the dust between the stars
play

The Dust Between the Stars adventures with a small telescope (with - PowerPoint PPT Presentation

Jun 16, 2023 •424 likes •711 views

The Dust Between the Stars adventures with a small telescope (with notes on a big dark space) John McHugh Senior Principal 15 May 2012 RedJack LLC This is not a new problem Last night I saw upon the stair A little man who wasnt there He

  1. The Dust Between the Stars adventures with a small telescope (with notes on a big dark space) John McHugh Senior Principal 15 May 2012 RedJack LLC

  2. This is not a new problem Last night I saw upon the stair A little man who wasn’t there He wasn’t there again today Oh, how I wish he’d go away Hughes Mearns From “Antigonish” ca 1899

  3. A very small telescope • For 14 months between Feb. 2005 and Mar. 2006, I had access to a /22 in Halifax. – Captured NefFlow V5 form the border router. – Only 117 of the 1024 addresses ever used • some only for a short time – Dark space is 899 addresses. – These are interspersed among the active ones

  4. Not your usual darkspace • 90MB to dark of 2.5GB total for 14 months • Dark addresses mixed with active hosts • Nonetheless it presents some interesting phenomena • Next slide gives overall summary by month • After that, we will characterize the dark data. • Some results are from a study done for CSE (Canada) in 2007/8 – Looked at very low frequency sources <10 connections / source in the observation period

  5. Base traffic – Light and Dark

  6. Traffic to dark addresses

  7. Dark Protocols Protocol Name Flows 0 IPv6HbyH 1 1 ICMP 534,867 2 IGMP 1 6 TCP 4,414,339 17 UDP 1,392,443 47 GRE 3 255 {Reserved} 23

  8. ICMP - many badly formed ICMP Type ICMP Name Flows 0 Echo reply 356 3 Unreachable 137,508 4 Source Quench 33 8 Echo Request 355,632 11 Time exceeded 41,125 12 Parameter Problem 12 13 Time Stamp 1 14 Timestamp reply 81 17 Address mask Request 1

  9. TCP Flags Flows Flags Flows Flags Flows S 3,542,282 FF 701 F 18 SA 566,627 FSA 678 RPA 6 RA 192,876 SPA 421 SRPAU 3 FSPA 43,280 FA 298 FRAU 2 SR 31,222 FSRA 159 FR 1 R 23,017 FPA 130 RU 1 SRA 6,425 SRPA 88 FPU 1 A 3,626 FRPA 54 RPAU 1 PA 1,636 (none) 44 FRPAU 1 FSRPA 720 FRA 20 FSRPAU 1

  10. UDP • Except for the VLF analysis (in a few slides) we have not done anything with the UDP. • G dot is 1-10 flow UDP to dark port count R + is low vol outbound. Blue is overall port distribution.

  11. Some VLF results and discussion • When is a “light” address dark 1. This is a meaningless question 2. This is a meaningful question if we include a temporal aspect. 3. When it does not respond to a specific request for service. • Which answer you choose may affect whether you think the following results are relevant to the workshop.

  12. TCP Traffic spikes to unused IPs

  13. TCP Temporal distribution - top VLF ports

  14. Where do they go (1-10 flows / host)?

  15. UDP Temporal distribution - top VLF ports

  16. Another way of looking at things • Yesterday, I mentioned the “Contact Surface” work that Carrie gates and I reported in DIMVA, 2008 – in the absence of temporally consistent probes the contact line is linear in the log/log space. – With a big telescope, hourly lines are meaningful – With a small one, it takes a month to get a line. – While the line is definitely heavy tailed, this may not be the most productive way to think about it.

  17. Contact lines and fit for a few days

  18. Contact surface (what color is Wednesday)

  19. April Contacts VLF Normal? Scanners

  20. A look at bigger dark spaces • Work ¡by ¡Michael ¡Collins ¡and ¡Jeff ¡Janies • Model the internet background noise with the objective of removing it from “real” or intentional traffic • Ini7al ¡effort: ¡find ¡invariants ¡ – Found ¡20 ¡dark ¡/1 6 ’s ¡from ¡various ¡/8’s ¡with ¡0 ¡ac7ve ¡ addresses ¡ – This ¡looks ¡only ¡at ¡sources ¡of ¡SYN ¡only ¡TCP ¡flows ¡ – Found ¡# ¡of ¡SIPs ¡observed ¡in ¡a ¡5 ¡minute ¡period ¡was ¡ rela7vely ¡stable ¡across ¡/16s ¡

  21. 5 min SIP count – Dark /16 “A” 600 ’’ u 1:6 550 500 Number of unique SIPs 450 400 350 300 250 200 d05H00 d06H00 d07H00 d08H00 d09H00 d10H00 d11H00 d12H00 d13H00 d14H00 d15H00 d16H00 Date (August, 2009)

  22. 5 min SIP count – Dark /16 “B” 600 550 500 Number of unique SIPs 450 400 350 300 250 200 d05H00 d06H00 d07H00 d08H00 d09H00 d10H00 d11H00 d12H00 d13H00 d14H00 d15H00 d16H00 Date (August, 2009)

  23. 5 min SIP count – Dark /16 “C” 600 550 500 Number of unique SIPs 450 400 350 300 250 200 d05H00 d06H00 d07H00 d08H00 d09H00 d10H00 d11H00 d12H00 d13H00 d14H00 d15H00 d16H00 Date (August, 2009)

  24. Factors ¡Affec7ng(?) ¡Darkspace ¡ Proximity ¡ Popula7on ¡ Loca7on ¡

  25. DS0 ¡all ¡dark ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡DS6 ¡~1000 ¡hosts ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡DS13 ¡~4000 ¡hosts ¡ 600 600 550 550 500 500 Number of Unique SIPs Number of Unique SIPs 450 450 400 400 350 350 300 300 250 250 200 200 d05H00 d06H00 d07H00 d08H00 d09H00 d10H00 d11H00 d12H00 d13H00 d14H00 d15H00 d16H00 d05H00 d06H00 d07H00 d08H00 d09H00 d10H00 d11H00 d12H00 d13H00 d14H00 d15H00 d16H00 600 550 500 Number of Unique SIPs 450 400 350 300 250 200 d05H00 d06H00 d07H00 d08H00 d09H00 d10H00 d11H00 d12H00 d13H00 d14H00 d15H00 d16H00

  26. By ¡Comparison ¡ ¡(Total ¡traffic) ¡…. ¡ 1e+11 Population DS0 Population DS6 Population DS13 1e+10 1e+09 Observed Traffic (Bytes) 1e+08 1e+07 1e+06 100000 10000 d02H00d02H12d03H00d03H12d04H00d04H12d05H00d05H12d06H00d06H12d07H00d07H12d08H00 Date

  27. Large Space Conclusions • SYN only Sources seem to be consistent in approximate numbers across completely dark and partially dark spaces. – We believe that we can construct useful models for this component if the background noise. – This background component appears to be pervasive, affecting light and dark networks equally • Analysis seems to extend to other types of TCP background such as backscatter from DDoS

  28. Unasked questions • Most of the work presented here comes from studies that had other objectives. • Combined with other work presented at Dust, we start to see some commonalities. – The unintentional traffic in dark and light spaces has similar characteristics. – Most of the studies are over fairly short samples – Worms and malware come and (sometimes) go, but there is always background noise • I would like some long term studies and population tracking. Demographics, persistence, etc.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Stars Stars Stars form from massive clouds of dust and gas in stellar nurseries. Stars Gravity

Stars Stars Stars form from massive clouds of dust and gas in stellar nurseries. Stars Gravity

The Life Cycle of Stars Stars Stars form from massive clouds of dust and gas in stellar nurseries. Stars Gravity pulls the dust and gas together creating heat in the process. Protostar A protostar is the first stage in a star's life. They are

454 views • 18 slides
Dust in the near environment of classical T Tauri stars Peter Petrov Crimean Astrophysical

Dust in the near environment of classical T Tauri stars Peter Petrov Crimean Astrophysical

Dust in the near environment of classical T Tauri stars Peter Petrov Crimean Astrophysical Observatory from Bertout et al, 207 AA 473 L21 Dippers (AA Tau - type stars) Dimming events in cTTS Dusty disk winds Circumstellar

742 views • 30 slides
Weighing a Galaxy What is a galaxy made of? STARS GAS DUST DARK MATTER! Weighing

Weighing a Galaxy What is a galaxy made of? STARS GAS DUST DARK MATTER! Weighing

Weighing a Galaxy What is a galaxy made of? STARS GAS DUST DARK MATTER! Weighing a Galaxy 2 What is HI? Majority of gas is atomic hydrogen (HI) It is the fuel for stars Emits light with wavelength 21cm (1420 MHz)

381 views • 34 slides
Evolution of gas and dust in AGB stars Kay Justtanont Chalmers University of Technology Stellar

Evolution of gas and dust in AGB stars Kay Justtanont Chalmers University of Technology Stellar

Evolution of gas and dust in AGB stars Kay Justtanont Chalmers University of Technology Stellar evolution For low- and intermediate-mass stars, they enter the red giant and subsequently, asymptotic giant branch (AGB) phases. During the

713 views • 39 slides
Weighing a Galaxy What is a galaxy made of? STARS GAS DUST DARK MATTER! Weighing

Weighing a Galaxy What is a galaxy made of? STARS GAS DUST DARK MATTER! Weighing

Weighing a Galaxy What is a galaxy made of? STARS GAS DUST DARK MATTER! Weighing a Galaxy 2 What is HI? e - p + Majority of gas is atomic hydrogen (HI) It is the fuel for stars p + One proton and one electron e -

396 views • 27 slides
Survey for Dust Continuum Emissions toward Circumstellar Disks (I will focus on nearby T Tauri

Survey for Dust Continuum Emissions toward Circumstellar Disks (I will focus on nearby T Tauri

Survey for Dust Continuum Emissions toward Circumstellar Disks (I will focus on nearby T Tauri stars) Munetake MOMOSE (Ibaraki) Detection No Detection Strategy Observations of Dust Disks in Star Forming Regions (d ~ 150 pc) ~ 1&quot;

562 views • 39 slides
New Flameless Venting for Combustible Dust Jason Krbec Combustible Dust Combustible dust a

New Flameless Venting for Combustible Dust Jason Krbec Combustible Dust Combustible dust a

New Flameless Venting for Combustible Dust Jason Krbec Combustible Dust Combustible dust a continual hazard in the pulp and paper industry Dust Hazard Analysis (DHA) are a requirement in NFPA standards New technologies are needed

318 views • 12 slides
Dr. Peter Frinchaboy (TCU) Why star clusters? Open cluster - 100s to 1000s of stars that

Dr. Peter Frinchaboy (TCU) Why star clusters? Open cluster - 100s to 1000s of stars that

Kelly Jackson (Senior - TCU) Dr. Peter Frinchaboy (TCU) Why star clusters? Open cluster - 100s to 1000s of stars that formed at the same time from the same cloud of interstellar gas and dust Stars have the same properties: age, distance

789 views • 19 slides
23 AUGUST 2017 DUST IN AGRICULTURE AIR QUALITY AND DUST 2 DUST IN AGRICULTURE RISK ASSESSMENT

23 AUGUST 2017 DUST IN AGRICULTURE AIR QUALITY AND DUST 2 DUST IN AGRICULTURE RISK ASSESSMENT

FARMERS MEETING - PETERSVILLE AGRICULTURE WORKING GROUP MEETING AIR QUALITY / DUST, GROUNDWATER, SURFACE WATER AGRICULTURE AND SURROUNDING LANDOWNERS 23 AUGUST 2017 DUST IN AGRICULTURE AIR QUALITY AND DUST 2 DUST IN AGRICULTURE RISK

916 views • 23 slides
Dust Removal Systems Work Safe, Stay Healthy, Improve Productivity www.hilti.com 1 Dust 2009

Dust Removal Systems Work Safe, Stay Healthy, Improve Productivity www.hilti.com 1 Dust 2009

Dust Removal Systems Work Safe, Stay Healthy, Improve Productivity www.hilti.com 1 Dust 2009 Dust Chamber Video www.hilti.com 3 Dust 2009 Have you ever considered. Up to 2.20 lbs of dust are produced with five minutes sawing / cutting.

634 views • 46 slides
PULSAR TIMING ARRAYS SKY FULL OF STARS STARS SKY FULL OF STARS STARS Gravity versus

PULSAR TIMING ARRAYS SKY FULL OF STARS STARS SKY FULL OF STARS STARS Gravity versus

STEFAN OS OWSKI PULSAR TIMING ARRAYS SKY FULL OF STARS STARS SKY FULL OF STARS STARS Gravity versus pressure STELLAR REMNANTS A S A N : t d i e C r DEGENERATE PRESSURE Bosons Fermions 810 nK 510 nK 240 nK Credit:

935 views • 62 slides
DUST , life is a matter of Style. The DUST Concept goes against the current trend to

DUST , life is a matter of Style. The DUST Concept goes against the current trend to

DUST , life is a matter of Style. The DUST Concept goes against the current trend to industrialize the production of a standard and packaged product. Medium-low quality , massive quantities and automated processing times are not part of our

186 views • 7 slides
Best Practices for Solid Sulphur Handling Dust Mitigation and Control What causes dust

Best Practices for Solid Sulphur Handling Dust Mitigation and Control What causes dust

Best Practices for Solid Sulphur Handling Dust Mitigation and Control What causes dust generation? Contaminated feedstock problems at the SRU. Forming plant product quality SUDIC and temperature. Handling before storage.

464 views • 25 slides
ASL AIRS contributions Using AIRS data in the presence of dust L2 : dust impact OLR forcing :

ASL AIRS contributions Using AIRS data in the presence of dust L2 : dust impact OLR forcing :

ASL AIRS contributions Using AIRS data in the presence of dust L2 : dust impact OLR forcing : Fast estimate February 2007 Sergio DeSouza-Machado and Larrabee Strow duststorm Future Work Conclusions Atmospheric Spectroscopy Laboratory

775 views • 44 slides
atmosp tmospheric dust o heric dust over er Cape V Ca pe Ver erde islands de islands C. Pio

atmosp tmospheric dust o heric dust over er Cape V Ca pe Ver erde islands de islands C. Pio

Universidade de Aveiro Seaso Seasonal nal varia variability bility of of atmosp tmospheric dust o heric dust over er Cape V Ca pe Ver erde islands de islands C. Pio 1 ; M.C. Freitas 2 ; J. Cardoso 1,3 ; T. Nunes 1 ; S.M. Almeida 2 ;

453 views • 22 slides
HOLIDAYS Jeff Lindsay, Aug. 2018 Arise from the Dust: A Rich Book of Mormon Theme FAIRMormon

HOLIDAYS Jeff Lindsay, Aug. 2018 Arise from the Dust: A Rich Book of Mormon Theme FAIRMormon

HOLIDAYS Jeff Lindsay, Aug. 2018 Arise from the Dust: A Rich Book of Mormon Theme FAIRMormon Conference Dust, Earth, Dirt, Soil, and Creation Dust: An Important Ancient Motif Rising from the dust in the Book of Mormon and the Bible is

950 views • 47 slides
Linear Regression 18.05 Spring 2014 Agenda Fitting curves to bivariate data Measuring the

Linear Regression 18.05 Spring 2014 Agenda Fitting curves to bivariate data Measuring the

Linear Regression 18.05 Spring 2014 Agenda Fitting curves to bivariate data Measuring the goodness of fit The fit vs. complexity tradeoff Regression to the mean Multiple linear regression January 1, 2017 2 / 25 Modeling bivariate data

706 views • 25 slides
Operating Systems Fall 2014 Secondary Storage Myungjin Lee myungjin.lee@ed.ac.uk 1 Secondary

Operating Systems Fall 2014 Secondary Storage Myungjin Lee myungjin.lee@ed.ac.uk 1 Secondary

Operating Systems Fall 2014 Secondary Storage Myungjin Lee myungjin.lee@ed.ac.uk 1 Secondary storage Secondary storage typically: is anything that is outside of primary memory does not permit direct execution of instructions

509 views • 26 slides
Chapter 3.23.4 Spanning Tree Algorithms Prof. Tesler Math 154 Winter 2020 Prof. Tesler Ch.

Chapter 3.23.4 Spanning Tree Algorithms Prof. Tesler Math 154 Winter 2020 Prof. Tesler Ch.

Chapter 3.23.4 Spanning Tree Algorithms Prof. Tesler Math 154 Winter 2020 Prof. Tesler Ch. 3.23.4: Spanning Tree Algorithms Math 154 / Winter 2020 1 / 56 Depth 4 Depth 0 Depth 1 3 8 5 6 2 Depth 2 7 10 9 1 Depth 3 The

1.09k views • 56 slides
Modeling unobserved heterogeneity in Stata Rafal Raciborski StataCorp LLC November 27, 2017

Modeling unobserved heterogeneity in Stata Rafal Raciborski StataCorp LLC November 27, 2017

Modeling unobserved heterogeneity in Stata Rafal Raciborski StataCorp LLC November 27, 2017 Rafal Raciborski (StataCorp) November 27, 2017 1 / 59 Modeling unobserved heterogeneity Plan of the talk Concepts and terminology Finite mixture

1.16k views • 59 slides
Distributed Optimistic Algorithm Assumptions 1. Synchronized clocks 2. MTD (max, trans, delay)

Distributed Optimistic Algorithm Assumptions 1. Synchronized clocks 2. MTD (max, trans, delay)

Distributed Optimistic Algorithm Assumptions 1. Synchronized clocks 2. MTD (max, trans, delay) can be defined Step 1: Read Step 2: Compute Step 3: Transaction is broadcasted to all nodes at time (V i ) (time when computation finishes and T

445 views • 15 slides
1. Lack of motivation. 2. Not Wowing your patients enough. 3. No exit strategy. 4. Your office

1. Lack of motivation. 2. Not Wowing your patients enough. 3. No exit strategy. 4. Your office

Our problems 1. Lack of motivation. 2. Not Wowing your patients enough. 3. No exit strategy. 4. Your office plateaued. 5. Team is not engaged. 6. Not making as much money as you would like. How to become a DSD clinic Book a DSD Consultancy

367 views • 19 slides
Know ledge-Based Systems IS430 Modeling Basic Operations and Inputs Mostafa Z. Ali Mostafa Z.

Know ledge-Based Systems IS430 Modeling Basic Operations and Inputs Mostafa Z. Ali Mostafa Z.

Winter 2009 Know ledge-Based Systems IS430 Modeling Basic Operations and Inputs Mostafa Z. Ali Mostafa Z. Ali mzali@just.edu.jo Lecture 2: Slide 1 What Well Do ... Model 4-1: Electronic assembly/test system Modeling approaches

706 views • 68 slides
Lepton Collider meeting 3 December With Fred Hartjes, Kees Ligtenberg, Jan Timmermans, Jochen

Lepton Collider meeting 3 December With Fred Hartjes, Kees Ligtenberg, Jan Timmermans, Jochen

2013 Lepton Collider meeting 3 December With Fred Hartjes, Kees Ligtenberg, Jan Timmermans, Jochen Kaminsky, Tobias Schiffer, Markus Gruber, Klaus Desch and Peter Kluit Last meeting 19 November Kees showed the issues with 2013 the Timepix

287 views • 9 slides

More recommend