distribution: Receiver bdNOG10 maz@iij.ad.jp 20 Average 2758 packets/host A few hosts are receiving a lot Thenumberofoccurrences The number of packets received by a host
  • 21. A few hosts receiving the most of many packets from the many hosts Probably by a P2P application based on wrong nodes information bdNOG10 maz@iij.ad.jp 21 Thenumberofoccurrences The number of packets received by a hostThe number of packets sent by a sender
  • 22. Oh, yes. I see IP6 (41) packet 0, 3 00) " , 0 ) , -.,0, 2 ) 0 ) 30 " . 2 - 4), " ) 0 " " - 1 ,( .,10 . ,) 0 0 , ) 0 3 " 3 " 3 " 3 " 2 3 The PTR record of the sender looks like a HTTP server -> www134.cs.uic.edu Seems like it’s searching a router bdNOG10 maz@iij.ad.jp 22
  • 23. This explains that bdNOG10 maz@iij.ad.jp 23
  • 24. IP6 (41) 6to4 packet (,1'.1')&(-..)-]8 ] ' '$] ),($]KF]((0-)$] ]'$] CI ] 57 $] T ]8 X-] ( $] PI ]0) (0)& &00&(]2](, &)''& )& 1]8 -] CD ' ).-- $] KO () $]P CF T] 4 ] - ] C[ CF] PI 1] ) ]) ' 1- ''1 '',1 '011)'' & ]2])'')10 E 1)')E110 E 1)')E&-,)- 1] 7 CI ] & $]E O ' )-E(] E TT E $] S ')(),-'.$]CE ]).,00,.,(,$] KP]).)''$] K P ] O ( -'$P $P $ CE :9$P $ EC ] $] PI ]' ' ''''1 ,'']'',E]) DC] '''] D)0]- .']E', ]- '( 6&&@&&3&& P &>E& ' ''('1 0 E ])')E]-'')].-- ]'')']'-.E]) ' ]- '' &&&$ &XP&&&¥ & & ' '')'1 '',]' '0]'''']'''']''''])'' ])'')]0 E 3&&&&&&&&&&&&&&& ' '' '1 )')E]'''']'''']'''']0 E ])')E]'(DD] &$&&&&&&&&&$&&&& ' '' '1 (. .] ).]C (]0E'D] '()]-C '])-E(]'''' &&& &&&&&& 3 &&& ' '','1 ')' ]',,']'('(]' ')]'(' ]' ' &&& &&&&&&&& bdNOG10 maz@iij.ad.jp 24
  • 25. 6to4 reflections • Someone is using 6to4 with an IPv4 address from our prefix, and we got a reply Using 6to4 with wrong IPv4 address configuration 6to4 relay bdNOG10 maz@iij.ad.jp 25
  • 26. 6to4 reflections • Guesses • Configuration error and weird implementation made 6to4 enabled, and the host tried to access the Internet through it? • Someone using 6to4 space for IPv6 SYN-flooding? • We also observe ’ICMP6 TTL expired’ packet related to 6to4 bdNOG10 maz@iij.ad.jp 26
  • 27. Sudden traffic • 300Mbps toward a single destination • Many sources from different countries and economies • UDP, random source and destination port • Don’t fragment, 1052 bytes bdNOG10 maz@iij.ad.jp 27
  • 28. The sudden traffic • Firstly I assumed a P2P, but it looks strange • I couldn’t feel the intent of ‘commutation’ from the payloads • That’s just my feeling • So I counted • The byte distribution of the payload bdNOG10 maz@iij.ad.jp 28
  • 29. Byte distributions sometimes tell something pdf docx jpg m4apptx bdNOG10 maz@iij.ad.jp 29
  • 30. The byte distribution is too flat The UDP datagram bdNOG10 maz@iij.ad.jp 30
  • 31. Analysis of the sudden traffic • The payload is totally random • No intention for communication • OK, I suppose this a DDoS attack • But to the destination that is not serving anything? • Just mistake? • Lesson learned • Without any particular reason, sometimes you suddenly become a target of DDoS bdNOG10 maz@iij.ad.jp 31
  • 32. There was this kind of packet as well.. - - , P45P , P0P , -P625 P D I P -PP P , P< P P> P > P <P9 9<PP3 E 8 -PP<: P ;9P P< 9 P 9P P P PP > 11 -PP P P P P > P < P ;P ; PP1111 ;< I -PP P >P P >P P P ; ;P PP;< 9 D ; / DA 0 -PP P P P P P P P : PP< I>I . -PP P P P P P :P P PP I>I . >I -PP P P < P <P P P > P , <PP I 9DED -PP > P P < P P >P ,P < >P PPE 9DED E -PP <P P P P P P P PP 5 -PP P P P P P P P PP >I > -PP P P P : P P P P PPI . >I -PP P P P P P P P PP I>I I>I , -PP P P P P P P 9PPPPPPP >I ;<P I P P;<P 9 DP P;<P DIP P;<P EEIP P;< . IP II - 777 :AD . ; E< P:AD . P:AD . I>I P 777 ; I I>I . ; E<P PI>I . PI>I . I>I P PI>I P 777. ; E<P PI>I . I>I . >I P IP P P9DED E P P9DED E P 5P P 777P >I P>I . >I PI>I PI>I P>I bdNOG10 maz@iij.ad.jp 32
  • 33. Summary • We have background noise in the Internet (IPv4) • Malicious activities are observed • Yes, of course • Security service providers are also scanning you • Some other non-intentional or aftereffect-ish activities are also happening in the Internet • If you are unlucky, you might receive many packets without any particular reason bdNOG10 maz@iij.ad.jp 33