47 research outputs found
MikroTik Devices Landscape, Realistic Honeypots, and Automated Attack Classification
In 2018, several malware campaigns targeted and succeed to infect millions of low-cost routers (malwares e.g., VPN-Filter, Navidade, and SonarDNS). These routers were used, then, for all sort of cybercrimes: from DDoS attacks to ransomware. MikroTik routers are a peculiar example of low-cost routers. These routers are used to provide both last mile access to home users and are used in core network infrastructure. Half of the core routers used in one of the biggest Internet exchanges in the world are MikroTik devices. The problem is that vulnerable firmwares (RouterOS) used in homeusers houses are also used in core networks. In this paper, we are the first to quantify the problem that infecting MikroTik devices would pose to the Internet. Based on more than 4 TB of data, we reveal more than 4 million MikroTik devices in the world. Then, we propose an easy-to-deploy MikroTik honeypot and collect more than 17 millions packets, in 45 days, from sensors deployed in Australia, Brazil, China, India, Netherlands, and the United States. Finally, we use the collected data from our honeypots to automatically classify and assess attacks tailored to MikroTik devices. All our source-codes and analysis are publicly available. We believe that our honeypots and our findings in this paper foster security improvements in MikroTik devices worldwide
Characterising attacks targeting low-cost routers: a MikroTik case study (Extended)
Attacks targeting network infrastructure devices pose a threat to the
security of the internet. An attack targeting such devices can affect an entire
autonomous system. In recent years, malware such as VPNFilter, Navidade, and
SonarDNS has been used to compromise low-cost routers and commit all sorts of
cybercrimes from DDoS attacks to ransomware deployments. Routers of the type
concerned are used both to provide last-mile access for home users and to
manage interdomain routing (BGP). MikroTik is a particular brand of low-cost
router. In our previous research, we found more than 4 million MikroTik routers
available on the internet. We have shown that these devices are also popular in
Internet Exchange infrastructures. Despite their popularity, these devices are
known to have numerous vulnerabilities. In this paper, we extend our previous
analysis by presenting a long-term investigation of MikroTik-targeted attacks.
By using a highly interactive honeypot that we developed, we collected more
than 44 million packets over 120 days, from sensors deployed in Australia,
Brazil, China, India, the Netherlands, and the United States. The incoming
traffic was classified on the basis of Common Vulnerabilities and Exposures to
detect attacks targeting MikroTik devices. That enabled us to identify a wide
range of activities on the system, such as cryptocurrency mining, DNS server
redirection, and more than 3,000 successfully established tunnels used for
eavesdropping. Although this research focuses on Mikrotik devices, both the
methodology and the publicly available scripts can be easily applied to any
other type of network device
Tangled:A Cooperative Anycast Testbed
Anycast routing is an area of studies that has been attracting interest of
several researchers in recent years. Most anycast studies conducted in the past
relied on coarse measurement data, mainly due to the lack of infrastructure
where it is possible to test and collect data at same time. In this paper we
present Tangled, an anycast test environment where researchers can run
experiments and better understand the impacts of their proposals on a global
infrastructure connected to the Internet
Discutindo a educação ambiental no cotidiano escolar: desenvolvimento de projetos na escola formação inicial e continuada de professores
A presente pesquisa buscou discutir como a Educação Ambiental (EA) vem sendo trabalhada, no Ensino Fundamental e como os docentes desta escola compreendem e vem inserindo a EA no cotidiano escolar., em uma escola estadual do municĂpio de TangarĂĄ da Serra/MT, Brasil. Para tanto, realizou-se entrevistas com os professores que fazem parte de um projeto interdisciplinar de EA na escola pesquisada. Verificou-se que o projeto da escola nĂŁo vem conseguindo alcançar os objetivos propostos por: desconhecimento do mesmo, pelos professores; formação deficiente dos professores, nĂŁo entendimento da EA como processo de ensino-aprendizagem, falta de recursos didĂĄticos, planejamento inadequado das atividades. A partir dessa constatação, procurou-se debater a impossibilidade de tratar do tema fora do trabalho interdisciplinar, bem como, e principalmente, a importĂąncia de um estudo mais aprofundado de EA, vinculando teoria e prĂĄtica, tanto na formação docente, como em projetos escolares, a fim de fugir do tradicional vĂnculo âEA e ecologia, lixo e hortaâ.Facultad de Humanidades y Ciencias de la EducaciĂł
Characterising attacks targeting low-cost routers: a MikroTik case study (Extended)
Attacks targeting network infrastructure devices pose a threat to the security of the internet. An attack targeting such devices can affect an entire autonomous system. In recent years, malware such as VPNFilter, Navidade, and SonarDNS has been used to compromise low-cost routers and commit all sorts of cybercrimes from DDoS attacks to ransomware deployments. Routers of the type concerned are used both to provide last-mile access for home users and to manage interdomain routing (BGP). MikroTik is a particular brand of low-cost router. In our previous research, we found more than 4 million MikroTik routers available on the internet. We have shown that these devices are also popular in Internet Exchange infrastructures. Despite their popularity, these devices are known to have numerous vulnerabilities. In this paper, we extend our previous analysis by presenting a long-term investigation of MikroTik-targeted attacks. By using a highly interactive honeypot that we developed, we collected more than 44 million packets over 120 days, from sensors deployed in Australia, Brazil, China, India, the Netherlands, and the United States. The incoming traffic was classified on the basis of Common Vulnerabilities and Exposures to detect attacks targeting MikroTik devices. That enabled us to identify a wide range of activities on the system, such as cryptocurrency mining, DNS server redirection, and more than 3,000 successfully established tunnels used for eavesdropping. Although this research focuses on Mikrotik devices, both the methodology and the publicly available scripts can be easily applied to any other type of network device
Recommended from our members
Methanol and Isoprene Emissions from the Fast Growing Tropical Pioneer Species Vismia guianensis (Aubl.) Pers. (Hypericaceae) in the central Amazon Forest
Abstract. Isoprene (Is) emissions by plants represent a loss of carbon and energy resources leading to the initial hypothesis that fast growing pioneer species in secondary tropical forests allocate carbon primarily to growth at the expense of isoprenoid defenses. In this study, we quantified leaf isoprene and methanol emissions from the abundant pantropical pioneer tree species Vismia guianensis and ambient isoprene concentrations above a diverse secondary forest in the central Amazon. As photosynthetically active radiation (PAR) was varied (0 to 3,000 ”mol mâ2 sâ1) under standard leaf temperature (30 °C), isoprene emissions from V. guianensis increased without saturation up to 80 nmol mâ2 sâ1. A non-linear increase in isoprene emissions with respect to net photosynthesis (Pn) resulted with the fraction of Pn dedicated to isoprene emissions increasing with light intensity (up to 2 % of Pn). Emission responses to temperature under standard light conditions (PAR of 1,000 ”mol mâ2 sâ1) resulted in the classic uncoupling of isoprene emissions (Topt,iso > 40 ÂșC) from net photosynthesis (Topt, Pn = 30.0â32.5 °C) with up to 7 % of Pn emitted as isoprene at 40 °C. Under standard environmental conditions of PAR and leaf temperature, young V. guianensis leaves showed high methanol emissions, low Pn, and low isoprene emissions. In contrast, mature leaves showed high Pn, high isoprene emissions, and low methanol emissions, highlighting the differential control of leaf phenology over methanol and isoprene emissions. High daytime ambient isoprene concentrations (11 ppbv) were observed above a secondary Amazon rainforest suggesting that isoprene emissions are common among neotropical pioneer species. The results are not consistent with the initial hypothesis and support a functional role of methanol during leaf expansion and the establishment of photosynthetic machinery, and a protective role of isoprene for photosynthesis during high temperature extremes regularly experienced in secondary rainforest ecosystems
Fast Track Algorithm: How To Differentiate A âScleroderma Patternâ From A âNon-Scleroderma Patternâ
Objectives: This study was designed to propose a simple âFast Track algorithmâ for capillaroscopists of any level of experience to differentiate âscleroderma patternsâ from ânon-scleroderma patternsâ on capillaroscopy and to assess its inter-rater reliability. Methods: Based on existing definitions to categorise capillaroscopic images as âscleroderma patternsâ and taking into account the real life variability of capillaroscopic images described standardly according to the European League Against Rheumatism (EULAR) Study Group on Microcirculation in Rheumatic Diseases, a fast track decision tree, the âFast Track algorithmâ was created by the principal expert (VS) to facilitate swift categorisation of an image as ânon-scleroderma pattern (category 1)â or âscleroderma pattern (category 2)â. Mean inter-rater reliability between all raters (experts/attendees) of the 8th EULAR course on capillaroscopy in Rheumatic Diseases (Genoa, 2018) and, as external validation, of the 8th European Scleroderma Trials and Research group (EUSTAR) course on systemic sclerosis (SSc) (Nijmegen, 2019) versus the principal expert, as well as reliability between the rater pairs themselves was assessed by mean Cohen's and Light's kappa coefficients. Results: Mean Cohen's kappa was 1/0.96 (95% CI 0.95-0.98) for the 6 experts/135 attendees of the 8th EULAR capillaroscopy course and 1/0.94 (95% CI 0.92-0.96) for the 3 experts/85 attendees of the 8th EUSTAR SSc course. Light's kappa was 1/0.92 at the 8th EULAR capillaroscopy course, and 1/0.87 at the 8th EUSTAR SSc course. C Conclusion: For the first time, a clinical expert based fast track decision algorithm has been developed to differentiate a ânon-sclerodermaâ from a âscleroderma patternâ on capillaroscopic images, demonstrating excellent reliability when applied by capillaroscopists with varying levels of expertise versus the principal expert and corroborated with external validation.Wo