Uli Harder -- Abstract

Observations with a Small Network Telescope

In this talk I will report on observations made with a network telescope between 28 January 2005 and 5 March 2005 (Period 1) and 24 March 2005 and 13 May 2005 (Period 2). The telescope in use is a class C network. We analyse the incoming traffic and investigate its statistical properties. The incoming traffic shows that only a few IP sources and destination ports are responsible for the majority of the traffic. We also demonstrate various ways to visualise the observed traffic to identify portscans, hostscans and distributed denial of service attacks. Looking at the inter arrival time of packets, the power spectrum and the detrended fluctuation analysis of the observed traffic, we show that there is very little sign of long range dependence. This is in stark contrast to other network traffic.

