|Summary||Information useful for studying the spread of the Code-|
|Motivation||To provide a set of data useful for studying the Code-|
|Duration||31 days 05:58:49.112 (2699929.112 s)|
|Data formats||tabular text|
|Logistic location||The UCSD Network Telescope|
|Creators||CAIDA Network Telescope Project - Code-|
|Keywords||active, AS, AS links, background radiation, BGP, blackhole address space, CAIDA, Code-|
(Sample creation process from codered-july.table.txt):
The UCSD Network Telescope consists of a large region of globally announced IPv4 address space. This region contains almost no legitimate hosts, so inbound traffic to nonexistent hosts is always anomalous in some way. Because the network telescope contains approximately 1/256th of all IPv4 addresses, we receive roughly one out of every 256 packets sent by an Internet worm with an unbiased random number generator. Because the Network Telescope is uniquely situated to receive traffic from every worm-infected host, it provides a global view of the spread of Internet worms.
The data source for this dataset includes packet headers collected from the UCSD Network Telescope, timestamp/IP address pairs for TCP SYN packets received by two /16 networks at Lawrence Berkeley Laboratory (LBL), and sampled netflow from a router upstream of the /8 network at UCSD. These three data sources are used to maximize coverage of the expansion of the worm. Between midnight and 16:30 UTC, a passive network monitor recorded headers of all packets destined for the /8 research network. After 16:30 UTC, a filter installed on a campus router to reduce congestion caused by the worm blocked all external traffic to this network. Because this filter was put into place upstream of the monitor, we were unable to capture IP packet headers after 16:30 UTC. However, a second UCSD data set consisting of sampled netflow output from the filtering router was available at the UCSD site throughout the 24 hour period. Vern Paxson provided probe information collected by Bro on the LBL networks between 10:00 UTC on July 19, 2001 and 7:00 on July 20, 2001. We have merged these three sources into to produce the Code-Red July dataset.
Perl scripts were used to do aggregation of this information from Network Telescope traces.
14 data files (793 MiB)
|Contributor||CAIDA Automated Data Contributor|