George Michaelson's presentation on End User DNS Measurement at APNIC @ ‘Technical: Measure Like We, Measure with Us: Ensuring the Quality of DNS Measuring'
George Michaelson's presentation on End User DNS Measurement at APNIC @ ‘Technical: Measure Like We, Measure with Us: Ensuring the Quality of DNS Measuring'
Presented by Elly Tawhai, APNIC Senior Hostmaster, at the 2017 New Zealand Network Operators Group (NZNOG) meeting was held in Tauranga, New Zealand from 26 to 27 January.
Rolling the Root Zone DNSSEC Key Signing Key, by Edward Lewis.
A presentation given at APNIC 42's DNS and INR Security session on Monday, 3 October 2016.
Community Engagement Specialist, Sunny Chendi, provides an update of APNIC's service initiatives and activities at the second Nepal Network Operators Group meeting in Kathmandu.
Presented by Elly Tawhai, APNIC Senior Hostmaster, at the 2017 New Zealand Network Operators Group (NZNOG) meeting was held in Tauranga, New Zealand from 26 to 27 January.
Rolling the Root Zone DNSSEC Key Signing Key, by Edward Lewis.
A presentation given at APNIC 42's DNS and INR Security session on Monday, 3 October 2016.
Community Engagement Specialist, Sunny Chendi, provides an update of APNIC's service initiatives and activities at the second Nepal Network Operators Group meeting in Kathmandu.
Mobility solutions from emediaIT, K2 and Microsoft provide your workforce with the ability to work anywhere, anytime while also improving efficiency and reducing costs.
How to be Successful with Responsive Sites (Koombea & NGINX) - EnglishKoombea
Can't decide if your organization should build a mobile app or responsive website? Do you interact with consumer-facing products or large scale developments?
This guide gives you an idea of what Responsive is, why you should use it, and then DIGS deep into the technical aspect and how to optimize for performance.
By: David Bohorquez & Rick Nelson
Data-Driven Transformation: Leveraging Big Data at Showtime with Apache SparkDatabricks
Interested in learning how Showtime is leveraging the power of Spark to transform a traditional premium cable network into a data-savvy analytical competitor? The growth in our over-the-top (OTT) streaming subscription business has led to an abundance of user-level data not previously available. To capitalize on this opportunity, we have been building and evolving our unified platform which allows data scientists and business analysts to tap into this rich behavioral data to support our business goals. We will share how our small team of data scientists is creating meaningful features which capture the nuanced relationships between users and content; productionizing machine learning models; and leveraging MLflow to optimize the runtime of our pipelines, track the accuracy of our models, and log the quality of our data over time. From data wrangling and exploration to machine learning and automation, we are augmenting our data supply chain by constantly rolling out new capabilities and analytical products to help the organization better understand our subscribers, our content, and our path forward to a data-driven future.
Authors: Josh McNutt, Keria Bermudez-Hernandez
Eric Proegler Oredev Performance Testing in New ContextsEric Proegler
Virtualization, Cloud Deployments, and Cloud-Based Tools have challenged and changed performance testing practices. Today’s performance tester can summons tens of thousands of virtual users from the cloud in a few minutes at a cost far lower than the expensive on-premise installations of yesteryear.
Meanwhile, systems under test have changed more. Updated software stacks have increased the complexity of scripting and performance measurement, but the biggest changes are in the nature and quantities of resources powering the systems. Interpreting resource usage when resources are shared on a private virtualization platform is exceedingly difficult. Understanding resources when they live in a large public cloud is impossible.
Developing multi-functional “sensor” web service platform for citizen sensingSnowflake Software
This presentation, as presetned at the INSPIRE Conference 2013, summarises the outcomes of the air quality prototype undertaken as part of the CITI-SENSE FP7 R&D project, focusing on the development of a sensor-based Citizens’ Observatory Community for improving quality of life in cities, which focuses on assessing the use of OGC SWE and INSPIRE data specification and web services within applications.
For more information please contact info@snowflakesoftware.com
Beyond DevOps: How Netflix Bridges the Gap?C4Media
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1mv6Kpr.
Josh Evans uses the Netflix Operations Engineering as a case study to explore the challenges faced by centralized engineering teams and approaches to addressing those challenges. Filmed at qconsf.com.
Josh Evans is Director of Operations Engineering at Netflix, with experience in e-commerce, playback control services, infrastructure, tools, testing, and operations.
Over 90% of today’s data has been generated in the last two years, and growth rates continue to climb. In this session, we’ll step through challenges and best practices with data capturing, how to derive meaningful insights to help predict the future, and common pitfalls in data analysis.
Come discover how integrated solutions involving Amazon S3, AWS Glue, Amazon Redshift, Amazon Athena, Amazon EMR, Amazon Kinesis, and Amazon Machine Learning/Deep Learning result in effective data systems for data scientists and business users, alike.
Mission First: How the Cloud Helps Nonprofits Simplify TechnologyAmazon Web Services
For nonprofit organizations, it's not uncommon to be strapped for resources. And when it comes to day-to-day operations, you need to balance the demands of donors and organizational mandates, with managing your technology. Fortunately, AWS can help. Join our webinar to hear how two nonprofits, GlobalGiving and Planned Parenthood, are using Amazon WorkSpaces to easily provision virtual, cloud-based Microsoft Windows desktops for users to access anytime, anywhere. Learn how the service increases flexibility, efficiency, and affordability, giving back valuable time to advance your mission.
Learn more: aws.amazon.com/npo/
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1A8pJF6.
Armon Dadgar presents Consul, a distributed control plane for the datacenter. Armon demonstrates how Consul can be used to build, configure, monitor, and orchestrate distributed systems. Filmed at qconsf.com.
Armon Dadgar has a passion for distributed systems and their application to real world problems. He is currently the CTO of HashiCorp, where he brings distributed systems into the world of DevOps tooling.
ICANN DNS Symposium 2021: Measuring Recursive Resolver CentralityAPNIC
APNIC Chief Scientist Geoff Huston and João Damas presented metrics on DNS centrality, focusing their research on resolvers at the ICANN DNS Symposium 2021, held online from 25 to 27 May 2021.
Big Data in the Cloud: How the RISElab Enables Computers to Make Intelligent ...Amazon Web Services
Scientists, developers, and other technologists from many different industries are taking advantage of Amazon Web Services to perform big data workloads from analytics to using data lakes for better decision making to meet the challenges of the increasing volume, variety, and velocity of digital information. This session will feature UCB's RISELab (Real time Intelligent Secure Execution), a new lab recently created at UCB to enable computers to make intelligent, real-time decisions. You will hear how they are building on their earlier success with AMPLab to enable applications to interact intelligently and securely with their environment in real time, wherever computing decisions need to interact with the world. From cybersecurity to coordinating fleets of self-driving cars and drones to earthquake warning systems, you will come away with insight on how they are using AWS to develop and experiment with the systems for important research. Learn More: https://aws.amazon.com/government-education/
FINRA's Managed Data Lake: Next-Gen Analytics in the Cloud - ENT328 - re:Inve...Amazon Web Services
Financial Impact Regulatory Authority (FINRA)'s Technology Group has changed its customers' relationship with data by creating a managed data lake that enables discovery on petabytes of capital markets' data, while saving time and money over traditional analytics solutions. FINRA's managed data lake unlocks the value in its data to accelerate analytics and machine learning at scale. The data lake includes a centralized data catalog and separates storage from compute, allowing users to query from petabytes of data in seconds. Learn how FINRA uses Spot Instances and services such as Amazon S3, Amazon EMR, Amazon Redshift, and AWS Lambda to provide the right tool for the right job at each step in the data processing pipeline. All of this is done while meeting FINRA's security and compliance responsibilities as a financial regulator.
If your business is heavily dependent on the Internet, you may be facing an unprecedented level of network traffic analytics data. How to make the most of that data is the challenge. This presentation from Kentik VP Product and former EMA analyst Jim Frey explores the evolving need, the architecture and key use cases for BGP and NetFlow analysis based on scale-out cloud computing and Big Data technologies.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
2. Measurement Bias
When
we
first
looked
at
measuring
in
the
Internet,
it
was
all
about
the
network,
and
the
dis7nc7on
between
network
management
and
network
measurement
was
not
very
clear
We
ended
up
measuring
what’s
easy
to
measure
and
o=en
missed
measuring
what’s
useful
to
understand
3. “Measurable” Questions?
• How
many
routes
are
IPv6
routes?
• How
many
service
providers
offer
IPv6?
• How
many
domain
names
have
AAAA
RRs?
• How
many
domains
are
DNSSEC
signed?
• How
many
DNS
queries
are
made
over
IPv6?
• How
much
traffic
uses
IPv6?
• How
many
connec7ons
use
IPv6?
…
4. Users vs Infrastructure
None
of
these
specific
measurement
ques7ons
really
embrace
the
larger
ques7ons
about
the
end
user
experience
They
are
all
aimed
at
measuring
an
aspect
of
of
behaviour
within
par7cular
parameters
of
the
network
infrastructure,
but
they
don’t
encompass
how
the
end
user
assembles
a
coherent
view
of
the
network
6. What’s the question?
How
many
users
do
<x>?
• How
many
users
can
are
running
IPv6?
• How
many
users
are
using
DNSSEC
valida7on?
• How
many
users
support
ECDSA
in
digital
signatures
in
DNSSEC?
• How
many
users
can
resolve
a
DNS
name?
etc
7. Private vs Public
• Very
few
measurements
on
the
Internet
are
public
• Most
“all
of
Internet”
metrics
are
wild-‐eyed
guesses
– How
many
people
use
the
Internet?
– How
many
devices
use
the
Internet
– How
much
traffic
is
passed
across
the
Internet?
• And
the
bits
that
aren’t
guesses
are
o=en
folded
into
proprietary
data
8. The Challenge:
How
can
we
undertake
meaningful
public
measurements
that
quan7fy
aspects
of
users’
experiences
drawn
from
across
the
en7re
Internet
that
does
not
rely
on
access
to
private
data?
9. For example… IPv6
• It
would
be
good
to
know
how
we
are
going
with
the
transi7on
to
IPv6
• And
it
would
be
good
everyone
to
know
how
everyone
else
is
going
with
the
transi7on
to
IPv6
• What
can
we
measure?
– IPv6
in
the
DNS
–
AAAA
records
in
the
Alexa
top
N
– IPv6
in
rou7ng
–
IPv6
rou7ng
table
– IPv6
traffic
exchanges
–
traffic
graphs
• What
should
we
measure?
– How
many
connected
devices
on
today’s
Internet
are
capable
of
making
IPv6
connec7ons?
10. How to measure millions of
end devices for their IPv6
capability?
11. How to measure millions of
end devices for their IPv6
capability?
a)
Be
12. How to measure millions of
end devices for their IPv6
capability?
a) Be
Google
OR
b)
Have
your
measurement
code
run
on
a
million
end
devices
16. Ads use active scripts
• Adver7sing
channels
use
ac7ve
scrip7ng
to
make
ads
interac7ve
– This
is
not
just
an
‘animated
gif’
–
it
uses
a
script
to
sense
mouse
hover
to
change
the
displayed
image
17. Adobe Flash and the
network
• Flash
includes
primi7ves
in
‘ac7onscript’
to
fetch
‘network
assets’
– Typically
used
to
load
alternate
images,
sequences
– Not
a
generalized
network
stack,
subject
to
constraints
over
what
connec7ons
can
be
made
• Flash
has
asynchronous
‘threads’
model
for
event
driven,
sprite
anima7on
18. Adobe Flash and the
network
• Flash
includes
primi7ves
in
‘ac7onscript’
to
fetch
‘network
assets’
– Typically
used
to
load
alternate
images,
sequences
– Not
a
generalized
network
stack,
subject
to
constraints
over
what
connec7ons
can
be
made
• Flash
has
asynchronous
‘threads’
model
for
event
driven,
sprite
anima7on
Flash is disappearing in today’s devices,
so these days we use HTML5 as the
vehicle for the measurement script
19. APNIC’s measurement
technique
• Cra=
a
script
which
fetches
URLs
to
measure.
• URLs
are
reduced
to
a
no7onal
‘1x1’
image
which
is
not
added
to
the
browser’s
display
manager
and
is
not
displayed
• URLs
trigger
DNS
resolu7on
via
whatever
name
resolu7on
mechanism
is
used
by
the
local
browser
and
host
• We
encode
data
transfer
from
the
client
to
the
server
in
the
name
of
fetched
URLs
– Could
use
the
DNS
as
the
informa7on
conduit:
• Result
is
returned
by
DNS
name
– Could
use
HTTP
as
the
informa7on
conduit
• Result
is
returned
via
parameters
acached
to
an
HTTP
GET
command
We
use
a
combina7on
of
hcp
requests
and
server
logs
25. Advertising placement
logic
•
Fresh
Eyeballs
==
Unique
IPs
– We
have
good
evidence
the
adver7sing
channel
is
able
to
sustain
a
constant
supply
of
unique
IP
addresses
• Pay
by
impression
– If
you
select
a
preference
for
impressions,
then
the
channel
tries
hard
to
present
your
ad
to
as
many
unique
IPs
as
possible
• Time/Loca7on/Context
tuned
– Can
select
for
7me
of
day,
physical
loca7on
or
keyword
contexts
(for
search-‐related
ads)
– But
if
you
don’t
select,
then
placement
is
generalized
• Aim
to
fill
budget
– If
you
request
$100
of
placement
a
day,
then
inside
the
ad
placement
machinery
an
algorithm
tries
hard
to
achieve
even
placement
loads,
but
in
the
end,
will
‘soak’
place
your
ad
to
achieve
enough
views
to
bill
you
that
target
of
$100
32. Success!
• 2.5M
–
3M
samples
per
day
–
mostly
new!
• Large
sample
space
across
much
of
the
known
Internet
• Assemble
a
rich
data
set
of
end
user
addresses
and
DNS
resolvers
33. Success … of a sort!
• What
we
are
a=er
is
a
random
sample
of
the
en7re
Internet
• And
we
are
close
• But
what
we
have
is
a
data
set
biased
towards
“cheap”
eyeballs
in
fixed
networks
34. “Raw” AD counts per day
155,430
VN
Vietnam
103,517
CN
China
92,107
MX
Mexico
79,092
TH
Thailand
73,702
IN
India
65,402
PK
Pakistan
64,121
BR
Brazil
54,637
TR
Turkey
52,532
US
United
States
of
America
52,240
AR
Argen7na
48,315
CO
Colombia
45,216
ID
Indonesia
39,839
PE
Peru
36,962
RU
Russian
Federa7on
34,529
PH
Philippines
33,899
EG
Egypt
22,983
TW
Taiwan
22,712
RO
Romania
22,490
UA
Ukraine
22,403
ES
Spain
IP address to country code mapping for
experiments placed on the 24th May 2015
35. ITU-T’s Internet User
Census
155,430
VN
Vietnam
103,517
CN
China
92,107
MX
Mexico
79,092
TH
Thailand
73,702
IN
India
65,402
PK
Pakistan
64,121
BR
Brazil
54,637
TR
Turkey
52,532
US
United
States
of
America
52,240
AR
Argen7na
48,315
CO
Colombia
45,216
ID
Indonesia
39,839
PE
Peru
36,962
RU
Russian
Federa7on
34,529
PH
Philippines
33,899
EG
Egypt
22,983
TW
Taiwan
22,712
RO
Romania
22,490
UA
Ukraine
22,403
ES
Spain
668,493,485
China
282,384872
United
States
of
America
252,482905
India
110,345878
Brazil
109,390190
Japan
87,305661
Russian
Federa7on
72,663301
Nigeria
71,823404
Indonesia
71,174958
Germany
61,579582
Mexico
57,306333
United
Kingdom
of
Great
Britain
and
Northern
Ireland
54,114094
France
45,416941
Iran
(Islamic
Republic
of)
45,019465
Egypt
42,187842
Republic
of
Korea
41,780667
Philippines
40,980368
Vietnam
39,256999
Bangladesh
35,793673
Italy
35,503461
Turkey
ITU’s estimates of number of Internet
users per country
36. “Weighting” sample data to
correct AD Placement bias
We
“weight”
the
raw
data
by:
– Geoloca7ng
the
IP
address
to
a
par7cular
country
– Mul7plying
the
sample
by
the
rela7ve
weight
of
the
country
38. Measuring ALL of the Internet
It’s
not
perfect
by
any
means,
but
it
is
a
reasonable
first
pass
to
correct
for
the
implicit
ad
placement
bias
in
the
raw
data
So
now
we
have
a
method
to
measure
a
sample
of
Internet
users
and
a
process
that
can
relate
that
measurement
back
to
the
Internet
as
a
whole.
How
can
we
use
this?
39. What does this allow?
In
providing
an
end
user
with
a
set
of
URLs
to
retrieve
we
can
examine:
– Protocol
behaviour
e.g.:
V4
vs
V6,
protocol
performance,
connec7on
failure
rate
– DNS
behaviours
e.g.:
DNSSEC
use,
DNS
resolu7on
performance,
DNS
response
size,
crypto
protocol
performance,…
41. Measuring IPv6
Client
is
given
4
unique
URLs
to
load:
• Dual
Stack
object
• V4-‐only
object
• V6-‐only
object
• Result
repor7ng
URL
(10
second
7mer)
We
want
to
compare
the
number
of
end
devices
that
can
retrieve
the
V6-‐only
object
to
the
number
of
devices
that
can
retrieve
the
V4-‐only
object
(V6
Capable)
We
can
also
look
at
the
number
of
end
devices
that
use
IPv6
to
retrieve
the
Dual
Stack
Object
(V6
Preferred)
42. What we see (Web Log)
temora.rand.apnic.net
124.13.125.185
[04/Aug/2015:00:01:29
+0000]
"GET
/newadcfg/ad.py?A=2121&N&R&F
HTTP/1.1"
200
799
"hcps://tpc.googlesyndica7on.com/
sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
u281fd425-‐s1438646489
1438646489.894
cfg.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.rd.td
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.290
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.e
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.290
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.r6.td
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.578
06u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.f
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.871
0di-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.d
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.159
0ds-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
124.13.125.185
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.r4.td
HTTP/1.1"
200
68
"hcps://
tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.448
04u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐
i5097.ap.results&zrdtd-‐390.zr4td-‐1548.zr6td-‐678.zd-‐1258.ze-‐390.zf-‐971.
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/
index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.815
0du-‐results-‐u281fd425-‐x-‐i5097.ap.dotnxdomain.net
43. What we see (Web Log)
temora.rand.apnic.net
124.13.125.185
[04/Aug/2015:00:01:29
+0000]
"GET
/newadcfg/ad.py?A=2121&N&R&F
HTTP/1.1"
200
799
"hcps://tpc.googlesyndica7on.com/
sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
u281fd425-‐s1438646489
1438646489.894
cfg.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.rd.td
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.290
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.e
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.290
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.r6.td
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.578
06u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.f
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.871
0di-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.d
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.159
0ds-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
124.13.125.185
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.r4.td
HTTP/1.1"
200
68
"hcps://
tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.448
04u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐
i5097.ap.results&zrdtd-‐390.zr4td-‐1548.zr6td-‐678.zd-‐1258.ze-‐390.zf-‐971.
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/
index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.815
0du-‐results-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
This is a Mac OSX system, using OS X 10.9.5, with
Chrome 44.0.2403.125
44. What we see (Web Log)
temora.rand.apnic.net
124.13.125.185
[04/Aug/2015:00:01:29
+0000]
"GET
/newadcfg/ad.py?A=2121&N&R&F
HTTP/1.1"
200
799
"hcps://tpc.googlesyndica7on.com/
sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
u281fd425-‐s1438646489
1438646489.894
cfg.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.rd.td
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.290
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.e
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.290
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.r6.td
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.578
06u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.f
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.871
0di-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.d
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.159
0ds-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
124.13.125.185
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.r4.td
HTTP/1.1"
200
68
"hcps://
tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.448
04u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐
i5097.ap.results&zrdtd-‐390.zr4td-‐1548.zr6td-‐678.zd-‐1258.ze-‐390.zf-‐971.
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/
index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.815
0du-‐results-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
This system can do IPv6, and prefers to use IPv6 in
dual stack contexts
45. What we see (Web Log)
temora.rand.apnic.net
124.13.125.185
[04/Aug/2015:00:01:29
+0000]
"GET
/newadcfg/ad.py?A=2121&N&R&F
HTTP/1.1"
200
799
"hcps://tpc.googlesyndica7on.com/
sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
u281fd425-‐s1438646489
1438646489.894
cfg.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.rd.td
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.290
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.e
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.290
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.r6.td
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.578
06u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.f
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.871
0di-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.d
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.159
0ds-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
124.13.125.185
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.r4.td
HTTP/1.1"
200
68
"hcps://
tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.448
04u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐
i5097.ap.results&zrdtd-‐390.zr4td-‐1548.zr6td-‐678.zd-‐1258.ze-‐390.zf-‐971.
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/
index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.815
0du-‐results-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
This experiment ran through to conmpletion
46. What we see (Web Log)
temora.rand.apnic.net
124.13.125.185
[04/Aug/2015:00:01:29
+0000]
"GET
/newadcfg/ad.py?A=2121&N&R&F
HTTP/1.1"
200
799
"hcps://tpc.googlesyndica7on.com/
sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
u281fd425-‐s1438646489
1438646489.894
cfg.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.rd.td
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.290
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.e
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.290
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.r6.td
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.578
06u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:30
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.f
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646490.871
0di-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.d
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.159
0ds-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
124.13.125.185
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐i5097.ap.r4.td
HTTP/1.1"
200
68
"hcps://
tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.448
04u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
temora.rand.apnic.net
2001:e68:5431:519e:f002:854e:2741:278
[04/Aug/2015:00:01:31
+0000]
"GET
/1x1.png?u281fd425-‐s1438646489-‐
i5097.ap.results&zrdtd-‐390.zr4td-‐1548.zr6td-‐678.zd-‐1258.ze-‐390.zf-‐971.
HTTP/1.1"
200
68
"hcps://tpc.googlesyndica7on.com/sadbundle/7103675352697911246/basic/
index.html"
"Mozilla/5.0
(Macintosh;
Intel
Mac
OS
X
10_9_5)
AppleWebKit/537.36
(KHTML,
like
Gecko)
Chrome/44.0.2403.125
Safari/537.36"
0.000
hcps
1438646491.815
0du-‐results-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net
This user is a customer of TMNET in Malaysia, AS4788
55. Measuring DNSSEC
Client
is
given
4
unique
URLs
to
load:
• DNSSEC-‐validly
signed
DNS
name
• DNSSEC-‐invalidly
signed
DNS
name
• Unsigned
DNS
name
(control)
• Result
repor7ng
URL
(10
second
7mer)
All
DNS
is
IPv4
56. What We See (DNS Log)
1438646489.920
[ap]
04-‐Aug-‐2015
00:01:29.920
queries:
client
202.188.0.254#14118:
(0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
AAAA
-‐ED
()
0
157
1438646489.920
[ap]
04-‐Aug-‐2015
00:01:29.920
queries:
client
202.188.0.254#2911:
(04u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
04u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
A
-‐ED
()
0
145
1438646489.921
[ap]
04-‐Aug-‐2015
00:01:29.921
queries:
client
202.188.0.254#40461:
(0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
0du-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
A
-‐ED
()
0
145
1438646489.922
[ap]
04-‐Aug-‐2015
00:01:29.922
queries:
client
202.188.0.254#48755:
(06u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
06u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
AAAA
-‐ED
()
0
157
1438646489.923
[ap]
04-‐Aug-‐2015
00:01:29.923
queries:
client
202.188.0.254#12230:
(06u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
06u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
A
-‐ED
()
0
203
1438646489.937
[ap]
04-‐Aug-‐2015
00:01:29.937
queries:
client
202.188.0.254#11044:
(0ds-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
0ds-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
A
-‐ED
()
0
405
1438646489.938
[ap]
04-‐Aug-‐2015
00:01:29.938
queries:
client
202.188.0.254#58615:
(0ds-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
0ds-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
AAAA
-‐ED
()
0
417
1438646489.939
[ap]
04-‐Aug-‐2015
00:01:29.939
queries:
client
202.188.0.254#47094:
(0di-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
0di-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
A
-‐ED
()
0
405
1438646489.941
[ap]
04-‐Aug-‐2015
00:01:29.941
queries:
client
202.188.0.254#64994:
(0di-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
0di-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
AAAA
-‐ED
()
0
417
1438646490.730
[ap]
04-‐Aug-‐2015
00:01:30.730
queries:
client
202.188.0.254#42282:
(04u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
04u-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
AAAA
-‐ED
()
0
203
1438646491.466
[ap]
04-‐Aug-‐2015
00:01:31.466
queries:
client
202.188.0.254#36631:
(0du-‐results-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
0du-‐results-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
A
-‐ED
()
0
161
1438646491.466
[ap]
04-‐Aug-‐2015
00:01:31.466
queries:
client
202.188.0.254#52006:
(0du-‐results-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net):
query:
0du-‐results-‐u281fd425-‐s1438646489-‐i5097.ap.dotnxdomain.net.
IN
AAAA
-‐ED
()
0
173
61. What Else?
DNSSEC
Crypto
Support:
How
many
users
who
use
DNSSEC
valida7ng
resolvers
correctly
validate
when
the
signatures
use
ECDSA
(as
dis7nct
from
RSA)
62. Answering the ECC question
– DNS + WEB
Data collection: 2/3/15 – 19/3/15!
!
1,830,668 clients who appear to be exclusively using RSA DNSSEC-Validating resolvers!
!
ECC Results:!
Success: 79.9% 1,461,772 Saw fetches of the ECC DNSSEC RRs and the well-!
signed named URL, but not the badly signed named URL!
!
Failure (fetched both URLs):!
!
Mixed Resolvers 5.1% 93,746 Used both ECDSA-Validating and non-validating resolvers!
NO ECC 13.3% 243,794 Saw A, DS, no DNSKEY, fetched both URLs!
Mixed 1.3% 24,420 Saw some DNSSEC queries, fetched both URLs!
No Validation 0.4% 6,836 Did not fetch any DNSSEC RRs!
!
Apparent Fail: 20.1% 368,796!
!
1 in 5 clients that use resolvers that
perform DNSSEC validation with RSA
fail to validate with ECDSA
63. ECC Results
• These
results
show
that
80%
of
clients
who
appeared
to
use
RSA
DNSSEC-‐Valida7ng
resolvers
were
also
seen
to
perform
valida7on
using
ECDSA
• Two
thirds
of
the
the
remaining
clients
fetched
both
objects
(13%
of
the
total),
but
did
not
fetch
any
DNSKEY
RRs.
• Of
the
remainder
(5%),
most
were
using
a
valida7ng
resolver
(which
returned
SERVFAIL
for
the
badly
signed
object),
and
then
the
client
failed
over
to
a
non-‐valida7ng
resolver
*
* This is curious, because these clients did not
failover to a non-validating resolver on a badly
signed RSA structure
64. What Else?
• The
“market”
for
DNS
resolu7on:
how
many
users
send
their
queries
through
Google’s
Public
DNS
servers?
• How
many
users
use
resolvers
located
in
a
foreign
country?
• Which
countries?
65. Foreign (CC) Resolution:
Top Resolvers by AS
Rank AS Use AS Name
1 15169 42.69% GOOGLE - Google Inc.,US
2 3356 7.47% LEVEL3 - Level 3 Communications, Inc.,US
3 36692 7.05% OPENDNS - OpenDNS, LLC,US
4 19994 2.56% RACKSPACE - Rackspace Hosting,US
5 174 1.87% COGENT-174 - Cogent Communications,US
6 16880 1.70% AS2-TRENDMICRO-COM - TREND MICRO INCORPORATED,US
7 2914 1.09% NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US
8 4134 0.91% CHINANET-BACKBONE No.31,Jin-rong Street,CN
9 29791 0.70% VOXEL-DOT-NET - Voxel Dot Net, Inc.,US
10 3462 0.67% HINET Data Communication Business Group,TW
11 9121 0.64% TTNET Turk Telekomunikasyon Anonim Sirketi,TR
12 3303 0.64% SWISSCOM Swisscom (Switzerland) Ltd,CH
13 6939 0.63% HURRICANE - Hurricane Electric, Inc.,US
14 6147 0.50% Telefonica del Peru S.A.A.,PE
15 6713 0.48% IAM-AS,MA
16 8048 0.47% CANTV Servicios, Venezuela,VE
17 3257 0.47% TINET-BACKBONE Tinet SpA,DE
18 13238 0.43% YANDEX Yandex LLC,RU
19 45595 0.41% PKTELECOM-AS-PK Pakistan Telecom Company Limited,PK
20 9299 0.40% IPG-AS-AP Philippine Long Distance Telephone Company,PH
21 7643 0.39% VNPT-AS-VN Vietnam Posts and Telecommunications (VNPT),VN
22 45758 0.39% TRIPLETNET-AS-AP TripleT Internet Internet service provider Bangkok,TH
23 8151 0.38% Uninet S.A. de C.V.,MX
24 7470 0.35% TRUEINTERNET-AS-AP TRUE INTERNET Co.,Ltd.,TH
25 4837 0.35% CHINA169-BACKBONE CNCGROUP China169 Backbone,CN
Total: 21,770,772 (28% of total) end user query sets
69. Why is this happening?
q
It’s
Google:
Google’s
Public
DNS
(all
instances
are
mapped
to
the
US
in
this
per-‐AS
analysis)
q
Users’
efforts
to
circumvent
DNS-‐based
geo-‐loc
content
access
controls
(think
Ne•lix!)
q
3rd
party
DNS
query
monitoring/stalking
(yes,
there
is
some
of
this
going
on,
but
that’s
a
talk
for
another
7me!)
q
Virus
contamina7on
of
the
host
(yes,
captured
systems
o=en
show
a
redirected
DNS
config)
q
<insert
your
favourite
theory
here>
72. Some Stalker Numbers
In
the
first
248
days
of
2014
we
saw:
– 123,110,633
unique
end-‐user
IP
addresses
presented
to
our
servers
from
these
test
scripts
– 317,309
of
these
end-‐user
IP
addresses
presented
HTTP
GET
strings
to
us
that
were
subsequently
presented
to
us
from
a
different
client
IP
address!
That’s
some
1
in
400*
users
that
seem
to
have
acracted
some
kind
of
digital
stalker!
*
Or
maybe
a
bit
more,
due
to
NATs
hiding
mul7ple
end
users
behind
a
single
public
IP
address
73.
74. Online Privacy? Really?
It’s
hard
to
believe
that
today’s
Internet
respects
personal
privacy
when
it
seems
that
around
1
in
400
users
have
acracted
some
kind
of
digital
stalker
that
tracks
the
URLs
they
visit.
75. Stalking Rates by Country
CC Samples Stalked Rate/1,000,000 Country
IR 674 111 164,688 Iran (Islamic Republic of)
LA 28,506 2,875 100,855 Lao People's Democratic Republic
MO 38,761 2,954 76,210 Macao Special Administrative Region of China
SG 240,188 17,406 72,468 Singapore
HK 486,101 22,136 45,537 Hong Kong Special Administrative Region of China
CN 10,419,638 435,040 41,751 China
GB 872,124 28,845 33,074 United Kingdom of Great Britain and Northern Ireland
TW 1,769,367 36,823 20,811 Taiwan
JP 1,500,779 23,971 15,972 Japan
AU 293,193 4,620 15,757 Australia
US 4,491,711 53,370 11,881 United States of America
MY 1,035,434 10,214 9,864 Malaysia
AL 437,399 4,043 9,243 Albania
CA 947,922 6,244 6,587 Canada
KH 143,886 897 6,234 Cambodia
MM 16,411 97 5,910 Myanmar
MK 458,820 2,214 4,825 The former Yugoslav Republic of Macedonia
BZ 8,139 35 4,300 Belize
MN 57,622 233 4,043 Mongolia
NZ 344,951 1,385 4,015 New Zealand
CV 3,742 14 3,741 Cape Verde
ME 223,005 775 3,475 Montenegro
FJ 14,892 47 3,156 Fiji
SR 44,116 136 3,082 Suriname
AW 11,123 34 3,056 Aruba
The top 25 countries in terms
of observed URL stalking rates
76. Stalking Delay
The 15, 30 and 60 minute local
peaks are likely to be local web
proxy refresh cycles
This local peak matches
a result timer in the
test script
81. What Else?
Analysis
of
failure
pacerns
to
detect
evidence
of
structured
intercep7on
of
DNS
and
Web
retrieval
82. Content Blocking in Iran?
0
2
4
6
8
10
12
14
16
18
20
22
24
26
28
30
32
34
36
38
40
42
44
46
48
50
52
54
56
58
60
62
64
66
68
70
72
74
76
78
80
82
84
86
88
90
92
94
96
98
100
academy
accountants
actor
agency
airforce
army
associates
attorney
auction
audio
band
bar
bargains
beer
best
bid
bike
bio
black
blackfriday
blue
boutique
brussels
build
builders
business
buzz
bzh
cab
camera
camp
capetown
capital
cards
care
career
careers
casa
cash
catering
center
ceo
cheap
christmas
church
city
claims
cleaning
click
clinic
clothing
coach
codes
coffee
cologne
community
company
computer
condos
construction
contractors
cooking
cool
country
credit
creditcard
cricket
cruises
cymru
dance
dating
deals
degree
delivery
democrat
dental
dentist
desi
diamonds
diet
digital
direct
directory
discount
domains
durban
education
email
energy
engineer
engineering
enterprises
equipment
estate
events
exchange
expert
exposed
fail
farm
fashion
finance
financial
fish
fishing
fitness
flights
florist
flowers
forsale
foundation
frl
fund
furniture
futbol
gallery
garden
gent
gift
gifts
gives
glass
graphics
gratis
gripe
guide
guitars
guru
haus
healthcare
help
hiphop
holdings
holiday
horse
host
hosting
house
how
il
immo
immobilien
industries
ink
institute
insure
international
investments
jetzt
joburg
juegos
kaufen
kim
kitchen
kiwi
koeln
land
lawyer
lease
lgbt
life
lighting
limited
limo
link
loans
london
maison
management
market
marketing
media
memorial
menu
mobi
moda
moe
money
mortgage
moscow
nagoya
name
navy
network
ngo
ninja
okinawa
ong
ooo
osaka
paris
partners
parts
party
photo
photography
photos
pics
pictures
pink
pizza
place
plumbing
poker
press
productions
properties
property
pub
qpon
quebec
recipes
red
rehab
reisen
rentals
repair
report
republican
rest
restaurant
reviews
rip
rocks
rodeo
ryukyu
saarland
sarl
schule
science
services
sexy
shiksha
shoes
singles
social
software
solar
solutions
soy
space
supplies
supply
support
surf
surgery
sx
systems
tatar
tattoo
tax
technology
tel
tienda
tips
tires
tirol
today
tokyo
tools
town
toys
trade
training
university
uno
vacations
ventures
vet
viajes
villas
vision
vlaanderen
vodka
voting
voyage
wales
wang
watch
webcam
website
wedding
whoswho
wien
wiki
work
works
world
wtf
xn--6qq986b3xl
xn--80adxhks
xn--80asehdb
xn--80aswg
xn--c1avg
xn--i1b6b1a6a2e
xn--mgbab2bd
xn--ngbc5azd
xn--nqv7f
xn--q9jyb4c
xyz
yoga
yokohama
zone
%
Iran (Islamic Republic of) (IR) - 11025 Measurements
Web WebX NoWeb NoDNS LateWeb
.il appears to use DNS
Response blocking
.sexy appears
to use Web
Response
blocking
84. What Else?
• This
approach
allows
us
to
analyze
user
behaviour
when
presented
with
par7cular
tests
– DNS:
response
size,
TCP
behaviour,
resolver
distribu7on,
matching
resolvers
to
users,
resolver
7mers,
EDNS0
use,
EDNS0
client
subnet
use
and
accuracy,
dual
stack
behaviour,
response
size,…
– Web:
Protocol
preference,
dual
stack
behaviour,
response
size,
fragmenta7on
behaviour,
…
85. But…
• It’s
not
a
general
purpose
compute
pla•orm,
so
it
can’t
do
many
things
– Ping,
traceroute,
etc
– Send
data
to
any
des7na7on
– Pull
data
from
any
des7na7on
– Use
different
protocols
• This
is
a
“many-‐to-‐one”
styled
setup
where
the
server
instrumenta7on
provides
insight
on
the
inferred
behaviour
of
the
edges
86. In Summary…
• Measuring
what
happens
at
the
user
level
by
measuring
some
ar7fact
or
behaviour
in
the
infrastructure
and
inferring
some
form
of
user
behaviour
is
always
going
to
be
a
guess
of
some
form
• If
you
really
want
to
measure
user
behaviour
then
its
useful
to
trigger
the
user
to
behave
in
the
way
you
want
to
study
or
measure
• The
technique
of
embedding
simple
test
code
behind
ads
is
one
way
of
achieving
this
objec7ve
– for
certain
kinds
of
behaviours
rela7ng
to
the
DNS
and
to
URL
fetching
87. APNIC
Labs:
Geoff
Huston
George
Michaelson
research@apnic.net
Thanks to the folk at Google Research for their
generous support of our work!