Cloud Telescope Internet Background Radiation August 2023

Citation Author(s):
Fabricio
Bortoluzzi
Noroff University College
Lucas
Beiler
University of Vale do Itajai
Barry
Irwin
Rhodes University
Carla
Westphall
Federal University of Santa Catarina
Submitted by:
Fabricio Bortoluzzi
Last updated:
Mon, 09/30/2024 - 12:23
DOI:
10.21227/hs3j-pg74
Data Format:
License:
0
0 ratings - Please login to submit your rating.

Abstract 

This dataset results from a 47-day Cloud Telescope Internet Background Radiation collection experiment conducted during the months of August and September 2023. A total amount of 260 EC2 instances (sensors) were deployed across all the 26 commercially available AWS regions at the time, 10 sensors per region. A Cloud Telescope sensor does not serve information. All traffic arriving to the sensor is unsolicited, and potentially malicious. Sensors were configured to allow all unsolicited traffic. In this experiment, we implemented high-level responders on TCP ports 23 and 80, coded in rust, to record the commands issued by botnets such as Mirai when they attempt to infect IoT devices. All other TCP ports were configured to only respond to connection requests until three-way handshake completion. This should enable TCP connection state analysis (syn,fin,ack,...). The architecture is reproducible. Terraform Infrastructure-As-Code is available at: https://github.com/lucasbeiler/ibr-iac We will attach the paper with a full analysis of this dataset once it gets published and indexed on IEEE Xplore.

Instructions: 

The files in this dataset are too large to be handled by Wireshark. Command-line dataset exploration can be done with the use of Tshark. Tshark can be installed on Ubuntu-like systems with "sudo apt-get install tshark". On Windows, Tshark is installed with Wireshark. The command to read an uncompressed dataset file is "tshark -r af-south-1.pcap" assuming you want to browse south africa's sub-dataset named "af-south-1.pcap". Reading straight from the compressed is also possible with: "tshark -r af-south-1.pcap.gz".

We have launched a video explaining how to get started with Internet Background Radiation using the first Cloud Telescope dataset. Please watch https://bit.ly/ibr_workshop

Funding Agency: 
Noroff University College
Grant Number: 
Grant 01/2023

Comments

helpful

Submitted by Khushi Arora on Thu, 02/08/2024 - 11:13