MyNOG, profile picture
Uploaded byMyNOG
530 views

Internet Noise (A Story About Two Little Subnets - Tom Paseka

Tom Paseka from Cloudflare presented on internet noise received on the IP blocks 1.1.1.0/24 and 1.0.0.0/24. He discussed that these blocks receive unwanted traffic such as from misconfigurations and misuse. Traffic levels have increased to 8-13Gbps from previous studies. Legitimate traffic makes up an estimated 7-13% and includes DNS queries. Availability testing found issues with over 30 ISPs null routing or using the blocks internally. Documentation recommends blocks like 192.0.2.0/24 for examples but sometimes they are still misused.

Embed presentation

Downloaded 17 times
Internet Noise (1.1.1.0/24 and 1.0.0.0/24) Tom Paseka Adapted from Louis Poinsignon’s RIPE76 Presentation
Introduction to Cloudflare
Some numbers... ● 155+ PoPs and growing ● 72+ countries ● 186+ Internet exchanges ● >600bn Web requests a day ~10% of all web requests ● Regular DDoS attacks larger than 500Gbps, 300M PPS ● Largest attack seen 942Gbps ● >100bn DNS requests a day
About Cloudflare Cloudflare makes websites faster and safer using our globally distributed network to deliver essential services to any website ● Performance ● Content ● Optimisation ● Security ● 3rd party services ● Analytics ● Edge Computing
Who am I
Who am I? ● Tom Paseka ● Network Strategy @ Cloudflare ● Built huge amount of Cloudflare’s network. ● Worked in APAC/Australian ISPs for some time ● Thinking about the next generation of Cloudflare’s network
The IP Blocks
The IP Blocks ● Interesting IP ranges: 1.1.1.0/24 and 1.0.0.0/24 ● Partnership with APNIC Labs
The IP Blocks Let’s talk about Internet noise. Known to receive unwanted traffic: ● Misconfigurations ● Misuse ○ Proxy ○ Internal use
Routing History
What’s the Noise / Junk?
Traffic Levels ● Previous studies: ○ >100 Mb/s on 1.1.1.0/24 in 2010 ○ 100-1Gb/s on 1.0.0.0/8 in 2014 (https://conference.apnic.net/data/37/2014-02-27-prop-109_1393397866.pdf - Geoff Huston) ● 8-13 Gb/s in 2018 ○ 1 Gb/s solely on 1.1.1.1
Traffic Levels ● TCP traffic (mostly HTTP proxy, services). ○ Ports 443, 80, 8000, 8080, 8090, 8765 ● UDP traffic (some DNS, syslogs). ○ Ports 53, 514, 8000, 80, 8090 ● TP-Link DNS 1.0.0.19 ○ https://serverfault.com/questions/365613/ tp-link-routers-send-dns-queries-to-1-0-0-19- what-is-that/365630
Traffic source ● Aligned with internet populations: ○ Heavily weighted to source from China ○ USA, Other large Internet populations.
Bursts and patterns Two increases: ● 5 Gb/s → 8 Gb/s between 1600 and 1715 UTC ● 8 Gb/s → 12.5 Gb/s between 1715 and 2300 UTC ● Mostly on 1.1.1.7, 1.1.1.8, 1.1.1.9 and 1.1.1.10 ○ Destination 80 ○ Increase from China ○ No particular difference on source IP/net Short bursts: ● Only on 1.1.1.1 between 0100 and 0200 UTC for a few minutes ● 1-10 gigabits/sec ● UDP traffic source 123 (NTP) and 11211 (memcached) ○ Misconfigured network devices?
Bursts and patterns Also DHCP spikes. From Macau.
Legitimate Traffic? Filtering to only UDP/TCP 53, receiving a substantial amount of DNS traffic even before launch.
What’s Changed?
What’s Changed? Lots of previous studies into traffic profiles: Presentation from 10 years ago at NANOG49 (https://www.nanog.org/meetings/nanog49/presentations/Monday/karir-1slash8.pdf - Merit, APNIC & UMich) We still see iperf traffic (port 5000/5001). Around 10-20 times more traffic than previous studies. We estimate legitimate traffic to be around 7-13%
Availability?
Availability Thanks to the Atlas probes, we’ve run thousands of tests
Availability More than 30 major Internet Service Providers all around the world having issues. ● Many null-routing 1.1.1.1/32 ● 1.1.1.1/30 is a favorite point-to-point address ● But also using 1.0.0.0/24 for internal purposes (finding devices) ● Most of the ISPs are cleaning their configurations (more than a dozen fixed in less than a week). ● Few non-responses
Documentation
Documentation RFC-5737 https://tools.ietf.org/rfc/rfc5737.txt
Documentation Per RFC-5737: ● 192.0.2.0/24 ● 198.51.100.0/24 ● 203.0.113.0/24 Exist for the soul purpose of documentation, diagrams, etc. HOWEVER…..
Documentation
Just doing it wrong
Just doing it wrong Not the first time: ● https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse ● Won’t be the last...
Conclusions
Conclusions Many different types of misconfiguration Companies possibly leak their private data: ● Syslog ● DHCP data ● Other unknown We throw away all data, maintain privacy, but not everyone else is nice. Be vigilant about your own network and follow the best common practices.
Questions?
Thank you!

More Related Content

PDF
Open Connect Appliances - Jocelyn Ooi
byMyNOG
 
PDF
npNOG 2: APNIC IPv6 deployment
byAPNIC
 
PPTX
APNIC IPv6 Deployment
byAPNIC
 
PDF
The OTT Challenge - Eric Leung
byMyNOG
 
PDF
DIY Netflow Data Analytic with ELK Stack by CL Lee
byMyNOG
 
PDF
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
byMyNOG
 
PDF
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
byMyNOG
 
PDF
Next Generation DDoS Services – can we do this with NFV? - CF Chui
byMyNOG
 
Open Connect Appliances - Jocelyn Ooi
byMyNOG
 
npNOG 2: APNIC IPv6 deployment
byAPNIC
 
APNIC IPv6 Deployment
byAPNIC
 
The OTT Challenge - Eric Leung
byMyNOG
 
DIY Netflow Data Analytic with ELK Stack by CL Lee
byMyNOG
 
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
byMyNOG
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
byMyNOG
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
byMyNOG
 

What's hot

PPTX
How to Configure NetFlow v5 & v9 on Cisco Routers
bySolarWinds
 
PDF
Engineering The New IP Transport
byMyNOG
 
PPTX
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
byPROIDEA
 
PPTX
IPv6 deployment at APNIC
byAPNIC
 
PPTX
Tutorial: Using GoBGP as an IXP connecting router
byShu Sugimoto
 
PDF
CDN_Netflix_analysis
bySanket Jain
 
PDF
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
byMyNOG
 
PDF
RPKI and Me
byMyNOG
 
PDF
Next Gen Monitoring with INT
byMyNOG
 
PDF
How Data Center Traffic is Changing Your Network by KC Lim
byMyNOG
 
PDF
100Gbps Core Network Deployment in an African Network - Mark Tinka
byMyNOG
 
PDF
MyIX Updates
byMyNOG
 
PDF
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
byMyNOG
 
PDF
DDOS Mitigation Experience from IP ServerOne by CL Lee
byMyNOG
 
PDF
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
byMyNOG
 
PDF
ElasticISP
byKHNOG
 
PDF
IPv6 Deployment Update
byBangladesh Network Operators Group
 
PDF
APNIC Updates
byMyNOG
 
PDF
More specific announcments in BGP
byAPNIC
 
How to Configure NetFlow v5 & v9 on Cisco Routers
bySolarWinds
 
Engineering The New IP Transport
byMyNOG
 
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
byPROIDEA
 
IPv6 deployment at APNIC
byAPNIC
 
Tutorial: Using GoBGP as an IXP connecting router
byShu Sugimoto
 
CDN_Netflix_analysis
bySanket Jain
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
byMyNOG
 
RPKI and Me
byMyNOG
 
Next Gen Monitoring with INT
byMyNOG
 
How Data Center Traffic is Changing Your Network by KC Lim
byMyNOG
 
100Gbps Core Network Deployment in an African Network - Mark Tinka
byMyNOG
 
MyIX Updates
byMyNOG
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
byMyNOG
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
byMyNOG
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
byMyNOG
 
ElasticISP
byKHNOG
 
IPv6 Deployment Update
byBangladesh Network Operators Group
 
APNIC Updates
byMyNOG
 
More specific announcments in BGP
byAPNIC
 

Similar to Internet Noise (A Story About Two Little Subnets - Tom Paseka

PDF
DNS resolver 1.1.1.1 from Cloudflare
byAPNIC
 
PDF
packet traveling (pre cloud)
byiman darabi
 
PPTX
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
byFwdays
 
PDF
Google Cloud Platform - Networking 101 overview
byz2dbyj92m8
 
PDF
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
byAPNIC
 
PDF
KHNOG 3: DDoS Attack Prevention
byAPNIC
 
PDF
Zdalna komunikacja sieciowa - zagadnienia sieciowe
byAgnieszka Kuba
 
PDF
Spoofing and Denial of Service: A risk to the decentralized Internet
byAPNIC
 
PPTX
Packet Analysis - Course Technology Computing Conference
byCengage Learning
 
PDF
Please Give Me Back My Network Cables! On Networking Limits in AWS
bySteffen Gebert
 
PDF
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
byAPNIC
 
PDF
DDoS And Spoofing, a risk to the decentralized internet
byTom Paseka
 
PPT
CCNA Exam by quangkien@gmail.com - for CCNA test
byepro2k71
 
PDF
APRICOT 2012 - Living with the ever-growing BGP table: an OCN story
byChika Yoshimura
 
PDF
APRICOT 2012 - Living with the ever-growing BGP table: an OCN story
by直樹 益子
 
PPT
tcpip.ppt
byGreenSignal
 
PPT
Day2
byJai4uk
 
PDF
Virus Bulletin 2012
byCloudflare
 
PPT
Internet 101
bylzeltzer
 
PPT
Afcea 4 internet networks
byPaul Strassmann
 
DNS resolver 1.1.1.1 from Cloudflare
byAPNIC
 
packet traveling (pre cloud)
byiman darabi
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
byFwdays
 
Google Cloud Platform - Networking 101 overview
byz2dbyj92m8
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
byAPNIC
 
KHNOG 3: DDoS Attack Prevention
byAPNIC
 
Zdalna komunikacja sieciowa - zagadnienia sieciowe
byAgnieszka Kuba
 
Spoofing and Denial of Service: A risk to the decentralized Internet
byAPNIC
 
Packet Analysis - Course Technology Computing Conference
byCengage Learning
 
Please Give Me Back My Network Cables! On Networking Limits in AWS
bySteffen Gebert
 
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
byAPNIC
 
DDoS And Spoofing, a risk to the decentralized internet
byTom Paseka
 
CCNA Exam by quangkien@gmail.com - for CCNA test
byepro2k71
 
APRICOT 2012 - Living with the ever-growing BGP table: an OCN story
byChika Yoshimura
 
APRICOT 2012 - Living with the ever-growing BGP table: an OCN story
by直樹 益子
 
tcpip.ppt
byGreenSignal
 
Day2
byJai4uk
 
Virus Bulletin 2012
byCloudflare
 
Internet 101
bylzeltzer
 
Afcea 4 internet networks
byPaul Strassmann
 

More from MyNOG

PDF
Peering Personal MyNOG-10
byMyNOG
 
PDF
Securing the Onion: 5G Cloud Native Infrastructure
byMyNOG
 
PDF
Embedded CDNs in 2023
byMyNOG
 
PDF
Introducing Peering LAN 2.0 at DE-CIX
byMyNOG
 
PDF
Edge virtualisation for Carrier Networks
byMyNOG
 
PDF
Hierarchical Network Controller
byMyNOG
 
PDF
Cleaning up your RPKI invalids
byMyNOG
 
PDF
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
byMyNOG
 
PDF
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
byMyNOG
 
PDF
Building a Connected Future: The Power of Interconnection
byMyNOG
 
PDF
Equinix: New Markets, New Frontiers
byMyNOG
 
PDF
Cloud SDN: BGP Peering and RPKI
byMyNOG
 
PDF
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
byMyNOG
 
PDF
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
byMyNOG
 
PDF
SRv6: DEPLOYMENT & USECASES by Aditya Kaul
byMyNOG
 
PDF
SDM – A New (Subsea) Cable Paradigm
byMyNOG
 
PDF
Load balancing and Service in Kubernetes
byMyNOG
 
PDF
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
byMyNOG
 
PDF
MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
byMyNOG
 
PDF
Strategies for Seamless Recovery in a Dynamic Data Landscape
byMyNOG
 
Peering Personal MyNOG-10
byMyNOG
 
Securing the Onion: 5G Cloud Native Infrastructure
byMyNOG
 
Embedded CDNs in 2023
byMyNOG
 
Introducing Peering LAN 2.0 at DE-CIX
byMyNOG
 
Edge virtualisation for Carrier Networks
byMyNOG
 
Hierarchical Network Controller
byMyNOG
 
Cleaning up your RPKI invalids
byMyNOG
 
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
byMyNOG
 
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
byMyNOG
 
Building a Connected Future: The Power of Interconnection
byMyNOG
 
Equinix: New Markets, New Frontiers
byMyNOG
 
Cloud SDN: BGP Peering and RPKI
byMyNOG
 
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
byMyNOG
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
byMyNOG
 
SRv6: DEPLOYMENT & USECASES by Aditya Kaul
byMyNOG
 
SDM – A New (Subsea) Cable Paradigm
byMyNOG
 
Load balancing and Service in Kubernetes
byMyNOG
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
byMyNOG
 
MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
byMyNOG
 
Strategies for Seamless Recovery in a Dynamic Data Landscape
byMyNOG
 

Recently uploaded

PDF
Basics of Systematic Literature Search - Nasra Gathoni
bySystematic Reviews Network (SRN)
 
PPTX
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
DOCX
TOXICITY AND ITS MANAGEMENT 6th sem unit 5, PHARMACOLOGY-III B. PHARMACY
byjagdeepsinghynr7
 
PPTX
CLASS -9 POLITICAL SCIENCE PPT CHAPTER -5 DEMOCRATIC RIGHTS.pptx
bydushyantchavhan
 
PDF
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
PPTX
Cost of Capital - Cost of Equity, Cost of debenture, Cost of Preference share...
bySundar B N
 
PDF
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PDF
The Drift Principle: When Information Accelerates Faster Than Minds Can Compress
byReality Drift Archive
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PPTX
15 December 2025 Education for human flourishing Michael Stevenson .pptx
byEduSkills OECD
 
PPTX
Vitamins and mineral deficiency , signs and symptoms associated with exercise
byvirupa chandrika reddy
 
PPTX
Searching in PubMed andCochrane_Practical Presentation.pptx
bySystematic Reviews Network (SRN)
 
PDF
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PDF
1ST APPLICATION FOR ANNULMENT (4)8787666.pdf
bykonstantinantountoum1
 
PDF
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
PDF
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PDF
Blue / Green: Troop Leading Procedure (TLP) Overview.pdf
byBlue / Green Training
 
DOCX
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
Basics of Systematic Literature Search - Nasra Gathoni
bySystematic Reviews Network (SRN)
 
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
TOXICITY AND ITS MANAGEMENT 6th sem unit 5, PHARMACOLOGY-III B. PHARMACY
byjagdeepsinghynr7
 
CLASS -9 POLITICAL SCIENCE PPT CHAPTER -5 DEMOCRATIC RIGHTS.pptx
bydushyantchavhan
 
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
Cost of Capital - Cost of Equity, Cost of debenture, Cost of Preference share...
bySundar B N
 
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
The Drift Principle: When Information Accelerates Faster Than Minds Can Compress
byReality Drift Archive
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
15 December 2025 Education for human flourishing Michael Stevenson .pptx
byEduSkills OECD
 
Vitamins and mineral deficiency , signs and symptoms associated with exercise
byvirupa chandrika reddy
 
Searching in PubMed andCochrane_Practical Presentation.pptx
bySystematic Reviews Network (SRN)
 
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
1ST APPLICATION FOR ANNULMENT (4)8787666.pdf
bykonstantinantountoum1
 
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
Blue / Green: Troop Leading Procedure (TLP) Overview.pdf
byBlue / Green Training
 
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 

Internet Noise (A Story About Two Little Subnets - Tom Paseka

  • 1.
    Internet Noise (1.1.1.0/24and 1.0.0.0/24) Tom Paseka Adapted from Louis Poinsignon’s RIPE76 Presentation
  • 2.
  • 3.
    Some numbers... ● 155+PoPs and growing ● 72+ countries ● 186+ Internet exchanges ● >600bn Web requests a day ~10% of all web requests ● Regular DDoS attacks larger than 500Gbps, 300M PPS ● Largest attack seen 942Gbps ● >100bn DNS requests a day
  • 5.
    About Cloudflare Cloudflare makeswebsites faster and safer using our globally distributed network to deliver essential services to any website ● Performance ● Content ● Optimisation ● Security ● 3rd party services ● Analytics ● Edge Computing
  • 7.
  • 8.
    Who am I? ●Tom Paseka ● Network Strategy @ Cloudflare ● Built huge amount of Cloudflare’s network. ● Worked in APAC/Australian ISPs for some time ● Thinking about the next generation of Cloudflare’s network
  • 9.
  • 10.
    The IP Blocks ●Interesting IP ranges: 1.1.1.0/24 and 1.0.0.0/24 ● Partnership with APNIC Labs
  • 11.
    The IP Blocks Let’stalk about Internet noise. Known to receive unwanted traffic: ● Misconfigurations ● Misuse ○ Proxy ○ Internal use
  • 12.
  • 13.
  • 14.
    Traffic Levels ● Previousstudies: ○ >100 Mb/s on 1.1.1.0/24 in 2010 ○ 100-1Gb/s on 1.0.0.0/8 in 2014 (https://conference.apnic.net/data/37/2014-02-27-prop-109_1393397866.pdf - Geoff Huston) ● 8-13 Gb/s in 2018 ○ 1 Gb/s solely on 1.1.1.1
  • 15.
    Traffic Levels ● TCPtraffic (mostly HTTP proxy, services). ○ Ports 443, 80, 8000, 8080, 8090, 8765 ● UDP traffic (some DNS, syslogs). ○ Ports 53, 514, 8000, 80, 8090 ● TP-Link DNS 1.0.0.19 ○ https://serverfault.com/questions/365613/ tp-link-routers-send-dns-queries-to-1-0-0-19- what-is-that/365630
  • 16.
    Traffic source ● Alignedwith internet populations: ○ Heavily weighted to source from China ○ USA, Other large Internet populations.
  • 17.
    Bursts and patterns Twoincreases: ● 5 Gb/s → 8 Gb/s between 1600 and 1715 UTC ● 8 Gb/s → 12.5 Gb/s between 1715 and 2300 UTC ● Mostly on 1.1.1.7, 1.1.1.8, 1.1.1.9 and 1.1.1.10 ○ Destination 80 ○ Increase from China ○ No particular difference on source IP/net Short bursts: ● Only on 1.1.1.1 between 0100 and 0200 UTC for a few minutes ● 1-10 gigabits/sec ● UDP traffic source 123 (NTP) and 11211 (memcached) ○ Misconfigured network devices?
  • 18.
    Bursts and patterns AlsoDHCP spikes. From Macau.
  • 19.
    Legitimate Traffic? Filtering toonly UDP/TCP 53, receiving a substantial amount of DNS traffic even before launch.
  • 20.
  • 21.
    What’s Changed? Lots ofprevious studies into traffic profiles: Presentation from 10 years ago at NANOG49 (https://www.nanog.org/meetings/nanog49/presentations/Monday/karir-1slash8.pdf - Merit, APNIC & UMich) We still see iperf traffic (port 5000/5001). Around 10-20 times more traffic than previous studies. We estimate legitimate traffic to be around 7-13%
  • 22.
  • 23.
    Availability Thanks to theAtlas probes, we’ve run thousands of tests
  • 24.
    Availability More than 30major Internet Service Providers all around the world having issues. ● Many null-routing 1.1.1.1/32 ● 1.1.1.1/30 is a favorite point-to-point address ● But also using 1.0.0.0/24 for internal purposes (finding devices) ● Most of the ISPs are cleaning their configurations (more than a dozen fixed in less than a week). ● Few non-responses
  • 25.
  • 26.
  • 27.
    Documentation Per RFC-5737: ● 192.0.2.0/24 ●198.51.100.0/24 ● 203.0.113.0/24 Exist for the soul purpose of documentation, diagrams, etc. HOWEVER…..
  • 28.
  • 29.
  • 30.
    Just doing itwrong Not the first time: ● https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse ● Won’t be the last...
  • 31.
  • 32.
    Conclusions Many different typesof misconfiguration Companies possibly leak their private data: ● Syslog ● DHCP data ● Other unknown We throw away all data, maintain privacy, but not everyone else is nice. Be vigilant about your own network and follow the best common practices.
  • 33.
  • 34.