NordVPN Promotion

Home / Blogs

Amount of Unsolicited Internet Traffic Reflecting Situation in Libya

Protect your privacy:  Get NordVPN  [73% off 2-year plans, 3 extra months]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

During the recent political unrest in the Middle East, researchers have observed significant changes in Internet traffic and connectivity. Typically people look at routing data, latencies when connecting to sites and search and query statistics. Here we show results from a previously unused source of data: unsolicited Internet traffic arriving from Libya. The traffic data we captured shows distinct changes in unsolicited traffic patterns since 17 February 2011.

Figure 1 above shows unsolicited one-way traffic for five weeks, including some “silent” gaps with absolutely no traffic, and other intervals with larger and more typical levels. During these five weeks there was an interval of about one-and-a-half days where the data collection server didn’t collect data, indicated in red and with labeled ‘no data’. For another period of about one day, traffic levels were almost always higher then 8 packets per second (pps), indicated in blue and labeled ‘denial-of-service’ (in the RIPE Labs article referenced at the bottom, you can find more details about this particular incident).

The Figure also shows a number of intervals with next to no traffic, notably overnight on 19 and 20 February. This is consistent with observations made by others. We also saw an outage between 3 March and 7 March. After 7 March the amount of unsolicited traffic is slowly picking up again, but not to the level from before 3 March.

Figure 2 shows the period between 1 – 8 March in more detail. The longer outage from approximately 3 March 18:00 UTC to 7 March 11:00 UTC is clearly visible. You can also see that the traffic levels after the outage were significantly lower then before. We observed a slow subsequent increase after this outage to roughly 20% of pre-outage traffic levels. This is something that we have not seen reported elsewhere.

For more information, please refer to the background article on RIPE Labs: Unsolicited Internet Traffic from Libya.

Please note that this research is based on collaboration between the RIPE NCC and CAIDA.

By Daniel Karrenberg, Chief Scientist at the RIPE NCC

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion