Backbone Network Security Visibility In Practice

Backbone Network Security Visibility In Practice

Threat Intelligence is extremely hot in the latest 2 years, meanwhile Threat Visibility is the first step to talk Threat Intelligence.

Our team is focused on collecting, processing, storage, analysis the security related basic data, in hope of sweeping away the dark corner of the internat and seeing more.

Now, we run the Chinese biggest public available PassiveDNS database (passivedns.cn), and the Global DDoS Attack Detection System (ddosmon.net) based on backbone network, meanwhile the Global Scanner Tracking System is expected to follow soon.

This talk will cover the following questions:

  1. Intro - Monitor backbone network, Why and How
  2. How we dealing with ""BIIIIIG Data"" in real-time
  3. What Processing Module we use and what data feature matters
  4. What can we get from backbone network monitor a. All kinds of scanner: SYN scan/ UDP scan/ HTTP banner scan/ Subdomain scan (brute-force) ... b. All kinds of attacks: SYN flood/ Amplification attack/ DNS flood/ HTTP flood(CC)/ Random sub domain attack ... c. Profile!
  5. Cases
  6. In Addition: a. MO b. Side indicator c. Partial data d. Effect of GFW e. Integration of third-party Data

Presented by