reserved dissectjng internet traffjc on port 0
play

Reserved: Dissectjng Internet Traffjc on Port 0 Aniss Maghsoudlou - PowerPoint PPT Presentation

Feb 14, 2023 •117 likes •234 views

Reserved: Dissectjng Internet Traffjc on Port 0 Aniss Maghsoudlou Oliver Gasser Anja Feldmann Max Planck Instjtute for Informatjcs Why Port 0? Using port number 0 is not allowed in: TCP [RFC 1340] UDP [RFC 8085] 76 GB of traffjc

  1. Reserved: Dissectjng Internet Traffjc on Port 0 Aniss Maghsoudlou Oliver Gasser Anja Feldmann Max Planck Instjtute for Informatjcs

  2. Why Port 0? Using port number 0 is not allowed in:  TCP [RFC 1340]  UDP [RFC 8085] 76 GB of traffjc  UDP-Lite [RFC 3828] using port 0  SCTP [RFC 4960] in one week of IXP data!

  3. Previous Work and Our Approach • Luchs and Doerr, and Bouharb et al. study Port 0 traffjc • Both used Darknets as data sources. • We use traffjc from a large European IXP: • At the IXP we see real traffjc instead of just scanning artjfacts in darknets • Bidirectjonal analysis is possible • We add Actjve measurement to identjfy servers.

  4. Data Overview • One week of IPFIX fmow data • 31 TB traffjc, 45 Billion packets in total Port 0 traffjc: flows from 2019-09-01 to 2019-09-07 where ( srcport = 0 or dstport = 0 ) and (protocol = UDP or TCP or UDP-lite or SCTP )

  5. Data Overview • 76 GB (0.2%), including 103 million packets port 0 traffjc • > 99% of the traffjc… • has set source and destjnatjon port to 0 • In IPv4 uses UDP, in IPv6 uses TCP • is one-directjonal • 16% of the source IP addresses in IPv4 were servers (in IPv6 0%)

  6. IPv4: 50% originates from 111 ASes, goes to 33 ASes IPv6: 90% originates from 3 ASes, goes to 3 ASes

  7. IPv4 Port 0 traffjc IPv6 Port 0 traffjc 6.7% of the traffjc is 72.1% of the traffjc is coming from only one AS coming from only one AS and only one prefjx, mostly and only one prefjx going to only one AS

  8. Small packets in IPv6: • All < 102 bytes TCP control fmags in IPv6 traffjc: • 90.2 % Ack • 9.6 % RST (mostly response to ACK) • 0.16% No fmags set

  9. Conclusion Key Observatjons • Too much port 0 traffjc in the Internet. • Mostly one-directjonal, mostly UDP in IPv4 and TCP in IPv6. • IPv6 packets are relatjvely small • Small number of ASes contribute to a large share. Future Work: • Longer tjmespans of IXP data • Actjve measurement of port 0 traffjc to see how networks fjlter port 0 traffjc

  10. Thank You! Aniss Maghsoudlou (Presenter) aniss@mpi-inf.mpg.de htups://www.mpi-inf.mpg.de/inet/people/aniss-maghsoudlou/ Oliver Gasser Oliver.gasser@mpi-inf.mpg.de htups://www.mpi-inf.mpg.de/inet/people/oliver-gasser/ Anja Feldmann anja@mpi-inf.mpg.de htups://www.mpi-inf.mpg.de/inet/people/anja-feldmann/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

opportunities for Ports in MED Port Authority of Valencia property. All right reserved. This

opportunities for Ports in MED Port Authority of Valencia property. All right reserved. This

Your i- Port Current challenges and future opportunities for Ports in MED Port Authority of Valencia property. All right reserved. This presentation cannot be further copied without express permission of the Port Authority of Valencia.

212 views • 8 slides
Clicks within Traffjc to Entrances to Traffjc to Total Cost Clicks Impressions Employer

Clicks within Traffjc to Entrances to Traffjc to Total Cost Clicks Impressions Employer

Clicks within Traffjc to Entrances to Traffjc to Total Cost Clicks Impressions Employer Affjliate Gateway /contact/ Resources Pages Paid search advertising $3,978 1,568 87,988 618 0 5 2 Students Paid search advertising $3,440

440 views • 14 slides
How to change the traffjc Otso Kiveks Group leader, Greens, Helsinki Helsinki Traffjc volume

How to change the traffjc Otso Kiveks Group leader, Greens, Helsinki Helsinki Traffjc volume

How to change the traffjc Otso Kiveks Group leader, Greens, Helsinki Helsinki Traffjc volume ad modal share T urn to urbanism Helsinki density T urn to urbanism New general plan T urn to urbanism Alternate plan Highways to boulevards

494 views • 12 slides
Programming in C 1 Reserved Words and Identifiers Reserved word Word that has a specific

Programming in C 1 Reserved Words and Identifiers Reserved word Word that has a specific

Programming in C 1 Reserved Words and Identifiers Reserved word Word that has a specific meaning in C Ex: int, return Identifier Word used to name and refer to a data element or object manipulated by the program. 2 Valid

806 views • 67 slides
Kerberos Reserved Names and Anonymity Support Larry Zhu IETF66 Microsoft Reserved Principal

Kerberos Reserved Names and Anonymity Support Larry Zhu IETF66 Microsoft Reserved Principal

Kerberos Reserved Names and Anonymity Support Larry Zhu IETF66 Microsoft Reserved Principal Names New name type KRB_NT_RESERVED TBA Name values Two or more components First component MUST be RESERVED Errors

427 views • 7 slides
1 Source port Destination port Source port Destination port 32 bit Sequence number 32 bit

1 Source port Destination port Source port Destination port 32 bit Sequence number 32 bit

A MUCH more complex complex transport transport A MUCH more Lecture 6. Lecture 6. for for three three main main reasons reasons Connection oriented Internet Transport Layer: Internet Transport Layer: implements mechanisms to

410 views • 8 slides
Natjonal Traffjc System (NTS) Modifjed for local information: Gregory Godsey, K5CVD Originally

Natjonal Traffjc System (NTS) Modifjed for local information: Gregory Godsey, K5CVD Originally

Natjonal Traffjc System (NTS) Modifjed for local information: Gregory Godsey, K5CVD Originally by: Jim Richards, AB8JR Mark Shaw, K8ED Modifjed from a presentatjon by Grant Hays, WB6OTS Natjonal Traffjc System (NTS) Messaging Basics

466 views • 36 slides
How to Test an IDS? GENESIDS: An Automated System for Generating Attack Traffjc WTMC 2018 Felix

How to Test an IDS? GENESIDS: An Automated System for Generating Attack Traffjc WTMC 2018 Felix

How to Test an IDS? GENESIDS: An Automated System for Generating Attack Traffjc WTMC 2018 Felix Erlacher , Falko Dressler Network Intrusion Detection Systems (NIDS) Analyze network traffjc for malicous activity Felix Erlacher: How to Test an

671 views • 37 slides
Welcome Binbrook Village Neighbourhood Traffjc Management Plan Public Information Centre (PIC)

Welcome Binbrook Village Neighbourhood Traffjc Management Plan Public Information Centre (PIC)

Welcome Binbrook Village Neighbourhood Traffjc Management Plan Public Information Centre (PIC) #2 April 25, 2017 The City of Hamilton is developing a Neighbourhood Traffjc Management Plan (NTMP) for Binbrook Village to enhance safety and

237 views • 12 slides
Kakaako Community Development District Reserved Housing Rules Proposed Draft Amendments

Kakaako Community Development District Reserved Housing Rules Proposed Draft Amendments

Kakaako Community Development District Reserved Housing Rules Proposed Draft Amendments September 7, 2016 Reserved Housing Taskforce Recommendations Expand Source of Reserved Housing Require multi-family residential project with 10 or

252 views • 14 slides
Control problems for traffjc fmow Mauro Garavello University of Milano Bicocca OptHySYS

Control problems for traffjc fmow Mauro Garavello University of Milano Bicocca OptHySYS

Control problems for traffjc fmow Mauro Garavello University of Milano Bicocca OptHySYS University of Trento, January 9-11, 2017 Mauro Garavello (University of Milano Bicocca) Control problems for traffjc fmow The LWR traffjc fmow model

1.6k views • 110 slides
A methodology for monitoring traffjc A methodology for monitoring traffjc fmow and air pollution

A methodology for monitoring traffjc A methodology for monitoring traffjc fmow and air pollution

A methodology for monitoring traffjc A methodology for monitoring traffjc fmow and air pollution in urban areas fmow and air pollution in urban areas Jos ngel Martn-Baos Jos ngel Martn-Baos SYSORM 2019 SYSORM 2019 Ricardo

522 views • 27 slides
A New Port A New Economy Agenda The Port Today; The Future Port; Port of Cork and Energy.

A New Port A New Economy Agenda The Port Today; The Future Port; Port of Cork and Energy.

Blue Growth at Work A New Port A New Economy Agenda The Port Today; The Future Port; Port of Cork and Energy. Statio Bene Fide Carinis A Safe Harbour for Ships Port of Cork Company Cork Harbour Commissioners 1814 Public

579 views • 22 slides
Australian environment Reserved letters: 45% of Australia Post revenue, but only 32% of

Australian environment Reserved letters: 45% of Australia Post revenue, but only 32% of

Australian environment Reserved letters: 45% of Australia Post revenue, but only 32% of profits 98% of Letters revenue Price control on reserved letters; ACCC Notification; assessed on ensuring reasonable returns on an

902 views • 23 slides
Port au Port/Bay St. George Fracking Awareness Group. Who are we? Jessica Ernst Port au Port

Port au Port/Bay St. George Fracking Awareness Group. Who are we? Jessica Ernst Port au Port

Port au Port/Bay St. George Fracking Awareness Group. Who are we? Jessica Ernst Port au Port Forum (400 ) Peoples Forum Arts &amp; Culture Centre (400) Walk-the-Block (200) Signs! Signs! 34 Presentations Global Frackdown (150 people)

800 views • 38 slides
PORT OF MOSSEL BAY AUGUST 2017 THE PORT OF MOSSEL BAY OVERVIEW PORT OF MOSSEL BAY BERTH

PORT OF MOSSEL BAY AUGUST 2017 THE PORT OF MOSSEL BAY OVERVIEW PORT OF MOSSEL BAY BERTH

PORT OF MOSSEL BAY AUGUST 2017 THE PORT OF MOSSEL BAY OVERVIEW PORT OF MOSSEL BAY BERTH OVERVIEW The National Ports Authority is a landlord Port Authority that provides port infrastructure and maritime-related services at the Port

321 views • 21 slides
Usage of QML Tools Coding, Debugging &amp; Performance Aurindam Jana Digia Who am I ? Aurindam

Usage of QML Tools Coding, Debugging &amp; Performance Aurindam Jana Digia Who am I ? Aurindam

Usage of QML Tools Coding, Debugging &amp; Performance Aurindam Jana Digia Who am I ? Aurindam Jana IRC: #qt #qt-creator: auri__ QML 2 Objective Overview of existing tools Get feedback and feature requests 3 Contents Coding QML/JS

377 views • 33 slides
Outline Firewalls and NAT boxes CSci 5271 Introduction to Computer Security Announcements

Outline Firewalls and NAT boxes CSci 5271 Introduction to Computer Security Announcements

Outline Firewalls and NAT boxes CSci 5271 Introduction to Computer Security Announcements intermission Day 22: Firewalls, NATs, and IDSes Stephen McCamant Intrusion detection systems University of Minnesota, Computer Science &amp;

308 views • 4 slides
Lecture 10: S Parameters Matthew Spencer Harvey Mudd College E157 Radio Frequency Circuit

Lecture 10: S Parameters Matthew Spencer Harvey Mudd College E157 Radio Frequency Circuit

Department of Engineering Lecture 10: S Parameters Matthew Spencer Harvey Mudd College E157 Radio Frequency Circuit Design 1 1 Department of Engineering Two-Port Networks Matthew Spencer Harvey Mudd College E157 Radio Frequency

482 views • 27 slides
SirepRAT Windows IoT Core Abusing a Windows service for RCE About Me 7+ years in InfoSec

SirepRAT Windows IoT Core Abusing a Windows service for RCE About Me 7+ years in InfoSec

SirepRAT Windows IoT Core Abusing a Windows service for RCE About Me 7+ years in InfoSec Security Researcher @Safebreach Presented at DEFCON, DEEPSEC, Hackfest @bemikre Contents 1. Windows IoT Core 2. Live SirepRAT

967 views • 74 slides
Consistent Reads Using ProxySQL and GTID Santa Clara, California | April 23th 25th, 2018

Consistent Reads Using ProxySQL and GTID Santa Clara, California | April 23th 25th, 2018

Consistent Reads Using ProxySQL and GTID Santa Clara, California | April 23th 25th, 2018 Disclaimer I am not Ren Canna @lefred MySQL Community Manager / Oracle the one who provided a hint for this not the one

1.27k views • 50 slides
Cap Sante North &amp; West Basin Upland Redevelopment Council Briefjng - February 24, 2020

Cap Sante North &amp; West Basin Upland Redevelopment Council Briefjng - February 24, 2020

Cap Sante North &amp; West Basin Upland Redevelopment Council Briefjng - February 24, 2020 Overview Project Process and Purpose Development Plan Site Plan Rationale Event Center Building Design Parking Strategy

840 views • 61 slides
Dataflow Network Programming with Neuron Eric Griffis RacketCon 2018 St. Louis, MO 1 I. Meet

Dataflow Network Programming with Neuron Eric Griffis RacketCon 2018 St. Louis, MO 1 I. Meet

Dataflow Network Programming with Neuron Eric Griffis RacketCon 2018 St. Louis, MO 1 I. Meet Nick 2 Nick cares about cancer 3 Curing cancer is expensive 4 5 6 II. Enter Neuron 7 The Neuron Framework concurrency model messaging API

580 views • 28 slides
FAB: Towards Flow-aware Bu fg er Sharing in Programmable Switches Maria Apostolaki Joint work

FAB: Towards Flow-aware Bu fg er Sharing in Programmable Switches Maria Apostolaki Joint work

FAB: Towards Flow-aware Bu fg er Sharing in Programmable Switches Maria Apostolaki Joint work with Laurent Vanbever &amp; Manya Ghobadi An old story An old story Fan-in causing queue built-up Switch Senders Receivers An

1.04k views • 85 slides

More recommend