The Day after Patch Tuesday: Effects Observable in IP Darkspace Traffic

  • Tanja Zseby
  • Alistair King
  • Nevil Brownlee
  • K C Claffy
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7799)

Abstract

We investigated how Patch Tuesday affects the volume and characteristics of malicious and unwanted traffic as observed by a large IPv4 (/8) darkspace monitor over the first six months of 2012. We did not discover significant changes in overall traffic volume following Patch Tuesday, but we found a significant increase of the number of active hosts sending to our darkspace monitor the day after Patch Tuesday for all six investigated months. Our early results suggest the effects of Patch Tuesday are worth deeper investigation. Detecting time intervals during which new sources become active can help tune sampling methods toward activity periods that likely contain more interesting information (i.e., many new malicious sources) than other time periods.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Aben, E.: Conficker/Conflicker/Downadup as seen from the UCSD Network Telescope. Technical report, CAIDA (February 2009), http://www.caida.org/research/security/ms08-067/conficker.xml
  3. 3.
    Brownlee, N.: One-way Traffic Monitoring with iatmon. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol. 7192, pp. 179–188. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
  5. 5.
    Alistair King. Corsaro (October 2012), http://www.caida.org/tools/measurement/corsaro/

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Tanja Zseby
    • 1
    • 2
  • Alistair King
    • 2
  • Nevil Brownlee
    • 2
    • 3
  • K C Claffy
    • 2
  1. 1.Fraunhofer Institute FOKUSBerlinGermany
  2. 2.CAIDAUCSDSan DiegoUSA
  3. 3.The University of AucklandAucklandNew Zealand

Personalised recommendations