TAILIEUCHUNG - Characteristics of Internet Background Radiation

Monitoring any portion of the Internet address space reveals incessant activity. This holds even when monitoring traf c sent to unused addresses, which we term background radiation. Background radiation re ects fundamentally nonproductive traf c, either malicious ( ooding backscatter, scans for vulnerabilities, worms) or benign (miscon gurations). While the general presence of background radiation is well known to the network operator community, its nature has yet to be broadly characterized. We develop such a characterization based on data collected from four unused networks in the Internet. Two key elements of our methodology are (i) the use of ltering to reduce load on the measurement system, and (ii) the use of active responders to elicit further. | Characteristics of Internet Background Radiation Ruoming Pang rpang@ Vinod Yegneswaran vinod@ Paul Barford1 pb@ Vern Paxson vern@ Larry Peterson llp@ ABSTRACT Monitoring any portion of the Internet address space reveals incessant activity. This holds even when monitoring traffic sent to unused addresses which we term background radiation. Background radiation reflects fundamentally nonproductive traffic either malicious flooding backscatter scans for vulnerabilities worms or benign misconfigurations . While the general presence of background radiation is well known to the network operator community its nature has yet to be broadly characterized. We develop such a characterization based on data collected from four unused networks in the Internet. Two key elements of our methodology are i the use of filtering to reduce load on the measurement system and ii the use of active responders to elicit further activity from scanners in order to differentiate different types of background radiation. We break down the components of background radiation by protocol application and often specific exploit analyze temporal patterns and correlated activity and assess variations across different networks and over time. While we find a menagerie of activity probes from worms and autorooters heavily dominate. We conclude with considerations of how to incorporate our characterizations into monitoring and detection activities. Categories and Subject Descriptors Local and Wide-Area Networks Internet General Terms Measurement Keywords Internet Background Radiation Network Telescope Honeypot 1. INTRODUCTION In recent years a basic characteristic of Internet traffic has changed. Older traffic studies make no mention of the presence of appreciable on-going attack traffic 9 25 34 3 but those monitoring and operating today s networks are immediately familiar with the incessant presence of traffic that is up to no good. We .

• Quản trị mạng
• Skin Biopsy
• Uniqueness of CADASIL
• Research Applications
• Human Skin Biopsy
• Clinicopathologic and Molecular
• Aspects of Non
• Histopathology of the skin
• Histology of normal skin
• Techniques of skin biopsy
• Dermoepidermal junction
• Lichen planus
• Vesiculobullous disorders
• Tuberculosis of the skin
• Biopsy Procedures
• Biopsy Applications
• Skin Diseases
• Biopsy in Leprosy
• Severe Drug Induced
• Adverse Reactions