Quantifying the accuracy of small subnet-equivalent sampling of IPv4 internet background radiation datasets
- Authors: Chindipha, Stones, D , Irwin, Barry V W , Herbert, Alan
- Date: 2019
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430271 , vital:72679 , https://doi.org/10.1145/3351108.3351129
- Description: Network telescopes have been used for over a decade to aid in identifying threats by gathering unsolicited network traffic. This Internet Background Radiation (IBR) data has proved to be a significant source of intelligence in combating emerging threats on the Internet at large. Traditionally, operation has required a significant contiguous block of IP addresses. Continued operation of such sensors by researchers and adoption by organisations as part of its operation intelligence is becoming a challenge due to the global shortage of IPv4 addresses. The pressure is on to use allocated IP addresses for operational purposes. Future use of IBR collection methods is likely to be limited to smaller IP address pools, which may not be contiguous. This paper offers a first step towards evaluating the feasibility of such small sensors. An evaluation is conducted of the random sampling of various subnet sized equivalents. The accuracy of observable data is compared against a traditional 'small' IPv4 network telescope using a /24 net-block. Results show that for much of the IBR data, sensors consisting of smaller, non-contiguous blocks of addresses are able to achieve high accuracy rates vs. the base case. While the results obtained given the current nature of IBR, it proves the viability for organisations to utilise free IP addresses within their networks for IBR collection and ultimately the production of Threat intelligence.
- Full Text:
- Date Issued: 2019
An analysis on the re-emergence of SQL Slammer worm using network telescope data
- Authors: Chindipha, Stones, D , Irwin, Barry V W
- Date: 2017
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428326 , vital:72503 , https://researchspace.csir.co.za/dspace/bitstream/handle/10204/9705/Chindipha_19658_2017.pdf?sequence=1ansisAllowed=y
- Description: The SQL Slammer worm is a self propagated computer virus that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic. An observation of network traffic captured in the Rhodes University’s network telescopes shows that traf-fic observed in it shows an escalation in the number of packets cap-tured by the telescopes between January 2014 and December 2016 when the expected traffic was meant to take a constant decline in UDP packets from port 1434. Using data captured over a period of 84 months, the analysis done in this study identified top ten /24 source IP addresses that Slammer worm repeatedly used for this attack together with their geolocation. It also shows the trend of UDP 1434 packets re-ceived by the two network telescopes from January 2009 to December 2015. In line with epidemic model, the paper has shown how this traffic fits in as SQL Slammer worm attack. Consistent number of packets ob-served in the two telescopes between 2014 and 2016 shows qualities of the Slammer worm attack. Basic time series and decomposition of additive time series graphs have been used to show trend and ob-served UDP packets over the time frame of study.
- Full Text:
- Date Issued: 2017
Cyber Vulnerability Assessment: Case Study of Malawi and Tanzania
- Authors: Chindipha, Stones, D , Irwin, Barry V W
- Date: 2015
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428558 , vital:72520 , https://accconference.mandela.ac.za/ACCConference/media/Store/images/Proceedings-2015.pdf#page=105
- Description: Much as the Internet is beneficial to our daily activities, with each passing day it also brings along with it information security concerns for the users be they at company or national level. Each year the number of Internet users keeps growing, particularly in Africa, and this means only one thing, more cyber-attacks. Governments have become a focal point of this data leakage problem making this a matter of national security. Looking at the current state of affairs, cyber-based incidents are more likely to increase in Africa, mainly due to the increased prevalence and affordability of broadband connectivity which is coupled with lack of online security awareness. A drop in the cost of broadband connection means more people will be able to afford Internet connectivity. With open Source Intelligence (OSINT), this paper aims to perform a vulnerability analysis for states in Eastern Africa building from prior research by Swart et al. which showed that there are vulnerabilities in the information systems, using the case of South Africa as an example. States in East Africa are to be considered as candidates, with the final decision being determined by access to suitable resources, and availability of information. A comparative analysis to assess the factors that affect the degree of security susceptibilities in various states will also be made and information security measures used by various governments to ascertain the extent of their contribution to this vulnerability will be assessed. This pilot study will be extended to other Southern and Eastern African states like Botswana, Kenya, Uganda and Namibia in future work.
- Full Text:
- Date Issued: 2015