MikroTik Devices Landscape, Realistic Honeypots, and Automated Attack Classification

In 2018, several malware campaigns targeted and succeed to infect millions of low-cost routers (malwares e.g., VPN-Filter, Navidade, and SonarDNS). These routers were used, then, for all sort of cybercrimes: from DDoS attacks to ransomware. MikroTik routers are a peculiar example of low-cost routers. These routers are used to provide both last mile access to home users and are used in core network infrastructure. Half of the core routers used in one of the biggest Internet exchanges in the world are MikroTik devices. The problem is that vulnerable firmwares (RouterOS) used in homeusers houses are also used in core networks. In this paper, we are the first to quantify the problem that infecting MikroTik devices would pose to the Internet. Based on more than 4 TB of data, we reveal more than 4 million MikroTik devices in the world. Then, we propose an easy-to-deploy MikroTik honeypot and collect more than 17 millions packets, in 45 days, from sensors deployed in Australia, Brazil, China, India, Netherlands, and the United States. Finally, we use the collected data from our honeypots to automatically classify and assess attacks tailored to MikroTik devices. All our source-codes and analysis are publicly available. We believe that our honeypots and our findings in this paper foster security improvements in MikroTik devices worldwide

Characterising attacks targeting low-cost routers: a MikroTik case study (Extended)

Attacks targeting network infrastructure devices pose a threat to the security of the internet. An attack targeting such devices can affect an entire autonomous system. In recent years, malware such as VPNFilter, Navidade, and SonarDNS has been used to compromise low-cost routers and commit all sorts of cybercrimes from DDoS attacks to ransomware deployments. Routers of the type concerned are used both to provide last-mile access for home users and to manage interdomain routing (BGP). MikroTik is a particular brand of low-cost router. In our previous research, we found more than 4 million MikroTik routers available on the internet. We have shown that these devices are also popular in Internet Exchange infrastructures. Despite their popularity, these devices are known to have numerous vulnerabilities. In this paper, we extend our previous analysis by presenting a long-term investigation of MikroTik-targeted attacks. By using a highly interactive honeypot that we developed, we collected more than 44 million packets over 120 days, from sensors deployed in Australia, Brazil, China, India, the Netherlands, and the United States. The incoming traffic was classified on the basis of Common Vulnerabilities and Exposures to detect attacks targeting MikroTik devices. That enabled us to identify a wide range of activities on the system, such as cryptocurrency mining, DNS server redirection, and more than 3,000 successfully established tunnels used for eavesdropping. Although this research focuses on Mikrotik devices, both the methodology and the publicly available scripts can be easily applied to any other type of network device

Tangled:A Cooperative Anycast Testbed

Anycast routing is an area of studies that has been attracting interest of several researchers in recent years. Most anycast studies conducted in the past relied on coarse measurement data, mainly due to the lack of infrastructure where it is possible to test and collect data at same time. In this paper we present Tangled, an anycast test environment where researchers can run experiments and better understand the impacts of their proposals on a global infrastructure connected to the Internet

Discutindo a educação ambiental no cotidiano escolar: desenvolvimento de projetos na escola formação inicial e continuada de professores

A presente pesquisa buscou discutir como a Educação Ambiental (EA) vem sendo trabalhada, no Ensino Fundamental e como os docentes desta escola compreendem e vem inserindo a EA no cotidiano escolar., em uma escola estadual do município de Tangará da Serra/MT, Brasil. Para tanto, realizou-se entrevistas com os professores que fazem parte de um projeto interdisciplinar de EA na escola pesquisada. Verificou-se que o projeto da escola não vem conseguindo alcançar os objetivos propostos por: desconhecimento do mesmo, pelos professores; formação deficiente dos professores, não entendimento da EA como processo de ensino-aprendizagem, falta de recursos didáticos, planejamento inadequado das atividades. A partir dessa constatação, procurou-se debater a impossibilidade de tratar do tema fora do trabalho interdisciplinar, bem como, e principalmente, a importância de um estudo mais aprofundado de EA, vinculando teoria e prática, tanto na formação docente, como em projetos escolares, a fim de fugir do tradicional vínculo “EA e ecologia, lixo e horta”.Facultad de Humanidades y Ciencias de la Educació

Characterising attacks targeting low-cost routers: a MikroTik case study (Extended)

Attacks targeting network infrastructure devices pose a threat to the security of the internet. An attack targeting such devices can affect an entire autonomous system. In recent years, malware such as VPNFilter, Navidade, and SonarDNS has been used to compromise low-cost routers and commit all sorts of cybercrimes from DDoS attacks to ransomware deployments. Routers of the type concerned are used both to provide last-mile access for home users and to manage interdomain routing (BGP). MikroTik is a particular brand of low-cost router. In our previous research, we found more than 4 million MikroTik routers available on the internet. We have shown that these devices are also popular in Internet Exchange infrastructures. Despite their popularity, these devices are known to have numerous vulnerabilities. In this paper, we extend our previous analysis by presenting a long-term investigation of MikroTik-targeted attacks. By using a highly interactive honeypot that we developed, we collected more than 44 million packets over 120 days, from sensors deployed in Australia, Brazil, China, India, the Netherlands, and the United States. The incoming traffic was classified on the basis of Common Vulnerabilities and Exposures to detect attacks targeting MikroTik devices. That enabled us to identify a wide range of activities on the system, such as cryptocurrency mining, DNS server redirection, and more than 3,000 successfully established tunnels used for eavesdropping. Although this research focuses on Mikrotik devices, both the methodology and the publicly available scripts can be easily applied to any other type of network device

Methanol and Isoprene Emissions from the Fast Growing Tropical Pioneer Species Vismia guianensis (Aubl.) Pers. (Hypericaceae) in the central Amazon Forest

Abstract. Isoprene (Is) emissions by plants represent a loss of carbon and energy resources leading to the initial hypothesis that fast growing pioneer species in secondary tropical forests allocate carbon primarily to growth at the expense of isoprenoid defenses. In this study, we quantified leaf isoprene and methanol emissions from the abundant pantropical pioneer tree species Vismia guianensis and ambient isoprene concentrations above a diverse secondary forest in the central Amazon. As photosynthetically active radiation (PAR) was varied (0 to 3,000 µmol m−2 s−1) under standard leaf temperature (30 °C), isoprene emissions from V. guianensis increased without saturation up to 80 nmol m−2 s−1. A non-linear increase in isoprene emissions with respect to net photosynthesis (Pn) resulted with the fraction of Pn dedicated to isoprene emissions increasing with light intensity (up to 2 % of Pn). Emission responses to temperature under standard light conditions (PAR of 1,000 µmol m−2 s−1) resulted in the classic uncoupling of isoprene emissions (Topt,iso > 40 ºC) from net photosynthesis (Topt, Pn = 30.0–32.5 °C) with up to 7 % of Pn emitted as isoprene at 40 °C. Under standard environmental conditions of PAR and leaf temperature, young V. guianensis leaves showed high methanol emissions, low Pn, and low isoprene emissions. In contrast, mature leaves showed high Pn, high isoprene emissions, and low methanol emissions, highlighting the differential control of leaf phenology over methanol and isoprene emissions. High daytime ambient isoprene concentrations (11 ppbv) were observed above a secondary Amazon rainforest suggesting that isoprene emissions are common among neotropical pioneer species. The results are not consistent with the initial hypothesis and support a functional role of methanol during leaf expansion and the establishment of photosynthetic machinery, and a protective role of isoprene for photosynthesis during high temperature extremes regularly experienced in secondary rainforest ecosystems

Fast Track Algorithm: How To Differentiate A “Scleroderma Pattern” From A “Non-Scleroderma Pattern”

Objectives: This study was designed to propose a simple “Fast Track algorithm” for capillaroscopists of any level of experience to differentiate “scleroderma patterns” from “non-scleroderma patterns” on capillaroscopy and to assess its inter-rater reliability. Methods: Based on existing definitions to categorise capillaroscopic images as “scleroderma patterns” and taking into account the real life variability of capillaroscopic images described standardly according to the European League Against Rheumatism (EULAR) Study Group on Microcirculation in Rheumatic Diseases, a fast track decision tree, the “Fast Track algorithm” was created by the principal expert (VS) to facilitate swift categorisation of an image as “non-scleroderma pattern (category 1)” or “scleroderma pattern (category 2)”. Mean inter-rater reliability between all raters (experts/attendees) of the 8th EULAR course on capillaroscopy in Rheumatic Diseases (Genoa, 2018) and, as external validation, of the 8th European Scleroderma Trials and Research group (EUSTAR) course on systemic sclerosis (SSc) (Nijmegen, 2019) versus the principal expert, as well as reliability between the rater pairs themselves was assessed by mean Cohen's and Light's kappa coefficients. Results: Mean Cohen's kappa was 1/0.96 (95% CI 0.95-0.98) for the 6 experts/135 attendees of the 8th EULAR capillaroscopy course and 1/0.94 (95% CI 0.92-0.96) for the 3 experts/85 attendees of the 8th EUSTAR SSc course. Light's kappa was 1/0.92 at the 8th EULAR capillaroscopy course, and 1/0.87 at the 8th EUSTAR SSc course. C Conclusion: For the first time, a clinical expert based fast track decision algorithm has been developed to differentiate a “non-scleroderma” from a “scleroderma pattern” on capillaroscopic images, demonstrating excellent reliability when applied by capillaroscopists with varying levels of expertise versus the principal expert and corroborated with external validation.Wo