D4
/
architecture
mirror of https://github.com/D4-project/architecture
2
0
Fork 0
Code Issues Releases Wiki Activity

add: [doc] gave example of unique IP addresses sending backscatter

master
Gerard Wagener 2019-03-28 09:46:41 +01:00
parent 548cae23f3
commit 69138603e1
2 changed files with 234 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/workshop/1-passsive-ddos/d4-passive-ddos.tex
View File

@ -116,6 +116,12 @@ Fill up state connection state table of the victim
\end{center}
\end{frame}
\begin{frame}
\frametitle{IP distribution sending backscatter traffic}
\begin{center}
\scalebox{0.9}{\input{uips.tex}}
\end{center}
\end{frame}
\begin{frame}
\frametitle{Observing SYN floods attacks in backscatter traffic}
Plotting TCP acknowledgement numbers

228
docs/workshop/1-passsive-ddos/uips.tex Normal file
View File

@ -0,0 +1,228 @@
% GNUPLOT: LaTeX picture
\setlength{\unitlength}{0.240900pt}
\ifx\plotpoint\undefined\newsavebox{\plotpoint}\fi
\sbox{\plotpoint}{\rule[-0.200pt]{0.400pt}{0.400pt}}%
\begin{picture}(1500,900)(0,0)
\sbox{\plotpoint}{\rule[-0.200pt]{0.400pt}{0.400pt}}%
\put(191.0,190.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\put(191.0,190.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(171,190){\makebox(0,0)[r]{$30000$}}
\put(1419.0,190.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(191.0,274.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\put(191.0,274.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(171,274){\makebox(0,0)[r]{$32000$}}
\put(1419.0,274.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(191.0,357.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\put(191.0,357.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(171,357){\makebox(0,0)[r]{$34000$}}
\put(1419.0,357.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(191.0,441.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\put(191.0,441.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(171,441){\makebox(0,0)[r]{$36000$}}
\put(1419.0,441.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(191.0,525.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\put(191.0,525.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(171,525){\makebox(0,0)[r]{$38000$}}
\put(1419.0,525.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(191.0,609.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\put(191.0,609.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(171,609){\makebox(0,0)[r]{$40000$}}
\put(1419.0,609.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(191.0,692.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\put(191.0,692.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(171,692){\makebox(0,0)[r]{$42000$}}
\put(1419.0,692.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(191.0,776.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\put(191.0,776.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(171,776){\makebox(0,0)[r]{$44000$}}
\put(1419.0,776.0){\rule[-0.200pt]{4.818pt}{0.400pt}}
\put(223.0,190.0){\rule[-0.200pt]{0.400pt}{2.409pt}}
\put(337.0,190.0){\rule[-0.200pt]{0.400pt}{141.167pt}}
\put(337,170){\makebox(0,0)[l]{01/10}}
\put(337.0,190.0){\rule[-0.200pt]{0.400pt}{4.818pt}}
\put(450.0,190.0){\rule[-0.200pt]{0.400pt}{2.409pt}}
\put(564.0,190.0){\rule[-0.200pt]{0.400pt}{141.167pt}}
\put(564,170){\makebox(0,0)[l]{01/24}}
\put(564.0,190.0){\rule[-0.200pt]{0.400pt}{4.818pt}}
\put(677.0,190.0){\rule[-0.200pt]{0.400pt}{2.409pt}}
\put(791.0,190.0){\rule[-0.200pt]{0.400pt}{141.167pt}}
\put(791,170){\makebox(0,0)[l]{02/07}}
\put(791.0,190.0){\rule[-0.200pt]{0.400pt}{4.818pt}}
\put(904.0,190.0){\rule[-0.200pt]{0.400pt}{2.409pt}}
\put(1018.0,190.0){\rule[-0.200pt]{0.400pt}{141.167pt}}
\put(1018,170){\makebox(0,0)[l]{02/21}}
\put(1018.0,190.0){\rule[-0.200pt]{0.400pt}{4.818pt}}
\put(1131.0,190.0){\rule[-0.200pt]{0.400pt}{2.409pt}}
\put(1245.0,190.0){\rule[-0.200pt]{0.400pt}{141.167pt}}
\put(1245,170){\makebox(0,0)[l]{03/07}}
\put(1245.0,190.0){\rule[-0.200pt]{0.400pt}{4.818pt}}
\put(1358.0,190.0){\rule[-0.200pt]{0.400pt}{2.409pt}}
\put(191.0,190.0){\rule[-0.200pt]{0.400pt}{141.167pt}}
\put(191.0,190.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\put(1439.0,190.0){\rule[-0.200pt]{0.400pt}{141.167pt}}
\put(191.0,776.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\put(222,747){\makebox(0,0)[l]{https://www.circl.lu/}}
\put(30,483){\makebox(0,0){\rotatebox{90}{Number of unique IPs}}}
\put(815,29){\makebox(0,0){date (month / day)}}
\put(815,838){\makebox(0,0){Unique IPs having sent at least 10 packets}}
\put(191,287){\usebox{\plotpoint}}
\multiput(191.58,287.00)(0.494,0.657){29}{\rule{0.119pt}{0.625pt}}
\multiput(190.17,287.00)(16.000,19.703){2}{\rule{0.400pt}{0.313pt}}
\multiput(207.58,303.85)(0.494,-1.137){29}{\rule{0.119pt}{1.000pt}}
\multiput(206.17,305.92)(16.000,-33.924){2}{\rule{0.400pt}{0.500pt}}
\multiput(223.58,265.24)(0.495,-1.941){31}{\rule{0.119pt}{1.629pt}}
\multiput(222.17,268.62)(17.000,-61.618){2}{\rule{0.400pt}{0.815pt}}
\multiput(240.58,207.00)(0.494,4.818){29}{\rule{0.119pt}{3.875pt}}
\multiput(239.17,207.00)(16.000,142.957){2}{\rule{0.400pt}{1.938pt}}
\multiput(256.00,356.92)(0.732,-0.492){19}{\rule{0.682pt}{0.118pt}}
\multiput(256.00,357.17)(14.585,-11.000){2}{\rule{0.341pt}{0.400pt}}
\multiput(272.58,343.47)(0.494,-0.945){29}{\rule{0.119pt}{0.850pt}}
\multiput(271.17,345.24)(16.000,-28.236){2}{\rule{0.400pt}{0.425pt}}
\multiput(288.00,317.59)(1.395,0.482){9}{\rule{1.167pt}{0.116pt}}
\multiput(288.00,316.17)(13.579,6.000){2}{\rule{0.583pt}{0.400pt}}
\multiput(304.58,320.83)(0.495,-0.528){31}{\rule{0.119pt}{0.524pt}}
\multiput(303.17,321.91)(17.000,-16.913){2}{\rule{0.400pt}{0.262pt}}
\multiput(321.58,305.00)(0.494,0.977){29}{\rule{0.119pt}{0.875pt}}
\multiput(320.17,305.00)(16.000,29.184){2}{\rule{0.400pt}{0.438pt}}
\multiput(337.58,330.08)(0.494,-1.682){29}{\rule{0.119pt}{1.425pt}}
\multiput(336.17,333.04)(16.000,-50.042){2}{\rule{0.400pt}{0.713pt}}
\multiput(353.58,283.00)(0.494,3.378){29}{\rule{0.119pt}{2.750pt}}
\multiput(352.17,283.00)(16.000,100.292){2}{\rule{0.400pt}{1.375pt}}
\multiput(369.58,382.15)(0.494,-1.970){29}{\rule{0.119pt}{1.650pt}}
\multiput(368.17,385.58)(16.000,-58.575){2}{\rule{0.400pt}{0.825pt}}
\multiput(385.58,319.65)(0.495,-2.122){31}{\rule{0.119pt}{1.771pt}}
\multiput(384.17,323.33)(17.000,-67.325){2}{\rule{0.400pt}{0.885pt}}
\multiput(402.58,256.00)(0.494,1.458){29}{\rule{0.119pt}{1.250pt}}
\multiput(401.17,256.00)(16.000,43.406){2}{\rule{0.400pt}{0.625pt}}
\put(418,301.67){\rule{3.854pt}{0.400pt}}
\multiput(418.00,301.17)(8.000,1.000){2}{\rule{1.927pt}{0.400pt}}
\multiput(434.58,296.25)(0.494,-1.938){29}{\rule{0.119pt}{1.625pt}}
\multiput(433.17,299.63)(16.000,-57.627){2}{\rule{0.400pt}{0.813pt}}
\multiput(450.58,242.00)(0.495,2.332){31}{\rule{0.119pt}{1.935pt}}
\multiput(449.17,242.00)(17.000,73.983){2}{\rule{0.400pt}{0.968pt}}
\multiput(467.58,320.00)(0.494,1.618){29}{\rule{0.119pt}{1.375pt}}
\multiput(466.17,320.00)(16.000,48.146){2}{\rule{0.400pt}{0.688pt}}
\multiput(483.58,363.94)(0.494,-2.034){29}{\rule{0.119pt}{1.700pt}}
\multiput(482.17,367.47)(16.000,-60.472){2}{\rule{0.400pt}{0.850pt}}
\multiput(499.58,304.72)(0.494,-0.561){29}{\rule{0.119pt}{0.550pt}}
\multiput(498.17,305.86)(16.000,-16.858){2}{\rule{0.400pt}{0.275pt}}
\multiput(515.58,285.37)(0.494,-0.977){29}{\rule{0.119pt}{0.875pt}}
\multiput(514.17,287.18)(16.000,-29.184){2}{\rule{0.400pt}{0.438pt}}
\multiput(531.58,258.00)(0.495,1.881){31}{\rule{0.119pt}{1.582pt}}
\multiput(530.17,258.00)(17.000,59.716){2}{\rule{0.400pt}{0.791pt}}
\multiput(548.58,313.63)(0.494,-2.130){29}{\rule{0.119pt}{1.775pt}}
\multiput(547.17,317.32)(16.000,-63.316){2}{\rule{0.400pt}{0.888pt}}
\multiput(564.58,254.00)(0.494,1.009){29}{\rule{0.119pt}{0.900pt}}
\multiput(563.17,254.00)(16.000,30.132){2}{\rule{0.400pt}{0.450pt}}
\multiput(580.58,286.00)(0.494,1.137){29}{\rule{0.119pt}{1.000pt}}
\multiput(579.17,286.00)(16.000,33.924){2}{\rule{0.400pt}{0.500pt}}
\multiput(596.58,319.82)(0.494,-0.529){29}{\rule{0.119pt}{0.525pt}}
\multiput(595.17,320.91)(16.000,-15.910){2}{\rule{0.400pt}{0.263pt}}
\multiput(612.58,305.00)(0.495,1.219){31}{\rule{0.119pt}{1.065pt}}
\multiput(611.17,305.00)(17.000,38.790){2}{\rule{0.400pt}{0.532pt}}
\multiput(629.58,346.00)(0.494,0.785){29}{\rule{0.119pt}{0.725pt}}
\multiput(628.17,346.00)(16.000,23.495){2}{\rule{0.400pt}{0.363pt}}
\multiput(645.58,367.37)(0.494,-0.977){29}{\rule{0.119pt}{0.875pt}}
\multiput(644.17,369.18)(16.000,-29.184){2}{\rule{0.400pt}{0.438pt}}
\multiput(661.58,337.20)(0.494,-0.721){29}{\rule{0.119pt}{0.675pt}}
\multiput(660.17,338.60)(16.000,-21.599){2}{\rule{0.400pt}{0.338pt}}
\multiput(677.58,317.00)(0.494,1.330){29}{\rule{0.119pt}{1.150pt}}
\multiput(676.17,317.00)(16.000,39.613){2}{\rule{0.400pt}{0.575pt}}
\multiput(693.58,359.00)(0.495,2.693){31}{\rule{0.119pt}{2.218pt}}
\multiput(692.17,359.00)(17.000,85.397){2}{\rule{0.400pt}{1.109pt}}
\multiput(710.58,441.32)(0.494,-2.226){29}{\rule{0.119pt}{1.850pt}}
\multiput(709.17,445.16)(16.000,-66.160){2}{\rule{0.400pt}{0.925pt}}
\multiput(726.58,369.04)(0.494,-2.930){29}{\rule{0.119pt}{2.400pt}}
\multiput(725.17,374.02)(16.000,-87.019){2}{\rule{0.400pt}{1.200pt}}
\multiput(742.00,287.58)(0.808,0.491){17}{\rule{0.740pt}{0.118pt}}
\multiput(742.00,286.17)(14.464,10.000){2}{\rule{0.370pt}{0.400pt}}
\multiput(758.58,297.00)(0.494,1.458){29}{\rule{0.119pt}{1.250pt}}
\multiput(757.17,297.00)(16.000,43.406){2}{\rule{0.400pt}{0.625pt}}
\multiput(774.00,341.92)(0.779,-0.492){19}{\rule{0.718pt}{0.118pt}}
\multiput(774.00,342.17)(15.509,-11.000){2}{\rule{0.359pt}{0.400pt}}
\multiput(791.00,330.92)(0.669,-0.492){21}{\rule{0.633pt}{0.119pt}}
\multiput(791.00,331.17)(14.685,-12.000){2}{\rule{0.317pt}{0.400pt}}
\multiput(807.58,320.00)(0.494,4.754){29}{\rule{0.119pt}{3.825pt}}
\multiput(806.17,320.00)(16.000,141.061){2}{\rule{0.400pt}{1.913pt}}
\multiput(823.58,459.45)(0.494,-2.802){29}{\rule{0.119pt}{2.300pt}}
\multiput(822.17,464.23)(16.000,-83.226){2}{\rule{0.400pt}{1.150pt}}
\multiput(839.00,379.95)(3.588,-0.447){3}{\rule{2.367pt}{0.108pt}}
\multiput(839.00,380.17)(12.088,-3.000){2}{\rule{1.183pt}{0.400pt}}
\multiput(856.58,375.51)(0.494,-0.625){29}{\rule{0.119pt}{0.600pt}}
\multiput(855.17,376.75)(16.000,-18.755){2}{\rule{0.400pt}{0.300pt}}
\multiput(872.00,358.58)(0.669,0.492){21}{\rule{0.633pt}{0.119pt}}
\multiput(872.00,357.17)(14.685,12.000){2}{\rule{0.317pt}{0.400pt}}
\multiput(888.00,368.92)(0.732,-0.492){19}{\rule{0.682pt}{0.118pt}}
\multiput(888.00,369.17)(14.585,-11.000){2}{\rule{0.341pt}{0.400pt}}
\multiput(904.58,356.30)(0.494,-0.689){29}{\rule{0.119pt}{0.650pt}}
\multiput(903.17,357.65)(16.000,-20.651){2}{\rule{0.400pt}{0.325pt}}
\multiput(920.58,337.00)(0.495,2.874){31}{\rule{0.119pt}{2.359pt}}
\multiput(919.17,337.00)(17.000,91.104){2}{\rule{0.400pt}{1.179pt}}
\multiput(937.00,433.58)(0.808,0.491){17}{\rule{0.740pt}{0.118pt}}
\multiput(937.00,432.17)(14.464,10.000){2}{\rule{0.370pt}{0.400pt}}
\multiput(953.58,438.33)(0.494,-1.298){29}{\rule{0.119pt}{1.125pt}}
\multiput(952.17,440.67)(16.000,-38.665){2}{\rule{0.400pt}{0.563pt}}
\multiput(969.58,402.00)(0.494,2.034){29}{\rule{0.119pt}{1.700pt}}
\multiput(968.17,402.00)(16.000,60.472){2}{\rule{0.400pt}{0.850pt}}
\multiput(985.58,466.00)(0.494,2.258){29}{\rule{0.119pt}{1.875pt}}
\multiput(984.17,466.00)(16.000,67.108){2}{\rule{0.400pt}{0.938pt}}
\multiput(1001.58,519.69)(0.495,-5.190){31}{\rule{0.119pt}{4.171pt}}
\multiput(1000.17,528.34)(17.000,-164.344){2}{\rule{0.400pt}{2.085pt}}
\multiput(1018.58,364.00)(0.494,1.330){29}{\rule{0.119pt}{1.150pt}}
\multiput(1017.17,364.00)(16.000,39.613){2}{\rule{0.400pt}{0.575pt}}
\multiput(1034.00,406.58)(0.732,0.492){19}{\rule{0.682pt}{0.118pt}}
\multiput(1034.00,405.17)(14.585,11.000){2}{\rule{0.341pt}{0.400pt}}
\multiput(1050.58,417.00)(0.494,1.810){29}{\rule{0.119pt}{1.525pt}}
\multiput(1049.17,417.00)(16.000,53.835){2}{\rule{0.400pt}{0.763pt}}
\multiput(1066.58,474.00)(0.494,4.562){29}{\rule{0.119pt}{3.675pt}}
\multiput(1065.17,474.00)(16.000,135.372){2}{\rule{0.400pt}{1.838pt}}
\multiput(1082.58,611.31)(0.495,-1.610){31}{\rule{0.119pt}{1.371pt}}
\multiput(1081.17,614.16)(17.000,-51.155){2}{\rule{0.400pt}{0.685pt}}
\multiput(1099.58,563.00)(0.494,1.073){29}{\rule{0.119pt}{0.950pt}}
\multiput(1098.17,563.00)(16.000,32.028){2}{\rule{0.400pt}{0.475pt}}
\multiput(1115.58,597.00)(0.494,2.546){29}{\rule{0.119pt}{2.100pt}}
\multiput(1114.17,597.00)(16.000,75.641){2}{\rule{0.400pt}{1.050pt}}
\multiput(1131.58,669.63)(0.494,-2.130){29}{\rule{0.119pt}{1.775pt}}
\multiput(1130.17,673.32)(16.000,-63.316){2}{\rule{0.400pt}{0.888pt}}
\multiput(1147.58,610.00)(0.494,3.986){29}{\rule{0.119pt}{3.225pt}}
\multiput(1146.17,610.00)(16.000,118.306){2}{\rule{0.400pt}{1.613pt}}
\multiput(1163.58,719.64)(0.495,-4.588){31}{\rule{0.119pt}{3.700pt}}
\multiput(1162.17,727.32)(17.000,-145.320){2}{\rule{0.400pt}{1.850pt}}
\multiput(1180.58,572.35)(0.494,-2.834){29}{\rule{0.119pt}{2.325pt}}
\multiput(1179.17,577.17)(16.000,-84.174){2}{\rule{0.400pt}{1.163pt}}
\multiput(1196.58,493.00)(0.494,2.130){29}{\rule{0.119pt}{1.775pt}}
\multiput(1195.17,493.00)(16.000,63.316){2}{\rule{0.400pt}{0.888pt}}
\multiput(1212.58,538.31)(0.494,-6.547){29}{\rule{0.119pt}{5.225pt}}
\multiput(1211.17,549.16)(16.000,-194.155){2}{\rule{0.400pt}{2.613pt}}
\multiput(1228.58,355.00)(0.495,2.152){31}{\rule{0.119pt}{1.794pt}}
\multiput(1227.17,355.00)(17.000,68.276){2}{\rule{0.400pt}{0.897pt}}
\multiput(1245.58,427.00)(0.494,0.593){29}{\rule{0.119pt}{0.575pt}}
\multiput(1244.17,427.00)(16.000,17.807){2}{\rule{0.400pt}{0.288pt}}
\multiput(1261.58,446.00)(0.494,1.554){29}{\rule{0.119pt}{1.325pt}}
\multiput(1260.17,446.00)(16.000,46.250){2}{\rule{0.400pt}{0.663pt}}
\multiput(1277.58,495.00)(0.494,0.945){29}{\rule{0.119pt}{0.850pt}}
\multiput(1276.17,495.00)(16.000,28.236){2}{\rule{0.400pt}{0.425pt}}
\multiput(1293.58,516.70)(0.494,-2.418){29}{\rule{0.119pt}{2.000pt}}
\multiput(1292.17,520.85)(16.000,-71.849){2}{\rule{0.400pt}{1.000pt}}
\put(1309,448.67){\rule{4.095pt}{0.400pt}}
\multiput(1309.00,448.17)(8.500,1.000){2}{\rule{2.048pt}{0.400pt}}
\multiput(1326.58,450.00)(0.494,0.977){29}{\rule{0.119pt}{0.875pt}}
\multiput(1325.17,450.00)(16.000,29.184){2}{\rule{0.400pt}{0.438pt}}
\multiput(1342.00,479.92)(0.808,-0.491){17}{\rule{0.740pt}{0.118pt}}
\multiput(1342.00,480.17)(14.464,-10.000){2}{\rule{0.370pt}{0.400pt}}
\multiput(1358.58,461.45)(0.494,-2.802){29}{\rule{0.119pt}{2.300pt}}
\multiput(1357.17,466.23)(16.000,-83.226){2}{\rule{0.400pt}{1.150pt}}
\multiput(1374.58,383.00)(0.494,1.426){29}{\rule{0.119pt}{1.225pt}}
\multiput(1373.17,383.00)(16.000,42.457){2}{\rule{0.400pt}{0.613pt}}
\multiput(1390.58,422.12)(0.495,-1.671){31}{\rule{0.119pt}{1.418pt}}
\multiput(1389.17,425.06)(17.000,-53.058){2}{\rule{0.400pt}{0.709pt}}
\multiput(1407.58,372.00)(0.494,0.657){29}{\rule{0.119pt}{0.625pt}}
\multiput(1406.17,372.00)(16.000,19.703){2}{\rule{0.400pt}{0.313pt}}
\multiput(1423.58,393.00)(0.494,1.362){29}{\rule{0.119pt}{1.175pt}}
\multiput(1422.17,393.00)(16.000,40.561){2}{\rule{0.400pt}{0.588pt}}
\put(1439,436){\usebox{\plotpoint}}
\put(191.0,190.0){\rule[-0.200pt]{0.400pt}{141.167pt}}
\put(191.0,190.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\put(1439.0,190.0){\rule[-0.200pt]{0.400pt}{141.167pt}}
\put(191.0,776.0){\rule[-0.200pt]{300.643pt}{0.400pt}}
\end{picture}