https://blog.apnic.net/2022/10/20/log4shell-through-the-scope-of-a-reactive-network-telescope/ Skip to content APNIC Home [icon-squar] MyAPNIC Academy Blog REx NetOX DASH Log in Home Blog search [ ] Search Advanced Whois Make a payment Close Search Blog search [ ] * Get IP + Get IP + Make a payment + Membership + FAQs * Manage IP + MyAPNIC + Using Whois + IPv4 exhaustion + Go IPv6 + Routing Registry + Make a payment * Training + About + Events + APNIC Academy + Community Trainers + Courses * Events + Conferences + Calendar + Sponsorship + Code of Conduct * Insights + APNIC Labs + DASH to secure your networks + Internet Directory + NetOX to solve routing issues + Raw Data * Community + Orbit + Community demographics + Policy Development + Fellowship + Addressing policies + Internet community + Code of Conduct + Technical Assistance + Root servers + Security at APNIC + ISIF Asia + APNIC Foundation + NRO Number Council (NC) * Blog * Help Centre * About + APNIC Region + APNIC Membership + Executive Council + Service updates + Team + Annual Reports + Transparency + APNIC Survey + Corporate Documents + Publications Archive + Careers + Glossary * Contact * Advanced Whois * Make a payment APNIC Home * Get IP + Get IP + Make a payment + Membership + FAQs * Manage IP + MyAPNIC + Using Whois + IPv4 exhaustion + Go IPv6 + Routing Registry + Make a payment * Training + About + Events + APNIC Academy + Community Trainers + Courses * Events + Conferences + Calendar + Sponsorship + Code of Conduct * Insights + APNIC Labs + DASH to secure your networks + Internet Directory + NetOX to solve routing issues + Raw Data * Community + Orbit + Community demographics + Policy Development + Fellowship + Addressing policies + Internet community + Code of Conduct + Technical Assistance + Root servers + Security at APNIC + ISIF Asia + APNIC Foundation + NRO Number Council (NC) * Blog * Help Centre * About + APNIC Region + APNIC Membership + Executive Council + Service updates + Team + Annual Reports + Transparency + APNIC Survey + Corporate Documents + Publications Archive + Careers + Glossary * Contact Skip to the article Log4Shell through the scope of a reactive network telescope By Raphael Hiesgen on 20 Oct 2022 Category: Tech matters Tags: Guest Post, measurement, security Tweet Blog home [Log4Shell_FT-555x202] The omnipresence of software introduces a constant threat of new vulnerabilities that affect widely-deployed implementations. At the end of 2021, the Log4Shell vulnerability (CVE-2021-44228) made headlines. It enables remote code execution through vulnerable applications by injecting a prepared string into the omnipresent Log4j library. Log4Shell was publicly disclosed on 10 December 2021 by Apache alongside a fix in the Log4j library version 2.15.0. How it works Log4j supports the runtime evaluation of specifically formatted messages. These messages cannot only be used to add additional information, such as the Java version, but allow queries through JNDI, the Java Naming and Directory Interface. Attackers can deploy one of the services supported by JNDI and trick the victim application into downloading specifically prepared Java objects from it. These objects then run small snippets of code to download and run malware, thus enabling remote code execution -- provided an attacker can get the victim application to log the prepared message with Log4j. Scanners We observe scan attempts targeting TCP in the months of December 2021 and January 2022. Our vantage points deploy Spoki, a reactive telescope that establishes TCP connections and collects payloads. Our vantage points are four /24 IPv4 prefixes, one in the US and three in the EU. Heatmap of intensity and maliciousness of scanners targeting the Log4Shell vulnerability during December 2021 and January 2022. Left: US, right: EU VP 1.Figure 1 -- The intensity and maliciousness of scanners targeting the Log4Shell vulnerability during December 2021 and January 2022. Left: US, right: EU VP 1. We classify events, that is, packets with a Log4j format string, into malicious, benign, and unknown categories, based on their source IP using GreyNoise. Figure 1 gives an overview of the scan activity observed at the US VP and EU VP 1. The upper graphs show a time series for each category while the heat maps below visualize malicious intensity, calculated from the share of malicious events among all events per hour. The first scans start on the evening of 9 December (23:00, UTC) at the US vantage point. The EU observed the first packets nearly a day later (15:00 UTC, 10 Dec). Noticeably, the only benign events are registered in the first week after the disclosure. After a period of high activity in December, the events per day dropped to around 100 in the EU, and 2,000 or less in the US. Two peaks in the US, one malicious and one unknown source, stand out. They are caused by two IP addresses from the same Autonomous System (AS) in Russia. Both scanners methodically try different payloads and together produce about 60% of the packets in the US. The heat maps reveal a period of mixed activity before malicious sources take over. While the benign actors start scanning before traffic peaks, they quickly lose interest. Here, researchers and threat intelligence providers have room to perform continuous measurements and observe the changing landscape. Common tooling among attackers The key to the exploit is tricking the victim application into logging the prepared string with Log4j. These strings have the form $ {scheme:request}. For the Log4Shell exploit the scheme is set to 'jndi' while the request is a URL: scheme://host:port/path. Among the URLs we collected, several characteristics are frequently used by attackers. First, most attacks work via the LDAP service. Figure 2 shows the event count for each scheme we observed, on a logarithmic y-axis. The EU vantage points see LDAP almost exclusively. RMI occurs a handful of times at both vantage points. While attacks over RMI received attention in the media, we only observed a few RMI requests. Three among them (US) match the URL mentioned in the article. These attacks may have been focused and did not hit our VPs in bulk. The DNS and HTTP events originate from the benign actors shown in Figure 1. Charts showing schemes in JNDI URLs over time. LDAP is used nearly exclusively (December 2021 to January 2022). Left: US, right: EU VP 3.Figure 2 -- Schemes in JNDI URLs over time. LDAP is used nearly exclusively (December 2021 to January 2022). Left: US, right: EU VP 3. Second, the most popular port for LDAP servers is the non-default port 1389. It is used in 93% to 96% of all LDAP events. Other ports only make up between 1% and 2%, respectively. Finally, the URL paths show large overlaps. Except for a single path, observed paths do not conform to the LDAP RFC (RFC 4516) as they do not include a valid distinguished name. Two paths stand out: /Exploit, which makes up the largest share at all vantage points with 70% to 80% in the EU and 20% in the US, and paths that share the segments Command/Base64 followed by a base64-encoded segment. This group takes the second-largest share. These paths begin in a variety of ways, potentially hinting at their purposes, such as TomcatBypass or GroovyBypass. Decoding the base64 segment reveals script code that downloads an executable via HTTP to run locally. Open source projects on GitHub connect the dots between LDAP, port 1389, and the base64 segments. An LDAP server -- aptly named JNDIExploit -- uses this port as its default port and supports a range of similarly composed URLs. For a given URL it decodes the base64-encoded segment and dynamically builds a Java object that runs the code when loaded by JNDI. It allows attackers to reuse a simple LDAP server for different attacks by adjusting the payload they send during scanning. Although the original project is no longer available, forks exist. The projects are older than the recent Log4Shell vulnerability, just like the exploit for JNDI, which was presented at BlackHat (PDF) in 2016. Takeaways Log4Shell is a critical vulnerability that affects a wide range of applications with different attack vectors. Our observation of scanning reveals a quick increase in malicious events that show continued interest, although at a reduced volume. Benign scanners quickly started looking for vulnerable hosts, but ceased scanning after a few days. We cannot measure the success rate of attackers but observing scanning behaviour can be an expressive indicator of the liveliness of the scene. A quick decrease in scanning activity may be a sign that vulnerable services are thinning out. Common characteristics among payloads hint at common tools, such as the open source JNDIExploit project. The availability of tooling lowers the difficulty to set up an attack and run it. This could be a reason for the quick uptake in attack volume. On a positive note, the vulnerability saw wide coverage online as blog posts were published, lists of vulnerable applications were collected, and detection tools were quickly made available. At the same time, official organizations published reports and issued warnings. The underlying problem of Log4Shell is input sanitization -- a common challenge that has plagued the industry in the form of SQL injections for years. User-supplied input must be treated with caution. For more information read our paper "The Race to the Vulnerable: Measuring the Log4j Shell Incident", which was presented at the Network Traffic Measurement and Analysis Conference (TMA), in June 2022. Raphael Hiesgen is a PhD student at HAW Hamburg. His research focuses on Internet measurements and security, often using network telescopes for this purpose. This work wouldn't have been possible without his co-authors: Marcin Nawrocki (FU Berlin), Thomas C. Schmidt (HAW Hamburg), and Matthias Wahlisch (FU Berlin). Rate this article --------------------------------------------------------------------- The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog. Leave a Reply Cancel reply Your email address will not be published. Required fields are marked * [ ] [ ] [ ] [ ] [ ] [ ] [ ] Comment * [ ] Name * [ ] Email * [ ] [ ] Save my name and email in this browser for the next time I comment. [ ] Yes, add me to your mailing list [ ] [ ] Notify me of follow-up comments via email. You can also subscribe without commenting. [Post Comment] [ ] [ ] [ ] [ ] [ ] [ ] [ ] D[ ] Top Get Updates Please leave this field empty[ ] Email *[ ] Show options [Subscribe!] Select list(s):[ ] Daily[*] Weekly Thanks for subscribing! Check your inbox or spam folder to confirm your subscription. Latest Tweets APNIC * 2 days ago @apnic The only practical way to mitigate an attack surface is to control access to it, writes @larihuttunen https://t.co/UZfJ92r2ZB @ArcticSecurity #firewall #incidentresponse #security https://t.co/ uFRT8n3aBx View on Twitter 2 2 APNIC * 3 days ago @apnic The Internet Architecture Board is organizing a workshop to discuss the Internet's environmental impact, discuss the evolving needs from industry, and to identify areas for improvements and future work. There's a Call for Papers. Learn more here: https://t.co/zTvthEkXoN View on Twitter 2 5 APNIC * 3 days ago @apnic #APRICOT2023 Fellowship applications close soon! You only have until 24 October at 23:59 (UTC +8) to apply: https:// t.co/ukWrcViCJU https://t.co/SMwuxWZ2Rs View on Twitter 4 5 Authors * Adli Wahid * Aftab Siddiqui * Geoff Huston * George Michaelson * Jen Linkova * Job Snijders * Kathleen Moriarty * Paul Wilson * Ulrich Speidel * Vitaly Kamluk * A Khalil Azizi * AbdelRahman Abdou * Abhishek Jain * Achie Atienza * Adam Gosling * Adam McFillin * Adam Oest * Adeel Sadiq * Adiel Akplogan * Adisorn Lertsinsrubtavee * Adli Wahid * Adrian Farrel * Adrian Wan * Afifa Abbas * Afsheen Saadat * Aftab Siddiqui * Agustin Formoso * Ahmad Darki * Ajay Kumar * Akimichi Ogawa * Alan Mauldin * Alden Hilton * Alec Muffett * Alex Band * Alex Boten * Alex Turing * Alex Yen * Alexander Azimov * Alexander Kozlov * Alfred Arouna * Ali Abedi * Ali Norouzi * Amaury Van Bemten * Amrita Choudhury * Anand Buddhdev * Anant Shah * Andra Lutu * Andre Gelderblom * Andreas Dewes * Andreas Reuter * Andree Toonk * Andrei Robachevsky * Andrew Campling * Andrew Cormack * Andrew Cushen * Andrew Gray * Andrew Sullivan * Andrew Toimoana * Andy Mindnich * Andy Newton * Anju Mangal * Anna Maria Mandalari * Annaliza Mulingbayan * Anosh Khan * Anriette Esterhuysen * Anthony Lee * Anton Strydom * Anup Changaroth * Anurag Bhatia * APNIC * Apoorv Shukla * Arash Molavi Kakhki * Arian Niaki * Aris Tzermias * Arjuna Sathiaseelan * Arth Paulite * Artyom Gavrichenkov * Asad Ali * Asanka Sayakkara * Ashil Oogarah * Ashwin Kumar * Ashwin Rangan * Audrey Randall * Aurelien Aptel * Austin Hounsel * Austin Ruckstuhl * Avery Pennarun * Ayesha Iftikhar * Ayush Mishra * Azfar Adib * Azhar Khuwaja * Azura Mat Salim * Baojun Liu * Baptiste Jonglez * Barry Greene * Bart Hogeveen * Basileal Imana * Ben Cox * Ben Du * Ben Schwartz * Benjz Gerard Sevilla * Benno Overeinder * Bert Hubert * Bhadrika Magan * Bhumika Sapkota * Bikram Shrestha * Bill Hess * Bill Stearns * Bill Woodcock * Bjorn Teigen * Blake Anderson * Blas Trigueros * Brenda Buwu * Brenden Kuerbis * Brent Carey * Brian Carpenter * Brian Nisbet * Brian Trammell * Bruce Davie * Bruce Spang * Byambajargal Jamsran * Byron Ellacott * Byungjin Jun * Cameron Steel * Carsten Strotmann * Caspar Schutijser * Cecilia Testart * Cengiz Alaettinoglu * CF Chui * Champika Wijayatunga * Che-Hoo Cheng * Cheeyong Tay * Cherie Lagakali * Chia Ling (Jolin) Chan * Chika Yoshimura * Ching-Heng Ku * Chris Amin * Chris Ritzo * Chris Siebenmann * Christian Giese * Christoph Dietzel * Chuan Jiang * Ciprian Popoviciu * Clarence Filsfils * Claudio Jeker * Clemens Mosig * Colin Perkins * Constance Bommelaer * Constanze Dietrich * Craig Miller * Craig Ng * Craig Rowland * Dale Roberts * Dan Fidler * Dan Li * Daniel Dib * Daniel Kopp * Danilo Giordano * Danny Alex Lachos Perez * Danny Pinto * Daryll Swer * Dave Mill * Dave Phelan * David Anderson * David Burkett * David Dawson * David Holder * David Holsgrove * David Huberman * Dean Pemberton * Debashis Pal * Debopam Bhattacherjee * Deepak Vasisht * Denesh Bhabuta * Dennis Baaten * Desiree Miloshevic * Dewangga Alam * Dewole Ajao * Dhruv Dhody * Di Ma * Diego Pino Garcia * Dmytro Shypovalov * Donatas Abraitis * Doug Madory * Doug Montgomery * Dr Bahaa Al-Musawi * Dr Govind * Drikus Brits * Duane Wessels * Duncan Macintosh * E. Marie Brierley * Ed Horley * Edward Lewis * Edwin Sandys * Eliot Lear * Elizabeth Krumbach Joseph * Elly Tawhai * Elvin Prasad * Emile Aben * Emily Stark * Emir Beganovic * Eneken Tikk * Enno Rey * Enric Pujol * Eric Lawrence * Eric Loos * Eric Vyncke * Erik Hjelmvik * Erik Rye * Erin Scherer * Eshaan Bansal * Esteban Carisimo * Eunju Pak * Fabian Bustamante * Fakrul Alam * Farha Diba * Fenglu Zhang * Ferenc Fejes * Fernando Gont * Flavia Salutari * Flavio Luciani * Florentin Rochet * Florian Streibelt * Foy Shiver * Francesco Sassi * Franck Martin * Frane Maroevic * Frank Denis * Frank Herberg * Franziska Lichtblau * Fred Christopher * Fred Templin * Fredrik Lindenberg * Ganga R Dhungyel * Gaurab Raj Upadhaya * Gautam Akiwate * Gavin Reid * Geoff Huston * George Kuo * George Michaelson * George Odagi * George Sadowsky * Giacomo Giuliari * Gianmarco Pagani * Giovane Moura * Gonchig Altansukh * Gordon King * Greg Ferro * Gregory Mounier * Guangliang Pan * Guillermo Baltra * GZ Kabir * Ha Dao * Han Zhang * Hannah Durack * Hanno Bock * Harish Chowdhary * Haya Shulman * Helen Hollins * Hideyuki Sasaki * Hinne Hettema * Hiroki Kawabata * Hiroko Kamata * Hiromu Shiozawa * Hisham Ibrahim * Hoang Nguyen Phong * Houlin Zhao * Hyeonmin Lee * Hyojoon Kim * Ignacio Castro * Ihita Gangavarpu * Ike Kunze * Ilker Nadi Bozkurt * Imtiaz Rahman * Indya Bolton * Ioana Livadariu * Italo Cunha * Ivan Ristic * Ivana Tomic * Ivo A. Ivanov * Ivy Yip * Izumi Okutani * Jaclyn Knight * Jacob Davis * Jahangir Hossain * Jake Bauer * Jake Flint * Jake Holland * James Ah Wai * James Pavur * James Richards * James Shank * Jamie Gillespie * Jan Harm Kuipers * Jan Ruth * Jan Zorz * Jan-Piet Mens * Jari Arkko * Jason Livingood * Jason Smith * Jasper den Hertog * Jawad Ahmed * Jay Daley * Jay Ford * Jeff Chan * Jeff Fry * Jeff Man * Jen Linkova * Jenine Beekhuyzen * Jerry Lundstrom * Jessica Shen * Jessica Wei * Jethro Webston * Jia-Rong Low * Jim Forster * Jim Vella * Jimmy Lim * Jing Qiao * Joanna Kulesza * Joao L. Sobrinho * Joao Luis Silva Damas * Joao M. Ceron * Job Snijders * Joel Jaeggli * Johanna Amann * Johannes Krupp * Johannes Weber * Johannes Zirngibl * John Bambenek * John Garrity * John Jack * John Jason Brzozowski * John Kristoff * John Scudder * John Welborn * Jonathan Brewer * Jordan Carter * Jordan Jueckstock * Jordi Palet Martinez * Josef Gustafsson * Joseph Salowey * Joy Chan * Joyce Chen * Juan Ramon Santana * Juha Saarinen * Julia Evans * Julian Martin Del Fiore * Julien Gamba * Jun Murai * Justin Loye * Kaajal Kumar * Kaan Onarlioglu * Kanagaraj Krishna * Karel Hynek * Karl Lovink * Karla Skarda * Kasek Galgal * Kashyap Thimmaraju * Kathleen Moriarty * Katsuyasu Toyama * Kazunori Fujiwara * Ke Ma * Keisuke Kamata * Kemal Sanjta * Kenjiro Cho * Kenny Huang * Kenrick Lin * Kensuke Fukuda * Kevin Bock * Kevin Ku * Kevin Meynell * Kevin Vermeulen * Kevon Swift * Keyu Man * Khee Hong Loke * Khwaja Zubair Sediqi * Kiruthika Devaraj * Klee Aiken * Kobayashi Masayuki * Koen van Hove * Koichi Kunitake * Koki Nakagawa * Konrad Wolsing * Korian Edeline * Kostas Zorbadelos * Kris Shrishak * Kurt Lindqvist * Kyle Drake * Kyle Schomp * Lan Wei * Lari Huttunen * Lars Prehn * Lars-Johan Liman * Leandro Bertholdo * Leandro Navarro * Lee Howard * Leo Vegoda * Leonid Todorov * Leslie Daigle * Lia Hestina * Liang Wang * Liangcheng Yu * Linjian Song * Lisa Corness * Lisandro Ubiedo * Liz Izhikevich * Loba Olopade * Lorenzo Cogotti * Louise Tromp * Luca Sani * Luuk Hendriks * M. Yasir M. Haq * Maarten Botterman * Maciej Korczynski * Madeline Carr * Maemura Akinori * Mai Thu Thuy * Major Hayden * Manaf Gharaibeh * Mansour Ganji * Marc Bruyere * Marcin Nawrocki * Marco Chiesa * Marco Cilloni * Marco Hogewoning * Marcus Brinkmann * Marcus Keane * Maria Namestnikova * Maria Theresa Perez * Mariko Kobayashi * Marilyn Zhang * Mario Loffredo * Mark Andrews * Mark Karpilovskij * Mark Nottingham * Mark Prior * Mark Smith * Markus Dahlmanns * Markus Legner * Marten Porte * Martin Hannigan * Martin Hoffmann * Martin Langer * Martin Thomson * Martin Winter * Mary Rose Ofianga-Rontal * Masanori Yajima * Masataka Mawatari * Massimo Candela * Mat Ford * Matt Larson * Matt Oh * Matt Palmer * Matt Ringel * Matt Stith * Matthew Thomas * Matthias Wichtlhuber * Mattijs Jonker * Max von Hippel * Maxime Mouchet * Md Abdul Awal * Megan Baker * Melchior Aelmans * Merike Kaeo * Metin Acikalin * Michael Kende * Michael Patterson * Michael Rabinovich * Michael Schapira * Mika Kerttunen * Mike Kosek * Min Sung Jung * Minzhao Lyu * Miwa Fujii * Mohamad Dikshie Fauzie * Mohamed Boucadair * Mohammad Larosh Khan * Molay Ghosh * Moritz Muller * Mubashir Sargana * Muhammad Moinur Rahman * Muhammad Yasir Shamim * Muzamer Mohd Azalan * Nadir Hassan * Nafeez Islam * Nalini Elkins * Narayan G * Narelle Clark * Natale Bianchi * Nate Sales * Nathalie Romo Moreno * Nathalie Trenaman * Neta Rozen Schiff * Nick Buraglio * Nick Hilliard * Nick Janetakis * Nico Schottelius * Nicola Rustignoli * Nicole Wajer * Nihit Tandon * Nikolai Hampton * Nikos Kostopoulos * Nils Wisiol * Nirav Atre * Nooshin Eghbal * Nurul Islam Roman * Nusenu * Nyamkhand Buluukhuu * Oanh Nguyen * Oky Tria Saputra * Olafur Gudmundsson * Olamide Omolola * Oliver Gasser * Oliver Michel * Olivier Tilmans * Omar Alrawi * Ondrej Caletka * Ondrej Sury * Otto Moerbeek * Pablo Hinojosa * Paolo Lucente * Paresh Khatri * Parkpoom Tripatana * Pasan Lamahewa * Patrick McManus * Patrik Faltstrom * Paul Dale * Paul Grubbs * Paul Wilson * Pawel Foremski * Pawel Urbanek * Pedro Marcos * Pengxiong Zhu * Pete Sclafani * Pete Stevens * Peter Blee * Peter Hansteen * Peter Maynard * Peter Peele * Petr Spacek * Petros Gigis * Phil Lavin * Phil Mawson * Philip Homburg * Philip Paeps * Philip Smith * Philipp Jeitner * Philipp Richter * Pier Carlo Chiodi * Piotr Kijewski * Platon Kotzias * Pranav Kondala * Praneet Kaur * Pubudu Jayasinghe * Quincy Liao * Rachee Singh * Rafael Cintra * Raffaele Sommese * Raffaele Zullo * Rahul Makhija * Rajnesh Singh * Ralph Dolmans * Ralph Holz * Ram Sundara Raman * Ramakrishna Padmanabhan * Rami Al-Dalky * Ramin Yazdani * Ran Ben Basat * Ranysha Ware * Raphael Hiesgen * Raquel Rugani Lage * Raskia Nayanajith * Ray Bellis * Rebekah Houser * Remi Gacogne * Rene Bakker * Rene Wilhelm * Renee Burton * Richard Cziva * Richard Jimmerson * Richard Nelson * Richard Patterson * Richard Read * Rick McElroy * Rishabh Chhabra * Robbie Mitchell * Robert Kisteleki * Roderick Fanou * Rohana Palliyaguru * Roland Meier * Roland van Rijswijk-Deij * Romain Fontugne * Ron Bonica * Ron Winward * Ronald van Kleunen * Rowena Schoo * Roy Arends * Rudiger Birkner * Russ White * Ryan Beckett * Ryan Gerstenkorn * Ryo Nakamura * Sachin Ashok * Safiqul Islam * Said Jawad Saidi * Said Zazai * Salvatore Cuzzilla * Samaneh Tajalizadehkhoob * Samantha Douglas * Samit Jana * Samuel Steffen * Sandra Davey * Sandra Siby * Sangeetha Abdu Jyothi * Sanjaya * Sara Dickinson * Sarah Escandor-Tomas * Sarmad Hussain * Sarvesh Mathi * Sasha Romijn * Satoru Matsushima * Satoru Tsurumaki * Sayda Kamrun Jahan Ripa * Scott Hollenbeck * Scott Shenker * Sebastian Castro * Sebastian Zander * Seiichi Kawamura * Seluvaia Kauvaka * Seth Schoen * Shah Sahari * Shahee Mirza * Shahzeb Mustafa * Shamim Reza * Shamsullah Shams * Shane Alcock * Shane Kerr * Sharat Chandra Madanapalli * Sheetal Kumar * Sheikh Md Seum * Shermaine Yung * Sherry Shek * Sheryl Hermoso * Shian-Shyong Tseng * Shinoj Pittandavida * Shishio Tsuchiya * Shoko Nakai * Shuai Hao * Shucheng Liu * Shumon Huque * Shusei Tomonaga * Siena Perry * Simon Baroi * Simon Bauer * Simran Patil * Siva Kesava * Sivaram Ramanathan * Sofia Silva Berenguer * Sonam Keba * Song Bing * Spiros Thanasoulas * Srikanth Sundaresan * Srimal Andrahennadi * Stanley Osao * Stefan Mehner * Stefan Ubbink * Steinthor Bjarnason * Stephan Marwedel * Stephane Bortzmeyer * Stephen McQuistin * Stephen Ryan * Stephen Strowes * Steve Crocker * Steve Santorelli * Sue Graves * Suetena Faatuuala Loia * Suksit Sripitchayaphan * Sunny Chendi * Susan Forney * Svaradiva Devi * Swapneel Patnekar * Sylvain Cortes * Sylvia Cadena * Szymon Trocha * Taejoong Chung * Taiji Kimura * Talha Paracha * Tan Kean Siong * Tan Tin Wee * Tanya Shreedhar * Tashi Phuntsho * Teav Sovandara * Terry Sweetser * Teun Vink * Theo Jepsen * Theophilus A. Benson * Thomas Holterbach * Thomas Koch * Thomas Krenc * Thomas Millar * Thomas Patzke * Thomas Scheffler * Thomas Wirtgen * Thymen Wabeke * Tianxiang Dai * Tim Bruijnzeels * Tim Chown * Tim Fiola * Tim Raphael * Timm Bottger * Timothy Winters * Tiong Beng Ng * Tobias Fiebig * Todd Arnold * Tom Barbette * Tom Carpay * Tom Do * Tom Harrison * Tom Hollingsworth * Tom Krizek * Tom Perrine * Tomek Mrugalski * Tomoaki Tani * Tony Finch * Tony Li * Tony Scheid * Tony Smith * Tony Tauber * Torsten Zimmermann * Trinh Viet Doan * Truong Khanh Huyen * Tuan Nguyen * Tugsorshikh Badarch * Tushar Swamy * Ulrich Hauser * Ulrich Speidel * Usama Naseer * Uta Meier-Hahn * Vashkar Bhattacharjee * Vasileios Giotsas * Vasileios Kotronis * Vasilis Chryssos * Veronika McKillop * Vesna Manojlovic * Vicky Risk * Vijay Sivaraman * Vijay Varadharajan * Viktor Dukhovni * Vincent Bernat * Vitaly Kamluk * Vittorio Bertola * Vivek Nigam * W K Shiu * Wanqing Tu * Warren Finch * Warren Kumari * Wassie Goushe * Wayne Thayer * Werachart Muttitanon * Wes Hardaker * Wilaiwan Phanarin * Wilhelm Boeddinghaus * Willem Toorop * William Lu * Willy Sutrisno * Winfried Tilanus * Wita Laksono * Wout de Natris * Wouter de Vries * Xiao Zhang * Xiaohong Deng * Xiaoqi Chen * Xing Li * Xinlei Yang * Yali Liu * Yeo Lee Chin * Yi Cao * Yiming Zhang * Ying Tian * Ying-Chu Chen * Yoshibumi Suematsu * Yoshinori Takesako * Yoshitaka Aharen * Younghwan Choi * Yuedong Zhang * Yunfei Ma * Yurie Ito * Yuta Takata * Zachary Bischof * Zaid Ali Kahn * Zaifeng Zhang * Zain Shamsi * Zen Ng * Zhenyu Li * Zinan Lin * Zolzaya Shagdar * MoreShow all Tags * APNIC Foundation * APNIC Training * ASNs * Australia * BGP * capacity development * CERTs * China * DNS * DNSSEC * Event Wrap * Guest Post * How to * IANA * ICANN * IETF * IGF * India * Indonesia * Internet Governance * Internet of Things * IPv4 * IPv6 * ISIF Asia * ITU * IXPs * Japan * measurement * networking * NOGs * NRO * Pacific * peering * RIPE NCC * RIRs * ROAs * routing * RPKI * security * South Asia * Taiwan * TCP * Thailand * Three of the best * Whois Related Articles * Mantis: Reactive programmable switchesMantis: Reactive programmable switches by Liangcheng Yu October 13, 2020 Guest Post: An new open-source framework achieves both generic support of reactive behaviours and sub-RTT level latency without penalizing line-rate packet processing speed. * Enhancing anti-phishing systems through ecosystem-level monitoringEnhancing anti-phishing systems through ecosystem-level... by Adam Oest December 9, 2020 Guest Post: PhishFarm shows anti-phishing tools miss nearly one in five phishing sites. * Tackling DNS abuse through education, collaboration and innovationTackling DNS abuse through education, collaboration and... by Rowena Schoo August 26, 2022 Guest Post: The DNS Abuse Institute seeks to tackle the complex global issue of DNS abuse and make the Internet safer. * Config2Spec: Mining network specifications from network configurationsConfig2Spec: Mining network specifications from network... by Rudiger Birkner March 8, 2021 Guest Post: Network verification requires the specifications of a network, and these can consist of thousands of policies. What if there was a way to profile a network more efficiently? APNIC Home Connect with us * Facebook * Twitter * YouTube * Flickr * Weibo * Slideshare * LinkedIn * RSS (c) 2022 APNICABN 42 081 528 010 * Privacy * Contact * Help Centre * NRO News * Service Status * Careers