Dataplane.org Newsletter

Dataplane.org Newsletter focuses on providing insights into internet infrastructure monitoring, security, and operational practices through data analysis and sensor networks. It covers topics like IPv6 adoption, DNS queries, RPKI measurement, SSH activity, sensor strategy, spoofing techniques, organizational updates, and internet censorship monitoring. It emphasizes collaboration with academia and operational challenges.

Internet Infrastructure Network Security Data Analysis Operational Practices IPv6 Adoption DNS Queries RPKI Measurement SSH Activity Spoofing Techniques Organizational Updates Internet Censorship Monitoring Academic Collaboration

The hottest Substack posts of Dataplane.org Newsletter

And their main takeaways

Destination-Adjacent Source Address Spoofing

1 HN point 05 Mar 24
🕹 Technology Cybersecurity Data Analysis Internet Research Networks
  1. A new technique called Destination-Adjacent Source Address Spoofing (DASA) was observed where source IP addresses were faked to a neighbor address of the target, potentially for unique Internet surveying or experimental purposes.
  2. The DASA spoofed addresses were noticed in DNS queries, showing unusual patterns like using IPv4 addresses in hex format and inconsistent query domains over time.
  3. Through Source Address Spoofing Triangulation, attempts were made to pinpoint the true origin of the spoofed packets, suspecting an academic institution in China, showing the potential to uncover interesting insights using network intelligence.

Black Friday, Hosting Providers and IPv6

19 implied HN points 07 Nov 22
🕹 Technology Data Analysis Cybersecurity
  1. Black Friday is a good time to look for discounted server hosting plans, but this year's deals might be limited due to economic factors.
  2. IPv6 availability from hosting providers is widespread, but there is inconsistency in how it is provisioned and managed, affecting operational practices.
  3. Dataplane.org is expanding its network of sensor systems and vantage points, exploring active measurement probes with a focus on both IPv4 and IPv6 connectivity.

Sensors, Anomalies, and RPKI Refresh

19 implied HN points 03 Oct 22
🕹 Technology Data Analysis
  1. Dataplane.org has over 300 sensors in operation across 6 continents, providing valuable data from a wide range of networks.
  2. Unexpected anomalies like DNS query spikes can provide insight into network behavior and the importance of understanding data context.
  3. Dataplane.org plans to rebuild their RPKI setup due to ongoing issues caused by a previous experiment, aiming for simpler, more reliable monitoring in the future.

Aging Relying Party Clients

19 implied HN points 04 May 22
🕹 Technology Data Analysis Web Development
  1. Outdated RPKI relying party clients can pose operational risks as software support ends. Monitoring software versions is crucial for security.
  2. Analysis revealed varying levels of outdated RPs among different client implementations. Routinator showed significant outdated usage.
  3. Dataplane.org is updating web pages, managing finances, and improving technical capacity, with a focus on tax preparation and back-end services.

Sensor Strategy, Monitoring Platforms

19 implied HN points 04 Apr 22
🕹 Technology Platforms Infrastructure Networks Monitoring
  1. Sensor nodes monitor internet activity and contribute to data collection without generating traffic, resembling a mix of darknet collector and honeypot.
  2. Choosing hosting providers involves factors like unique origin, support for secure payment methods, provider reputation, and fraud detection practices.
  3. Monitoring platforms like Censored Planet, NLNOG Ring, OONI, and RIPE Atlas offer unique approaches to internet censorship measurement through distributed systems.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

API Preview and Signal Stats

19 implied HN points 07 Mar 22
🕹 Technology API Statistics Infrastructure Funding Data
  1. The API Preview allows users to search data with a subset of current data and provides documentation for various queries and returns.
  2. The Signal Statistics page offers graphical insight into daily event summaries, aiding both the organization and the community.
  3. The commentary on UA and RU signals highlights the organization's operational status in these regions amidst recent events, emphasizing the importance of monitoring and preparedness.

DNS and IPv6 Signals

19 implied HN points 07 Feb 22
🕹 Technology
  1. Unsolicited DNS queries often don't pose a threat, with approximately 66% of queries being spoofed.
  2. IPv6 traffic is significantly lower than IPv4, making it less interesting to explore further.
  3. Dataplane.org is transitioning towards not-for-profit status and inviting members to a Slack workspace for communication.

RPKI measurement & a SSH mystery

19 implied HN points 03 Jan 22
🕹 Technology Security Data Analysis Software
  1. Dataplane.org is actively involved in RPKI RP measurement work since May 2021, tracking synchronization data and software usage diversity in RPKI relying parties.
  2. A significant and unexplained drop in SSH activity globally was observed in early October 2021, particularly affecting users of 'libssh', possibly due to a new SSH worm infection.
  3. Dataplane.org introduced a new signal data named sshidpw, providing daily reports of SSH id/password pairs seen in authentication attempts, proving beneficial for system admins and researchers.

hello, world

19 implied HN points 29 Nov 21
🕹 Technology Data Analysis Web Development
  1. Dataplane.org, a platform for providing data feeds on internet activity, has gained recognition in the security community for its reliability.
  2. Dataplane.org is evolving from a personal project to a more formal organization with potential revenue streams to support growth.
  3. Future plans for Dataplane.org include website redesign, creating a search API, and expanding the types of data covered.

Dataplane.org 2024 Q1 Newsletter

0 implied HN points 26 Mar 24
🕹 Technology Research Data Analysis
  1. Dataplane.org now recommends a minimum donation of $1000 per year for commercial users of their Signal data feeds to cover costs and fund their non-profit mission.
  2. Despite challenges with source address spoofing, Dataplane.org chooses to make certain data feeds available for network intelligence purposes while protecting against misuse.
  3. Dataplane.org emphasizes research collaboration with academia, supporting projects evaluating internet sanctions and providing resources for academic measurement research.

501(c)(3), RU nodes, and ISATAP DNS

0 implied HN points 03 Aug 22
🕹 Technology Cybersecurity Data Analysis
  1. Dataplane.org has been accepted as a U.S. federally recognized not-for-profit organization, allowing them to accept donations to improve Internet infrastructure operations.
  2. They are deliberating on whether to continue funding Russian hosting providers due to ethical considerations, seeking legal counsel before making a decision.
  3. Insights into ISATAP DNS queries reveal patterns in network traffic, resolver behaviors, and DNSSEC deployment, shedding light on Internet DNS subsystem.

Come meet us at CHI-NOG 10!

0 implied HN points 06 Sep 22
🕹 Technology Web Development Website Design Data Analysis
  1. Dataplane.org's founders will be speaking at CHI-NOG 10 on October 10th, 2022, presenting on building infrastructure and measurement.
  2. TELNET signal data from Dataplane is highly valued within the internet community for its uniqueness and accuracy, motivating continued efforts.
  3. Using low-end hosting providers has proven cost-effective for Dataplane, although it entails challenges like frequent IP address changes and potential provider inconsistencies.

RPKI repo status, IP Readdressing and Mastodon

0 implied HN points 06 Dec 22
🕹 Technology Legal Compliance
  1. Dataplane.org provides a weekly summary of major Internet infrastructure events
  2. Monitoring of the RPKI publication point has been widely cited and underwent stability issues
  3. IP readdressing events are common, especially with smaller hosting providers, but have minimal impact on operations

Dataplane.org 2023 Q4 Newsletter

0 implied HN points 04 Jan 24
🕹 Technology Infrastructure Cybersecurity Data Analysis Networks Internet
  1. In 2023, Dataplane.org accomplished infrastructure migration to 3rd party data centers, expanded their network to over 500 vantage points, and introduced new feeds like the DNS type/name signals feed.
  2. An analysis of SSH authentication attempts in 2023 showed a range of unique password attempts, with the top passwords including '123456', 'password', 'admin', 'root', and more.
  3. Despite the Apache Struts vulnerability disclosure, Dataplane.org observed little activity related to Struts exploits on their sensors, indicating potential insights about the threat landscape.

Dataplane.org 2022 Year In Review

0 implied HN points 04 Apr 23
🕹 Technology Data Analysis Network Security Internet Trends Cybersecurity Data Collection
  1. Dataplane.org reflected on 2022 to analyze what went well, improved the website, moved social presence to Mastodon, and boosted backend infrastructure.
  2. Insights from DNS queries revealed top unsolicited queries like www.google.com and common passwords like '123456'.
  3. Dataplane.org is preparing a public archive, planning for tax season, and welcoming donations for continuous availability of Signals data.

Dataplane.org 2023 Q3 Newsletter

0 implied HN points 02 Oct 23
🕹 Technology Data Analysis
  1. Dataplane.org introduces a new Signal called `dnstypename` which provides insights from unsolicited DNS queries seen globally.
  2. SMTP Insights from Dataplane.org cover data on IP addresses sending unsolicited SMTP commands, including HELO/EHLO arguments and top `mail FROM:` entries.
  3. Dataplane.org shares organizational updates including adjustments to footprint, migration of backend services, increasing sensor scaling, and projects like RPKI monitoring enhancements and anycast sinkhole deployment.