Identifying and modeling unwanted traffic on the Internet

Soto, Paul, M. Eng. Massachusetts Institute of Technology

Author(s)

Soto, Paul, M. Eng. Massachusetts Institute of Technology

DownloadFull printable version (27.59Mb)

Other Contributors

Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.

Advisor

Richard Lippmann.

Terms of use

M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

Accurate models of Internet traffic are important for successful testing of devices that provide network security. However, with the growth of the Internet. it has become increasingly difficult to develop and maintain accurate traffic models. While much internet traffic is legitimate, productive communications between users and services, a significant portion of Internet traffic is the result of unwanted messages sent to IP addresses without regard as to whether there is an active host at that address. In an effort to analyze unwanted traffic, tools were developed that generate statistics and plots on captured unwanted traffic to unused IP addresses. These tools were used on a four-day period of traffic received on an inactive IPv4 class A network address space. Each class B subnet in this address space received an average of 7 million packets corresponding to 21 packets per second. Analyses were performed on a range of class B and C subnets with the intent of discovering the types of variability that are characteristic of unwanted traffic. Traffic volume over time, number of scans, destinations ports, and traffic sources varied substantially across class B and C subnets.

(cont.) The results of the analyses, along with tools to replay traffic. allow security tools to be analyzed on the LARIAT network testbed. LARIAT is a real-time adaptable network testbed developed at Lincoln Laboratory that provides an Internet-like environment in which to test network hardware and software.

Description

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2006.

Includes bibliographical references (p. 61-62).

Date issued

2006

URI

http://hdl.handle.net/1721.1/37100

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Keywords

Electrical Engineering and Computer Science.

Collections

Graduate Theses