sie ipv4 darknet
play

SIE IPv4 Darknet DUST San Diego, May 2012 Eric Ziegast Internet - PowerPoint PPT Presentation

Dec 30, 2022 •230 likes •378 views

SIE IPv4 Darknet DUST San Diego, May 2012 Eric Ziegast Internet Systems Consortium Deck Version 0.2 Space There's lots of it [ picture deleted ] [ for reference, look for darknet hilbert heat map on google] Who has a good

  1. SIE IPv4 Darknet DUST San Diego, May 2012 Eric Ziegast Internet Systems Consortium Deck Version 0.2

  2. Space ● There's lots of it [ picture deleted ] [ for reference, look for “darknet hilbert heat map” on google] Who has a good recent diagram?

  3. Are we really running out? IP counts increasing somewhat linearly - IPv6 emerging ●

  4. Typical research ● tcpdump > dataset ● analysis < dataset > results ● cp results presentation

  5. What we do ● How to efficiently distribute data? ● We efficiently encapsulate and redistribute ● ... in real time.

  6. What's there ● 500k+ addresses, 10 networks ● >1000 pps Darknet flow SIE West SIE East ISC 24 relay relay relay relay ISP #1 relay relay relay relay ISC /17 participants participants

  7. One way we get it ● ISP router cross-connects to SIE switch ● Router ends up broadcasting on SIE VLAN ● Cisco config-fu: router static address-family ipv4 unicast XX.XX.0.0/16 10.255.10.254 arp vrf default 10.255.10.254 0202.0404.0606 ARPA interface GigabitEthernet0/2/0/3.14 description SIE Dark Net ipv4 address 10.255.10.1 255.255.255.0 dot1q vlan 14

  8. How to redistribute ● NMSG Google protocol buffers ● Encapsulation ● Source Identifiers ● Broadcast network plumbing ● Net->File->Replay capability ● Sender: nmsgtool -dddd -V ISC -T pkt -i sie.14+ -m 1280 -s DESTIP/50140 Receiver: nmsg-pkt-inject -l DESTIP/DESTPORT -o sie.14

  9. More capture ip route add blackhole X.Y.Z.0/24 nmsgtool -D -V ISC -T pkt -i eth0 -m 1280 –unbuffered \ -s DESTIP/50140 -z -b 'net X.Y.Z.0/24' nmsgtool -D -V ISC -T pkt -i eth0 -z -w FILE.nmsg -t 3600 -k kick.sh Would love to get flow or Null0 traffic.

  10. Uses ● Commercial: ● Backscatter analysis – target watch ● Probe sources mapping to botnets or “sources of interest” for IDS people. ● Research: ● Test theories/predictions on live data ● Combine with other data (netflow, bgp, passiveDNS?, others) ● Loosely-coupled multi-processor approach

  11. Levels of darkness ● V1 – black – no response ● V2 – dark-gray – limited response ● Think sinkhole: reset after TCP handshake ● V3 – blue - Honeypot VPN ● Darknet offers NAT transport to remote honeypot server(s) to get infected. ● Infected server uses remote IP resources for study after initial infection session closed.

  12. Challenges ● Anonymizing? (PII) ● Not yet, we rely on privacy agreement ● Can make your own anon wrapper ● Can make 3rd-party summary tools – Standardized 5060/445/80/53/ICMP triggers and event correlation.- encouraged by Alberto – Real-time feedback of event reports from ISPs ● Timing ● We can preserve timing at capture, but replay and distribution in PCAP has timers set to current when regenerated.

  13. Challenges ● Some ISPs have only flow data available – perhaps we should make another type? ● Getting more data ● How do you collect data? ● What formats do you use?

  14. Future ● Let's take some common methods and tools and publish them so that anyone can apply them to their darknets and share classification results. ● Let's show ISPs what good can come from their contributing data in real time to make available to researchers. Possible feedback loop for them.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tobacco on the Darknet AILI MALM, PH.D. PROFESSOR, SCHOOL OF CRIMINOLOGY, CRIMINAL JUSTICE AND

Tobacco on the Darknet AILI MALM, PH.D. PROFESSOR, SCHOOL OF CRIMINOLOGY, CRIMINAL JUSTICE AND

Tobacco on the Darknet AILI MALM, PH.D. PROFESSOR, SCHOOL OF CRIMINOLOGY, CRIMINAL JUSTICE AND EMERGENCY MANAGEMENT CALIFORNIA STATE UNIVERSITY, LONG BEACH Illicit Markets on the Darknet: Cryptomarkets and Single-Vendor Shops Law Enforcement

479 views • 8 slides
Veiled A Browser Darknet Matt Wood &amp; Billy Hoffman matt.wood@hp.com

Veiled A Browser Darknet Matt Wood &amp; Billy Hoffman matt.wood@hp.com

Veiled A Browser Darknet Matt Wood &amp; Billy Hoffman matt.wood@hp.com billy.hoffman@hp.com Web Security Research Group -- HP Software What is a Darknet? A private network where users can freely exchange ideas and content.

742 views • 42 slides
Overview 2 XS4ALL Darknet Research question Argus Research Results Zero day warning system

Overview 2 XS4ALL Darknet Research question Argus Research Results Zero day warning system

Overview 2 XS4ALL Darknet Research question Argus Research Results Zero day warning system Internet Security Index Conclusion Future work Rob Buijs Project Darklight Michael Rave XS4ALL Darknet 3 Darknets Traffic to the XS4ALL

713 views • 22 slides
IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool IPv4 with NAT/Tunnels But we can use IPv4 and NAT or Tunnels!!! Yeah, right IPv6 IPv6 Readiness Laptops, pads, mobile phones, dongles,

477 views • 19 slides
IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4 exhaustion (link to RIRs and highlight relevant trends for your region) Regional Internet Authorities are in various phases of IPv4 exhaustion

486 views • 13 slides
Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4

Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4

Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4 space 4.294.967.296 IP addresses (not all of them are usable) It seems a lot of space, right? But the world population is almost 7 billion

201 views • 16 slides
CERT-MU Computer Emergency Response Team of Mauritius Mrs. Selvana Naiken Gopalla Information

CERT-MU Computer Emergency Response Team of Mauritius Mrs. Selvana Naiken Gopalla Information

The Future of the Darknet CERT-MU Computer Emergency Response Team of Mauritius Mrs. Selvana Naiken Gopalla Information Security Consultant Agenda CERT-MU Introduction to the Darknet Darknet Markets The Darknets Future Challenges of the

803 views • 20 slides
IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life

IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life

IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life Cycle Events ARIN Runout RIPE Inter-RIR Transfers /8s come to market IPv6 Adoption 2 Factors Affecting Pricing # OF IP TRANSFERS

223 views • 8 slides
IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There are 4,294,967,296 IPv4 addresses (32 bits long) but not all of them can be used Looks like a lot, right? But... World popula)on currently stands

501 views • 27 slides
Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4 addresses have 32 bits only not enough for 1 IP address per person dynamic IPs, NAT, Manual configuration time consuming (in larger

655 views • 16 slides
Turning Down the Lights: Darknet Deployment Lessons Learned

Turning Down the Lights: Darknet Deployment Lessons Learned

Turning Down the Lights: Darknet Deployment Lessons Learned Casey Deccio DUST 2012 - 1st International Workshop on Darkspace and UnSolicited Traffic Analysis May 14, 2012 SDSC, UCSD, San Diego, CA

447 views • 24 slides
SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36, London, January 2017 Incremental IPv6 deployment in DC IPv4-only IPv4-only + IPv6 via NAT/proxy/etc Dual-stacked public frontend, IPv4 BE Full

550 views • 15 slides
Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

802.16 IP Telephony Lab Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr. Quincy Wu solomon@ipv6.club.tw Graduate Institute of Communication Engineering National Chi Nan University 1 1

943 views • 77 slides
Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible with IPv4. Alain Durand The Internet must support continued, un-interrupted growth regardless of IPv4 address availability DISCLAIMER:

614 views • 17 slides
Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic ac7vity Geoff Huston APNIC February 2012 The IPv4 Table: 2004 - now The IPv6

770 views • 47 slides
The not so Dark Side of the Darknet Dr. Victoria Wang (BSc; PhD) Senior Lecturer on Security and

The not so Dark Side of the Darknet Dr. Victoria Wang (BSc; PhD) Senior Lecturer on Security and

Cambridge Cybercrime Centre: Fourth Annual Cybercrime Conference The not so Dark Side of the Darknet Dr. Victoria Wang (BSc; PhD) Senior Lecturer on Security and Cybercrime Institute for Criminal Justice Studies (ICJS) University of Portsmouth

780 views • 24 slides
Dynamic Counter-Based Broadcast in MANETs Sara Omar al-Humoud 1 Introduction Contribution DCB

Dynamic Counter-Based Broadcast in MANETs Sara Omar al-Humoud 1 Introduction Contribution DCB

Dynamic Counter-Based Broadcast in MANETs Sara Omar al-Humoud 1 Introduction Contribution DCB Related Stochastic Deterministic work Flooding Broadcasting Background Routing Wireless MANET Outline MANETs Broadcasting Fixed

1.52k views • 29 slides
PRAM Algorithms Parallel Random Access Machine (PRAM) PRAM instructions execute in 3-

PRAM Algorithms Parallel Random Access Machine (PRAM) PRAM instructions execute in 3-

PRAM Algorithms Parallel Random Access Machine (PRAM) PRAM instructions execute in 3- Collection of numbered processors phase cycles Access shared memory Read (if any) from a shared memory cell Each processor could have

518 views • 23 slides
2018 MIW Radio Group Our Story Who we are What we do Presented by: Denyse Mesnik Why we do

2018 MIW Radio Group Our Story Who we are What we do Presented by: Denyse Mesnik Why we do

2018 MIW Radio Group Our Story Who we are What we do Presented by: Denyse Mesnik Why we do it MIW Group Spokeswoman President |The Mesnik Group Denyse@MesnikGroup.com History of The MIW Group 20 Women Identified as the Most

359 views • 25 slides
Tecniche radio Edoardo Milotti Corso di Fondamenti Fisici di Tecnologia Moderna A.A. 2019-20

Tecniche radio Edoardo Milotti Corso di Fondamenti Fisici di Tecnologia Moderna A.A. 2019-20

Tecniche radio Edoardo Milotti Corso di Fondamenti Fisici di Tecnologia Moderna A.A. 2019-20 Trasduttore capacitivo (capacitive microphone, electret microphone) Q V cc = C ( t ) + IR V cc C ( t ) = Q + IRC ( t ) dC dt = I + IRdC dt + RC ( t )

619 views • 44 slides
quantum broadcast networks arXiv: 1803.04796 Ignatius William Primaatmaja , Yukun Wang, Emilien

quantum broadcast networks arXiv: 1803.04796 Ignatius William Primaatmaja , Yukun Wang, Emilien

Characterising the behaviour of classical- quantum broadcast networks arXiv: 1803.04796 Ignatius William Primaatmaja , Yukun Wang, Emilien Lavie, Antonios Varvitsiotis, Charles Ci Wen Lim 1 Outline 1. Numerical toolbox for characterisation of

314 views • 20 slides
5G Broadcast Use Cases and their Impact on Society and Citizens Dr r Be Belk lkacem Mouhouche

5G Broadcast Use Cases and their Impact on Society and Citizens Dr r Be Belk lkacem Mouhouche

22nd May 2018 IEEE 5G Summit it Bra Brasil ilis isa 5G Broadcast Use Cases and their Impact on Society and Citizens Dr r Be Belk lkacem Mouhouche Samsung Electronics R&amp;D UK 5G - Overview 5G is at peak research and

1.18k views • 22 slides
Mixer Effjcient Many-to-All Broadcast in Dynamic Wireless Mesh Networks Carsten Herrmann, Fabian

Mixer Effjcient Many-to-All Broadcast in Dynamic Wireless Mesh Networks Carsten Herrmann, Fabian

Mixer Effjcient Many-to-All Broadcast in Dynamic Wireless Mesh Networks Carsten Herrmann, Fabian Mager, Marco Zimmerling Networked Embedded Systems Lab, TU Dresden, Germany Why Many-to-All Communication? Why Many-to-All universal: can

747 views • 43 slides
Overview of Complex Networks Class admin Complex Networks, CSYS/MATH 303, Spring, 2010 Basic

Overview of Complex Networks Class admin Complex Networks, CSYS/MATH 303, Spring, 2010 Basic

Overview Overview of Complex Networks Class admin Complex Networks, CSYS/MATH 303, Spring, 2010 Basic definitions Popularity Examples of Prof. Peter Dodds Complex Networks Properties of Complex Networks Department of Mathematics &amp;

1.43k views • 61 slides

More recommend