• HOME
  • About
  • Program Plan
  • Annual Report
  • Joining CAIDA
  • Staff
  • Jobs
  • Legal Agreements
  • How-To
• RESEARCH
  • Routing
  • Topology
  • DNS
  • Security
  • Traffic Analysis
  • Policy
  • Visualization
• DATA
  • Overview
  • Data Sharing
  • How-to
  • Data Usage FAQ
  • Papers using CAIDA Data
• TOOLS
  • Measurement
  • Taxonomy
  • Utilities
  • Visualization
• PUBLICATIONS
  • Papers
  • Presentations
  • Animations
  • Visualizations
  • Bibliography
  • Posters
• WORKSHOPS
  • ISMA
  • WIE
  • CAIDA-WIDE-CASFI
  • DANCES
  • External
  • Archive
• PROJECTS
  • Macroscopic Topology
  • Cybersecurity
  • PREDICT
  • Interconnection Economics
  • Named Data Networking
  • IMDC
  • Ark
  • Network Telescope
  • IIC Wiki
• FUNDING
  • iLENS
  • Cybersecurity
  • Routing
  • Named Data Networking
  • Economics
  • Telescope
  • IRNC-SP
  • DatCat
  • PREDICT
  • Program Plan

The CAIDA UCSD Network Telescope Two Days in November 2008 Dataset

The UCSD network telescope consists of a globally routed /8 network that carries almost no legitimate traffic. We can filter out the legitimate traffic so the resulting data provides us with a snapshot of anomalous 'background' traffic to 1/256th of all public IPv4 destination addresses on the Internet.

The packets seen by the network telescope result from a wide range of events, including misconfiguration (e.g. mistyping an IP address), scanning of address space by attackers or malware looking for vulnerable targets, backscatter from randomly spoofed source denial-of-service attacks, and the automated spread of malware.

This dataset contains two full days of trace data from the UCSD Network Telescope: 2008-11-12 and 2008-11-19. These dates precede our detection of the Conficker A Worm on 2008-11-21. The dataset consists of 48 compressed pcap files each containing one hour of traffic observed by the UCSD Network Telescope The pcap files only contain packet headers; payload has been removed. The destination network addresses have been masked by zeroing the first eight bits of the IP address.

Caveats that apply to this dataset:

• This dataset and the types of worm and denial-of-service attack traffic contained therein are representative only of some spoofed source denial-of-service attacks. Many denial-of-service attackers do not spoof source IP addresses when they attack their victim, in which case backscatter would not appear on a telescope. Attackers can also spoof in a non-random fashion, which will incur an uneven distribution of backscatter across the IPv4 address space, including any telescope lenses. The telescope does not currently send any packets in response, which also limits insight into the traffic it sees.

Data Restrictions and Obligations

CAIDA strongly favors wide dissemination of its datasets to legitimate researchers, and CAIDA also takes seriously its obligation to responsibly disclose datasets which may present a risk if misused. CAIDA reserves the right to refuse requests for dataset(s) to anyone. If you feel your request is inappropriately denied please contact CAIDA by sending a message to data-info@caida.org.

Acceptable Use Policy (AUP) for the UCSD Network Telescope "Two Days in November 2008" Dataset

By receiving this CAIDA dataset(s), you agree to abide by this AUP as may be modified from time to time. Any violation of this AUP may result in the suspension or termination of data access or such other action implicated by law. You are liable and responsible for ensuring that your use of the dataset complies with this AUP. CAIDA reserves the right, in its sole discretion, to refuse access and/or distribution to anyone at any time.

By receiving this CAIDA dataset(s), you represent and warrant that (i) you understand and agree that this AUP is a legally binding agreement; (ii) you will use this CAIDA dataset in a manner consistent with all applicable laws and regulations and in accordance with the terms and conditions of this AUP; (iii) you are authorized to sign for and bind the contracting party; (iv) you will not impersonate any person or entity, misrepresent any affiliation with another person, entity or association, use false headers or otherwise conceal your identity from CAIDA for any purpose.

Upon receipt of this data, CAIDA/UCSD grants You a license to use this dataset solely for licit, non-profit and non-commercial research. This means you will abide by the following restrictions and obligations:

1. You shall use appropriate and reasonable care in safeguarding this data to protect any confidentiality of the data and privacy of end users, hosts and networks contained within this dataset; and to prevent unauthorized use of this data.
2. You will not distribute or disclose UCSD Network Telescope data beyond users authorized by CAIDA or You. All restrictions and obligations attached to this data accompany any and all subsequent disseminations of this dataset. Therefore, You are responsible for communicating this AUP and ensuring compliance with its obligations and restrictions to any and all users to whom this data may be disseminated by you.
3. You will notify CAIDA of the names and email addresses of any and all persons, including students and interns, and their respective affiliations, assisting you in research using this dataset.
4. CAIDA elides the first octet of the destination IP addresses in these traces to preserve the privacy of the monitored network. You will not attempt to reverse engineer, decrypt, or otherwise re-identify any original IP addresses collected in the trace. For example, You will not attempt to extract unanonymized IP addresses from encapsulated headers.
5. You will not attempt to connect to, probe, or in any other way initiate contact with a machine or machine administrator identified in this dataset.
6. For data that is not anonymized, You will anonymize or aggregate IP addresses, network names, and domain names for any publication or other disclosure of such data unless CAIDA provides written authorization for such disclosure.
7. At the end of the research, or semi-annually (whichever is earlier), you will report a summary of the research and any findings/conclusions to CAIDA. If any research is disclosed on the web, you will provide CAIDA with a URL. This information is used in reports to our funding agencies.

8. If you publish (in any venue, including presentations, web pages, and papers) data, research findings or conclusions from this CAIDA dataset you must provide CAIDA with a copy of (or link to) the presentation and must cite the following attribution in the presentation:

   The CAIDA UCSD Network Telescope Two Days in November 2008 Dataset - < dates used > ,
   Emile Aben, Sebastian Castro Avila and kc claffy
   http://www.caida.org/data/passive/telescope-2days-2008_dataset.xml

9. You are encouraged, but not required to include the following attribution in the acknowledgments section of your document:

   Support for the UCSD Network Telescope "Two Days in November 2008" Dataset and the UCSD Network Telescope are provided by Cisco Systems, Limelight Networks, the US Department of Homeland Security, the National Science Foundation, and CAIDA Members.

10. You consent that CAIDA may disclose Your name, the name of Your Affiliate/Sponsoring Institution, a brief description of the type of research being undertaken (if known), and the name of this dataset(s) that CAIDA has made available to You. This information is used in reports to our funding agencies (which we sometimes post on the web) or in research community-building efforts, e.g., workshops, wikis.

Access to the UCSD Network Telescope Two Days in November 2008 Dataset

Request Access to UCSD Network Telescope Datasets

Other UCSD Network Telescope datasets:

• The Three Days of Conficker Telescope Dataset
• The Backscatter-2008 Dataset
• The Backscatter-2007 Dataset
• The Backscatter-2006 Dataset
• The Backscatter-2004-2005 Dataset
• The Backscatter-TOCS Dataset

References

For more information on Conficker and worm attacks, see:

• Conficker/Conflicker/Downadup as seen from the UCSD Network Telescope

For more information on Backscatter and Denial-of-Service attacks, see:

• http://www.caida.org/data/passive/backscatter_tocs_dataset.xml
• http://www.caida.org/publications/papers/2001/BackScatter/
• http://www.caida.org/research/security/sco-dos/
• http://www.caida.org/publications/papers/2006/backscatter_dos/

For more information on the UCSD Network Telescope, see:

• http://www.caida.org/data/passive/network_telescope.xml#denial_of_service
• http://www.caida.org/research/security/telescope/

For more information on the CoralReef Software Suite, see:

• http://www.caida.org/tools/measurement/coralreef/

For a non-exhaustive list of Non-CAIDA publications using Backscatter data, see:

• http://www.caida.org/data/publications/bydataset/index.xml#Backscatter

Acknowledgments

Special thanks to Brian Kantor, Jim Madden, and Pat Wilson at UCSD for support of the UCSD Network Telescope Project.

Backscatter Dataset Sponsors:

• Department of Homeland Security
• Cisco Systems
• Limelight Networks
• National Science Foundation
• Defense Advanced Research Projects Agency

UCSD Network Telescope Sponsors:

• Cisco Systems
• Limelight Networks
• National Science Foundation
• Department of Homeland Security