SlideShare a Scribd company logo

Internet Noise from Misconfigured Networks (1.1.1.0/24 and 1.0.0.0/24

MyNOG
MyNOG

Tom Paseka from Cloudflare presented on internet noise received on the IP blocks 1.1.1.0/24 and 1.0.0.0/24. He discussed that these blocks receive unwanted traffic such as from misconfigurations and misuse. Traffic levels have increased to 8-13Gbps from previous studies. Legitimate traffic makes up an estimated 7-13% and includes DNS queries. Availability testing found issues with over 30 ISPs null routing or using the blocks internally. Documentation recommends blocks like 192.0.2.0/24 for examples but sometimes they are still misused.

Education
1 of 34
Download to read offline
Internet Noise (1.1.1.0/24 and 1.0.0.0/24) Tom Paseka Adapted from Louis Poinsignon’s RIPE76 Presentation
Introduction to Cloudflare
Some numbers... ● 155+ PoPs and growing ● 72+ countries ● 186+ Internet exchanges ● >600bn Web requests a day ~10% of all web requests ● Regular DDoS attacks larger than 500Gbps, 300M PPS ● Largest attack seen 942Gbps ● >100bn DNS requests a day
About Cloudflare Cloudflare makes websites faster and safer using our globally distributed network to deliver essential services to any website ● Performance ● Content ● Optimisation ● Security ● 3rd party services ● Analytics ● Edge Computing
Who am I
Who am I? ● Tom Paseka ● Network Strategy @ Cloudflare ● Built huge amount of Cloudflare’s network. ● Worked in APAC/Australian ISPs for some time ● Thinking about the next generation of Cloudflare’s network
The IP Blocks
The IP Blocks ● Interesting IP ranges: 1.1.1.0/24 and 1.0.0.0/24 ● Partnership with APNIC Labs
The IP Blocks Let’s talk about Internet noise. Known to receive unwanted traffic: ● Misconfigurations ● Misuse ○ Proxy ○ Internal use
Routing History
What’s the Noise / Junk?
Traffic Levels ● Previous studies: ○ >100 Mb/s on 1.1.1.0/24 in 2010 ○ 100-1Gb/s on 1.0.0.0/8 in 2014 (https://conference.apnic.net/data/37/2014-02-27-prop-109_1393397866.pdf - Geoff Huston) ● 8-13 Gb/s in 2018 ○ 1 Gb/s solely on 1.1.1.1
Traffic Levels ● TCP traffic (mostly HTTP proxy, services). ○ Ports 443, 80, 8000, 8080, 8090, 8765 ● UDP traffic (some DNS, syslogs). ○ Ports 53, 514, 8000, 80, 8090 ● TP-Link DNS 1.0.0.19 ○ https://serverfault.com/questions/365613/ tp-link-routers-send-dns-queries-to-1-0-0-19- what-is-that/365630
Traffic source ● Aligned with internet populations: ○ Heavily weighted to source from China ○ USA, Other large Internet populations.
Bursts and patterns Two increases: ● 5 Gb/s → 8 Gb/s between 1600 and 1715 UTC ● 8 Gb/s → 12.5 Gb/s between 1715 and 2300 UTC ● Mostly on 1.1.1.7, 1.1.1.8, 1.1.1.9 and 1.1.1.10 ○ Destination 80 ○ Increase from China ○ No particular difference on source IP/net Short bursts: ● Only on 1.1.1.1 between 0100 and 0200 UTC for a few minutes ● 1-10 gigabits/sec ● UDP traffic source 123 (NTP) and 11211 (memcached) ○ Misconfigured network devices?
Bursts and patterns Also DHCP spikes. From Macau.
Legitimate Traffic? Filtering to only UDP/TCP 53, receiving a substantial amount of DNS traffic even before launch.
What’s Changed?
What’s Changed? Lots of previous studies into traffic profiles: Presentation from 10 years ago at NANOG49 (https://www.nanog.org/meetings/nanog49/presentations/Monday/karir-1slash8.pdf - Merit, APNIC & UMich) We still see iperf traffic (port 5000/5001). Around 10-20 times more traffic than previous studies. We estimate legitimate traffic to be around 7-13%
Availability?
Availability Thanks to the Atlas probes, we’ve run thousands of tests
Availability More than 30 major Internet Service Providers all around the world having issues. ● Many null-routing 1.1.1.1/32 ● 1.1.1.1/30 is a favorite point-to-point address ● But also using 1.0.0.0/24 for internal purposes (finding devices) ● Most of the ISPs are cleaning their configurations (more than a dozen fixed in less than a week). ● Few non-responses
Documentation
Documentation RFC-5737 https://tools.ietf.org/rfc/rfc5737.txt
Documentation Per RFC-5737: ● 192.0.2.0/24 ● 198.51.100.0/24 ● 203.0.113.0/24 Exist for the soul purpose of documentation, diagrams, etc. HOWEVER…..
Documentation
Just doing it wrong
Just doing it wrong Not the first time: ● https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse ● Won’t be the last...
Conclusions
Conclusions Many different types of misconfiguration Companies possibly leak their private data: ● Syslog ● DHCP data ● Other unknown We throw away all data, maintain privacy, but not everyone else is nice. Be vigilant about your own network and follow the best common practices.
Questions?
Thank you!

Recommended

Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
DIY Netflow Data Analytic with ELK Stack by CL Lee
DIY Netflow Data Analytic with ELK Stack by CL LeeDIY Netflow Data Analytic with ELK Stack by CL Lee
DIY Netflow Data Analytic with ELK Stack by CL LeeMyNOG
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengMyNOG
 
Open Connect Appliances - Jocelyn Ooi
Open Connect Appliances - Jocelyn OoiOpen Connect Appliances - Jocelyn Ooi
Open Connect Appliances - Jocelyn OoiMyNOG
 
The OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungThe OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungMyNOG
 
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail AliSP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail AliMyNOG
 
APNIC IPv6 Deployment
APNIC IPv6 DeploymentAPNIC IPv6 Deployment
APNIC IPv6 DeploymentAPNIC
 
npNOG 2: APNIC IPv6 deployment
npNOG 2: APNIC IPv6 deploymentnpNOG 2: APNIC IPv6 deployment
npNOG 2: APNIC IPv6 deploymentAPNIC
 

Recommended

Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
DIY Netflow Data Analytic with ELK Stack by CL Lee
DIY Netflow Data Analytic with ELK Stack by CL LeeDIY Netflow Data Analytic with ELK Stack by CL Lee
DIY Netflow Data Analytic with ELK Stack by CL LeeMyNOG
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengMyNOG
 
Open Connect Appliances - Jocelyn Ooi
Open Connect Appliances - Jocelyn OoiOpen Connect Appliances - Jocelyn Ooi
Open Connect Appliances - Jocelyn OoiMyNOG
 
The OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungThe OTT Challenge - Eric Leung
The OTT Challenge - Eric LeungMyNOG
 
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail AliSP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail Ali
SP Routing Innovation with Segment Routing, VXLAN and EVPN - Ismail AliMyNOG
 
APNIC IPv6 Deployment
APNIC IPv6 DeploymentAPNIC IPv6 Deployment
APNIC IPv6 DeploymentAPNIC
 
npNOG 2: APNIC IPv6 deployment
npNOG 2: APNIC IPv6 deploymentnpNOG 2: APNIC IPv6 deployment
npNOG 2: APNIC IPv6 deploymentAPNIC
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
RPKI and Me
RPKI and MeRPKI and Me
RPKI and MeMyNOG
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaMyNOG
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNICAPNIC
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsMyNOG
 
IPLC Analytic Dashboard - Mohd Rizal bin Mohd Ramly
IPLC Analytic Dashboard - Mohd Rizal bin Mohd RamlyIPLC Analytic Dashboard - Mohd Rizal bin Mohd Ramly
IPLC Analytic Dashboard - Mohd Rizal bin Mohd RamlyMyNOG
 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INTMyNOG
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP TransportMyNOG
 
100Gbps Core Network Deployment in an African Network - Mark Tinka
100Gbps Core Network Deployment in an African Network - Mark Tinka100Gbps Core Network Deployment in an African Network - Mark Tinka
100Gbps Core Network Deployment in an African Network - Mark TinkaMyNOG
 
ElasticISP
ElasticISPElasticISP
ElasticISPKHNOG
 
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina BargisenPLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina BargisenPROIDEA
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersSolarWinds
 
More specific announcments in BGP
More specific announcments in BGPMore specific announcments in BGP
More specific announcments in BGPAPNIC
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoMyNOG
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment UpdateBangladesh Network Operators Group
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraMyNOG
 
How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimMyNOG
 
CDN_Netflix_analysis
CDN_Netflix_analysisCDN_Netflix_analysis
CDN_Netflix_analysisSanket Jain
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
DNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from CloudflareDNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from CloudflareAPNIC
 
Keeping the Internet Fast and Resilient for You and Your Customers
Keeping the Internet Fast and Resilient for You and Your CustomersKeeping the Internet Fast and Resilient for You and Your Customers
Keeping the Internet Fast and Resilient for You and Your CustomersCloudflare
 

More Related Content

What's hot

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
RPKI and Me
RPKI and MeRPKI and Me
RPKI and MeMyNOG
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaMyNOG
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNICAPNIC
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsMyNOG
 
IPLC Analytic Dashboard - Mohd Rizal bin Mohd Ramly
IPLC Analytic Dashboard - Mohd Rizal bin Mohd RamlyIPLC Analytic Dashboard - Mohd Rizal bin Mohd Ramly
IPLC Analytic Dashboard - Mohd Rizal bin Mohd RamlyMyNOG
 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INTMyNOG
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP TransportMyNOG
 
100Gbps Core Network Deployment in an African Network - Mark Tinka
100Gbps Core Network Deployment in an African Network - Mark Tinka100Gbps Core Network Deployment in an African Network - Mark Tinka
100Gbps Core Network Deployment in an African Network - Mark TinkaMyNOG
 
ElasticISP
ElasticISPElasticISP
ElasticISPKHNOG
 
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina BargisenPLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina BargisenPROIDEA
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersSolarWinds
 
More specific announcments in BGP
More specific announcments in BGPMore specific announcments in BGP
More specific announcments in BGPAPNIC
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoMyNOG
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraMyNOG
 
How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimMyNOG
 
CDN_Netflix_analysis
CDN_Netflix_analysisCDN_Netflix_analysis
CDN_Netflix_analysisSanket Jain
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 

What's hot (20)

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
RPKI and Me
RPKI and MeRPKI and Me
RPKI and Me
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNIC
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield Systems
 
IPLC Analytic Dashboard - Mohd Rizal bin Mohd Ramly
IPLC Analytic Dashboard - Mohd Rizal bin Mohd RamlyIPLC Analytic Dashboard - Mohd Rizal bin Mohd Ramly
IPLC Analytic Dashboard - Mohd Rizal bin Mohd Ramly
 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INT
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP Transport
 
100Gbps Core Network Deployment in an African Network - Mark Tinka
100Gbps Core Network Deployment in an African Network - Mark Tinka100Gbps Core Network Deployment in an African Network - Mark Tinka
100Gbps Core Network Deployment in an African Network - Mark Tinka
 
ElasticISP
ElasticISPElasticISP
ElasticISP
 
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina BargisenPLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
PLNOG16: Netflix Open Connect is the Netflix proprietary CDN, Nina Bargisen
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
 
More specific announcments in BGP
More specific announcments in BGPMore specific announcments in BGP
More specific announcments in BGP
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment Update
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
 
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi KawamuraHigh Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
High Speed Fiber Services and Challenges to the Core Network by Seiichi Kawamura
 
How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC Lim
 
CDN_Netflix_analysis
CDN_Netflix_analysisCDN_Netflix_analysis
CDN_Netflix_analysis
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 

Similar to Internet Noise from Misconfigured Networks (1.1.1.0/24 and 1.0.0.0/24

DNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from CloudflareDNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from CloudflareAPNIC
 
Keeping the Internet Fast and Resilient for You and Your Customers
Keeping the Internet Fast and Resilient for You and Your CustomersKeeping the Internet Fast and Resilient for You and Your Customers
Keeping the Internet Fast and Resilient for You and Your CustomersCloudflare
 
Technical Debt: An Anycast Story
Technical Debt: An Anycast StoryTechnical Debt: An Anycast Story
Technical Debt: An Anycast StoryAPNIC
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationCloudflare
 
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenchesInternet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenchesAPNIC
 
Hadoop Networking at Datasift
Hadoop Networking at DatasiftHadoop Networking at Datasift
Hadoop Networking at Datasifthuguk
 
PLNOG 13: Bart Salaets: Optimising TCP in today’s changing network environment
PLNOG 13: Bart Salaets: Optimising TCP in today’s changing network environmentPLNOG 13: Bart Salaets: Optimising TCP in today’s changing network environment
PLNOG 13: Bart Salaets: Optimising TCP in today’s changing network environmentPROIDEA
 
Nginx performance 2015 09 23
Nginx performance 2015 09 23Nginx performance 2015 09 23
Nginx performance 2015 09 23Bruce Tolley
 
Making the Web Faster with User Level Networking: 2X NGINX Performance Increa...
Making the Web Faster with User Level Networking: 2X NGINX Performance Increa...Making the Web Faster with User Level Networking: 2X NGINX Performance Increa...
Making the Web Faster with User Level Networking: 2X NGINX Performance Increa...Bruce Tolley
 
What's Inside Cloudflare Mobile SDK
What's Inside Cloudflare Mobile SDKWhat's Inside Cloudflare Mobile SDK
What's Inside Cloudflare Mobile SDKMeghan Weinreich
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthNicolas Brousse
 
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...PROIDEA
 
WebRTC overview
WebRTC overviewWebRTC overview
WebRTC overviewRouyun Pan
 
The New Edge of the Network
The New Edge of the NetworkThe New Edge of the Network
The New Edge of the NetworkTom Paseka
 

Similar to Internet Noise from Misconfigured Networks (1.1.1.0/24 and 1.0.0.0/24 (20)

DNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from CloudflareDNS resolver 1.1.1.1 from Cloudflare
DNS resolver 1.1.1.1 from Cloudflare
 
Keeping the Internet Fast and Resilient for You and Your Customers
Keeping the Internet Fast and Resilient for You and Your CustomersKeeping the Internet Fast and Resilient for You and Your Customers
Keeping the Internet Fast and Resilient for You and Your Customers
 
SPDY @Zynga
SPDY @ZyngaSPDY @Zynga
SPDY @Zynga
 
Technical Debt: An Anycast Story
Technical Debt: An Anycast StoryTechnical Debt: An Anycast Story
Technical Debt: An Anycast Story
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and Mitigation
 
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenchesInternet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
 
Hadoop Networking at Datasift
Hadoop Networking at DatasiftHadoop Networking at Datasift
Hadoop Networking at Datasift
 
PLNOG 13: Bart Salaets: Optimising TCP in today’s changing network environment
PLNOG 13: Bart Salaets: Optimising TCP in today’s changing network environmentPLNOG 13: Bart Salaets: Optimising TCP in today’s changing network environment
PLNOG 13: Bart Salaets: Optimising TCP in today’s changing network environment
 
Nginx performance 2015 09 23
Nginx performance 2015 09 23Nginx performance 2015 09 23
Nginx performance 2015 09 23
 
Making the Web Faster with User Level Networking: 2X NGINX Performance Increa...
Making the Web Faster with User Level Networking: 2X NGINX Performance Increa...Making the Web Faster with User Level Networking: 2X NGINX Performance Increa...
Making the Web Faster with User Level Networking: 2X NGINX Performance Increa...
 
What's Inside Cloudflare Mobile SDK
What's Inside Cloudflare Mobile SDKWhat's Inside Cloudflare Mobile SDK
What's Inside Cloudflare Mobile SDK
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
 
IPv6 @ Cloudflare
IPv6 @ CloudflareIPv6 @ Cloudflare
IPv6 @ Cloudflare
 
Profinet design basics - Andy Williams
Profinet design basics - Andy WilliamsProfinet design basics - Andy Williams
Profinet design basics - Andy Williams
 
Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams
 
5. profinet network design andy gilbert
5. profinet network design andy gilbert5. profinet network design andy gilbert
5. profinet network design andy gilbert
 
Network
NetworkNetwork
Network
 
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...
PLNOG14: Waltzing on that gentle trade‐off between internet routes and FIB sp...
 
WebRTC overview
WebRTC overviewWebRTC overview
WebRTC overview
 
The New Edge of the Network
The New Edge of the NetworkThe New Edge of the Network
The New Edge of the Network
 

More from MyNOG

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10MyNOG
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023MyNOG
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksMyNOG
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersMyNOG
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureMyNOG
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network ControllerMyNOG
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformMyNOG
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalidsMyNOG
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXMyNOG
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in KubernetesMyNOG
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKIMyNOG
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmMyNOG
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEMyNOG
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...MyNOG
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveMyNOG
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...MyNOG
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...MyNOG
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyNOG
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...MyNOG
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearMyNOG
 

More from MyNOG (20)

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network Controller
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIX
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
 

Recently uploaded

A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 

Recently uploaded (20)

A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 

Internet Noise from Misconfigured Networks (1.1.1.0/24 and 1.0.0.0/24

  • 1. Internet Noise (1.1.1.0/24 and 1.0.0.0/24) Tom Paseka Adapted from Louis Poinsignon’s RIPE76 Presentation
  • 3. Some numbers... ● 155+ PoPs and growing ● 72+ countries ● 186+ Internet exchanges ● >600bn Web requests a day ~10% of all web requests ● Regular DDoS attacks larger than 500Gbps, 300M PPS ● Largest attack seen 942Gbps ● >100bn DNS requests a day
  • 4.
  • 5. About Cloudflare Cloudflare makes websites faster and safer using our globally distributed network to deliver essential services to any website ● Performance ● Content ● Optimisation ● Security ● 3rd party services ● Analytics ● Edge Computing
  • 6.
  • 8. Who am I? ● Tom Paseka ● Network Strategy @ Cloudflare ● Built huge amount of Cloudflare’s network. ● Worked in APAC/Australian ISPs for some time ● Thinking about the next generation of Cloudflare’s network
  • 10. The IP Blocks ● Interesting IP ranges: 1.1.1.0/24 and 1.0.0.0/24 ● Partnership with APNIC Labs
  • 11. The IP Blocks Let’s talk about Internet noise. Known to receive unwanted traffic: ● Misconfigurations ● Misuse ○ Proxy ○ Internal use
  • 14. Traffic Levels ● Previous studies: ○ >100 Mb/s on 1.1.1.0/24 in 2010 ○ 100-1Gb/s on 1.0.0.0/8 in 2014 (https://conference.apnic.net/data/37/2014-02-27-prop-109_1393397866.pdf - Geoff Huston) ● 8-13 Gb/s in 2018 ○ 1 Gb/s solely on 1.1.1.1
  • 15. Traffic Levels ● TCP traffic (mostly HTTP proxy, services). ○ Ports 443, 80, 8000, 8080, 8090, 8765 ● UDP traffic (some DNS, syslogs). ○ Ports 53, 514, 8000, 80, 8090 ● TP-Link DNS 1.0.0.19 ○ https://serverfault.com/questions/365613/ tp-link-routers-send-dns-queries-to-1-0-0-19- what-is-that/365630
  • 16. Traffic source ● Aligned with internet populations: ○ Heavily weighted to source from China ○ USA, Other large Internet populations.
  • 17. Bursts and patterns Two increases: ● 5 Gb/s → 8 Gb/s between 1600 and 1715 UTC ● 8 Gb/s → 12.5 Gb/s between 1715 and 2300 UTC ● Mostly on 1.1.1.7, 1.1.1.8, 1.1.1.9 and 1.1.1.10 ○ Destination 80 ○ Increase from China ○ No particular difference on source IP/net Short bursts: ● Only on 1.1.1.1 between 0100 and 0200 UTC for a few minutes ● 1-10 gigabits/sec ● UDP traffic source 123 (NTP) and 11211 (memcached) ○ Misconfigured network devices?
  • 18. Bursts and patterns Also DHCP spikes. From Macau.
  • 19. Legitimate Traffic? Filtering to only UDP/TCP 53, receiving a substantial amount of DNS traffic even before launch.
  • 21. What’s Changed? Lots of previous studies into traffic profiles: Presentation from 10 years ago at NANOG49 (https://www.nanog.org/meetings/nanog49/presentations/Monday/karir-1slash8.pdf - Merit, APNIC & UMich) We still see iperf traffic (port 5000/5001). Around 10-20 times more traffic than previous studies. We estimate legitimate traffic to be around 7-13%
  • 23. Availability Thanks to the Atlas probes, we’ve run thousands of tests
  • 24. Availability More than 30 major Internet Service Providers all around the world having issues. ● Many null-routing 1.1.1.1/32 ● 1.1.1.1/30 is a favorite point-to-point address ● But also using 1.0.0.0/24 for internal purposes (finding devices) ● Most of the ISPs are cleaning their configurations (more than a dozen fixed in less than a week). ● Few non-responses
  • 27. Documentation Per RFC-5737: ● 192.0.2.0/24 ● 198.51.100.0/24 ● 203.0.113.0/24 Exist for the soul purpose of documentation, diagrams, etc. HOWEVER…..
  • 29. Just doing it wrong
  • 30. Just doing it wrong Not the first time: ● https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse ● Won’t be the last...
  • 32. Conclusions Many different types of misconfiguration Companies possibly leak their private data: ● Syslog ● DHCP data ● Other unknown We throw away all data, maintain privacy, but not everyone else is nice. Be vigilant about your own network and follow the best common practices.