The DataPlane.org telnetlogin feed is now publicly available. It looks much like other feeds with the usual set of entry attributes: an IPv4 or IPv6 address, associated route origin information (ASN and AS name), the most recent time stamp of the event in the past 7 days, and the feed name.
This feed is derived from TELNET sensors that mimic, but do not implement an actual TELNET server service. The telnetlogin feed reports on clients sending login and password credentials after a TCP port 23 connection to a sensor in the wild.Read more...
The DataPlane.org smtpgreet and smtpdata feeds are now publicly available. Both look much like other feeds with the usual set of entry attributes: an IPv4 or IPv6 address, associated route origin information (ASN and AS name), the most recent time stamp of the event in the past 7 days, and the feed name. The distinction between the two feeds is the extent of SMTP client behavior observed.
Both feeds are derived from SMTP sensors that are neither advertised nor intended to be used for any actual delivery of legitimate email.Read more...
The DataPlane.org proto41 feed is now publicly available. The proto41 feed identifies IPv4 addresses that have been observed as open IPv6 over IPv4 tunnel relays. This feed at once becomes the largest and in some ways the most unique DataPlane.org produces. This is the first project feed based on active network surveying rather than relying on a network of passive sensors. This feed is not only unique to DataPlane.org, but as far as I can tell, the first anywhere to report on open IPv6 tunnel relays.Read more...
For years I have relied upon tools such as Team Cymru’s IP address to AS mapping service. When I worked there I tried to help encourage others to use the DNS interface in a blog post and with sample Perl code. In my research work as well as the growing size and number of DataPlane.org feeds I have found myself needing to get the origin ASN and AS name of an increasing number of IP addresses quickly.Read more...