Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
IEEE Security and Privacy
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Toward understanding distributed blackhole placement
Proceedings of the 2004 ACM workshop on Rapid malcode
The Blaster Worm: Then and Now
IEEE Security and Privacy
Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Data reduction for the scalable automated analysis of distributed darknet traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Exploiting underlying structure for detailed reconstruction of an internet-scale event
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
The Zombie roundup: understanding, detecting, and disrupting botnets
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
On the effectiveness of distributed worm monitoring
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The dark oracle: perspective-aware unused and unreachable address discovery
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Proceedings of the ACM SIGCOMM 2010 conference
ACM SIGCOMM Computer Communication Review
One-way traffic monitoring with iatmon
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
A tool for the generation of realistic network workload for emerging networking scenarios
Computer Networks: The International Journal of Computer and Telecommunications Networking
Classifying internet one-way traffic
Proceedings of the 2012 ACM conference on Internet measurement conference
Towards geolocation of millions of IP addresses
Proceedings of the 2012 ACM conference on Internet measurement conference
Gaining insight into AS-level outages through analysis of internet background radiation
Proceedings of the 2012 ACM conference on CoNEXT student workshop
Trinocular: understanding internet reliability through adaptive probing
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Understanding IPv6 internet background radiation
Proceedings of the 2013 conference on Internet measurement conference
Towards a GPU accelerated virtual machine for massively parallel packet classification and filtering
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
SEC'13 Proceedings of the 22nd USENIX conference on Security
A systematic approach for detecting and clustering distributed cyber scanning
Computer Networks: The International Journal of Computer and Telecommunications Networking
Estimating internet address space usage through passive measurements
ACM SIGCOMM Computer Communication Review
Characterizing home network traffic: an inside view
Personal and Ubiquitous Computing
Hi-index | 0.01 |
The monitoring of packets destined for routeable, yet unused, Internet addresses has proved to be a useful technique for measuring a variety of specific Internet phenomenon (e.g., worms, DDoS). In 2004, Pang et al. stepped beyond these targeted uses and provided one of the first generic characterizations of this non-productive traffic, demonstrating both its significant size and diversity. However, the six years that followed this study have seen tremendous changes in both the types of malicious activity on the Internet and the quantity and quality of unused address space. In this paper, we revisit the state of Internet "background radiation" through the lens of two unique data-sets: a five-year collection from a single unused 8 network block, and week-long collections from three recently allocated 8 network blocks. Through the longitudinal study of the long-lived block, comparisons between blocks, and extensive case studies of traffic in these blocks, we characterize the current state of background radiation specifically highlighting those features that remain invariant from previous measurements and those which exhibit significant differences. Of particular interest in this work is the exploration of address space pollution, in which significant non uniform behavior is observed. However, unlike previous observations of differences between unused blocks, we show that increasingly these differences are the result of environmental factors (e.g., misconfiguration, location), rather than algorithmic factors. Where feasible, we offer suggestions for clean up of these polluted blocks and identify those blocks whose allocations should be withheld.