Internet background radiation revisited

Authors:
Eric Wustrow;Manish Karir;Michael Bailey;Farnam Jahanian;Geoff Huston
Affiliations:
Merit Network, Inc, Ann Arbor, MI, USA;Merit Networks, Inc., Ann Arbor, MI, USA;University of Michigan, Ann Arbor, MI, USA;University of Michigan, Ann Arbor, MI, USA;Asia Pacific Network Information Centre, Brisbane, Australia
Venue:
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Year:
2010

Citing 16
Cited 13

Code-Red: a case study on the spread and victims of an internet worm

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Inside the Slammer Worm

IEEE Security and Privacy
Characteristics of internet background radiation

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Toward understanding distributed blackhole placement

Proceedings of the 2004 ACM workshop on Rapid malcode
The Blaster Worm: Then and Now

IEEE Security and Privacy
Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
A multifaceted approach to understanding the botnet phenomenon

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Data reduction for the scalable automated analysis of distributed darknet traffic

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Exploiting underlying structure for detailed reconstruction of an internet-scale event

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
The Zombie roundup: understanding, detecting, and disrupting botnets

SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Mapping internet sensors with probe response attacks

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
On the effectiveness of distributed worm monitoring

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The dark oracle: perspective-aware unused and unreachable address discovery

NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
A brief history of scanning

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Internet inter-domain traffic

Proceedings of the ACM SIGCOMM 2010 conference

Extracting benefit from harm: using malware pollution to analyze the impact of political and geophysical events on the internet

ACM SIGCOMM Computer Communication Review
One-way traffic monitoring with iatmon

PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
A tool for the generation of realistic network workload for emerging networking scenarios

Computer Networks: The International Journal of Computer and Telecommunications Networking
Classifying internet one-way traffic

Proceedings of the 2012 ACM conference on Internet measurement conference
Towards geolocation of millions of IP addresses

Proceedings of the 2012 ACM conference on Internet measurement conference
Gaining insight into AS-level outages through analysis of internet background radiation

Proceedings of the 2012 ACM conference on CoNEXT student workshop
Trinocular: understanding internet reliability through adaptive probing

Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Understanding IPv6 internet background radiation

Proceedings of the 2013 conference on Internet measurement conference
Towards a GPU accelerated virtual machine for massively parallel packet classification and filtering

Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
Greystar: fast and accurate detection of SMS spam numbers in large cellular networks using grey phone space

SEC'13 Proceedings of the 22nd USENIX conference on Security
A systematic approach for detecting and clustering distributed cyber scanning

Computer Networks: The International Journal of Computer and Telecommunications Networking
Estimating internet address space usage through passive measurements

ACM SIGCOMM Computer Communication Review
Characterizing home network traffic: an inside view

Personal and Ubiquitous Computing

Quantified Score

Hi-index	0.01

Visualization

Abstract

The monitoring of packets destined for routeable, yet unused, Internet addresses has proved to be a useful technique for measuring a variety of specific Internet phenomenon (e.g., worms, DDoS). In 2004, Pang et al. stepped beyond these targeted uses and provided one of the first generic characterizations of this non-productive traffic, demonstrating both its significant size and diversity. However, the six years that followed this study have seen tremendous changes in both the types of malicious activity on the Internet and the quantity and quality of unused address space. In this paper, we revisit the state of Internet "background radiation" through the lens of two unique data-sets: a five-year collection from a single unused 8 network block, and week-long collections from three recently allocated 8 network blocks. Through the longitudinal study of the long-lived block, comparisons between blocks, and extensive case studies of traffic in these blocks, we characterize the current state of background radiation specifically highlighting those features that remain invariant from previous measurements and those which exhibit significant differences. Of particular interest in this work is the exploration of address space pollution, in which significant non uniform behavior is observed. However, unlike previous observations of differences between unused blocks, we show that increasingly these differences are the result of environmental factors (e.g., misconfiguration, location), rather than algorithmic factors. Where feasible, we offer suggestions for clean up of these polluted blocks and identify those blocks whose allocations should be withheld.