'Internet Background Radiation' Reveals Disasters and Censorship

Posted in: Censorship at 13/03/2012 15:44

There is something satisfying about finding something useful to do with garbage. Researchers at UC San Diego, California, have apparently found a way of using the data traffic generated by malware and and malicious scanning to detect Internet outages that may be caused by natural disasters or censorship.

This garbage traffic known as "Internet background radiation" could be an early warning indicator when parts of the Internet are not available, according Tom's Guide.
http://blogs.wsj.com/tech-europe/2012/03/12/internet-background-radiation-reveals-disasters-and-censorship/

Also see:

Analysis of Country-wide Internet Outages Caused by Censorship
In the first months of 2011, Internet communications were disrupted in several North African countries in response to civilian protests and threats of civil war. In this paper we analyze episodes of these disruptions in two countries: Egypt and Libya. Our analysis relies on multiple sources of large-scale data already available to academic researchers: BGP interdomain routing control plane data; unsolicited data plane traffic to unassigned address space; active macroscopic traceroute measurements; RIR delegation files; and MaxMind's geolocation database.

We used the latter two data sets to determine which IP address ranges were allocated to entities within each country, and then mapped these IP addresses of interest to BGP-announced address ranges (prefixes) and origin ASes using publicly available BGP data repositories in the U.S. and Europe. We then analyzed observable activity related to these sets of prefixes and ASes throughout the censorship episodes.

Using both control plane and data plane data sets in combination allowed us to narrow down which forms of Internet access disruption were implemented in a given region over time. Among other insights, we detected what we believe were Libya's attempts to test firewall-based blocking before they executed more aggressive BGP-based disconnection. Our methodology could be used, and automated, to detect outages or similar macroscopically disruptive events in other geographic or topological regions.
http://www.caida.org/publications/papers/2011/outages_censorship/

Read more now


Registrar Solutions