[rwth-security] Re: Benutzung von Nameservern

16 Oct 2021

      Am 15.10.21 um 10:55 schrieb Hinrikus Wolf:
...
kannst du das differenzieren wie viel von dem Traffic aus Eduroam und Wohnheimen kommt?
*DAS* sind Fragen, die man liebt!

Wohnheime: ==========

(  (proto UDP and port 53) and ) ) Top 10 Dst IP Addr ordered by flows: Date first seen          Duration Proto 2021-10-13 07:59:44.864 32705.063 any 2021-10-13 07:59:27.799 32722.152 any 2021-10-13 07:59:49.644 32700.189 any 2021-10-13 07:59:50.440 32699.112 any 2021-10-13 07:59:58.641 32691.299 any 2021-10-13 07:59:52.235 32697.664 any 2021-10-13 07:59:50.771 32698.115 any 2021-10-13 07:59:51.319 32698.118 any 2021-10-13 08:00:00.460 32689.220 any 2021-10-13 08:00:02.431 32684.439 any

Summary: total flows: 6347271, Time window: 2021-10-08 12:16:14

VPN & eduroam: ==============

(  (proto UDP and port 53) and ) ) Top 10 Dst IP Addr ordered by flows: Date first seen          Duration Proto 2021-10-13 07:59:50.632 32699.010 any 2021-10-13 07:59:51.885 32694.885 any 2021-10-13 07:59:58.268 32691.586 any 2021-10-13 07:59:52.947 32655.563 any 2021-10-13 07:59:52.959 32655.560 any 2021-10-13 08:01:28.296 29184.827 any 2021-10-13 08:21:21.771 31408.100 any 2021-10-13 08:03:45.357 29027.797 any 2021-10-13 08:00:44.932 32614.116 any 2021-10-13 07:59:54.217 32665.797 any

Summary: total flows: 288791, Time window: 2021-10-08 12:16:14

"RWTH" (ohne weitere spezielle Netze): ======================================

(proto UDP and port 53) and ) ) Top 10 Dst IP Addr ordered by flows: Date first seen          Duration Proto 2021-10-13 07:59:44.123 32705.825 any 2021-10-13 07:59:43.255 32706.695 any 2021-10-13 07:59:50.613 32699.301 any 2021-10-13 07:59:57.938 32692.003 any 2021-10-13 07:59:50.406 32699.349 any 2021-10-13 07:59:50.951 32698.913 any 2021-10-13 07:59:50.550 32699.204 any 2021-10-13 07:59:50.446 32699.430 any 2021-10-13 07:59:50.884 32698.813 any 2021-10-13 07:59:54.852 32694.543 any

Summary: total flows: 23435877, Time window: 2021-10-08 12:16:14

------------------------------

Ich habe denselben Zeitraum gewählt. Also: Wohnheime war ja klar, aber von den 8 MFlows gehen

So kann man kein "Enterprise

Gruß, Jens Hektor

(( src net 134.130.0.0/16 or src net 137.226.0.0/16 or src net 134.61.0.0/16 or src net 2a00:8a60::/32 ) Dst IP Addr    Flows(%)     Packets(%)       Bytes(%)         pps      bps   bpp 8.8.8.8    2.1 M(32.7)    2.3 M(32.8)  201.1 M(31.8)       68    49180    89 1.1.1.1    1.9 M(29.6)    2.2 M(31.7)  184.7 M(29.2)       66    45147    84 8.8.4.4   374420( 5.9)   385468( 5.6)   36.3 M( 5.7)       11     8876    94 216.239.36.10    47354( 0.7)    47360( 0.7)    4.9 M( 0.8)        1     1187   102 216.239.38.10    44092( 0.7)    44101( 0.6)    4.5 M( 0.7)        1     1099   101 95.100.173.129    34438( 0.5)    34447( 0.5)    3.9 M( 0.6)        1      962   114 193.108.88.128    32255( 0.5)    32256( 0.5)    3.6 M( 0.6)        0      889   112 1.0.0.1    25736( 0.4)    31709( 0.5)    2.7 M( 0.4)        0      653    84 216.239.32.10    21261( 0.3)    21263( 0.3)    2.2 M( 0.3)        0      535   102 65.55.117.41    17528( 0.3)    17529( 0.3)    2.0 M( 0.3)        0      490   114 total bytes: 631.5 M, total packets: 6.9 M, avg bps: 154347, avg pps: 209, avg bpp: 91 - 2021-10-13 17:04:59 (( src net 134.130.0.0/16 or src net 137.226.0.0/16 or src net 134.61.0.0/16 or src net 2a00:8a60::/32 ) Dst IP Addr    Flows(%)     Packets(%)       Bytes(%)         pps      bps   bpp 8.8.8.8   120983(41.9)   137584(42.6)   11.4 M(42.6)        4     2790    82 8.8.4.4    27157( 9.4)    27761( 8.6)    2.1 M( 8.0)        0      524    77 1.1.1.1    23664( 8.2)    25179( 7.8)    2.1 M( 7.9)        0      517    83 62.109.121.17    16369( 5.7)    16668( 5.2)    1.4 M( 5.2)        0      339    83 62.109.121.18    12095( 4.2)    12195( 3.8)    1.0 M( 3.8)        0      246    82 54.191.57.102     9119( 3.2)    11237( 3.5)   935443( 3.5)        0      256    83 114.114.114.114     7891( 2.7)     9430( 2.9)   776497( 2.9)        0      197    82 34.213.15.116     7668( 2.7)    10091( 3.1)   828394( 3.1)        0      228    82 208.67.222.222     7036( 2.4)     8241( 2.6)   679240( 2.5)        0      166    82 185.93.180.131     4448( 1.5)     5512( 1.7)   465563( 1.7)        0      114    84 total bytes: 26.8 M, total packets: 322903, avg bps: 6546, avg pps: 9, avg bpp: 82 - 2021-10-13 17:04:59 (( src net 134.130.0.0/16 or src net 137.226.0.0/16 or src net 134.61.0.0/16 or src net 2a00:8a60::/32 ) Dst IP Addr    Flows(%)     Packets(%)       Bytes(%)         pps      bps   bpp 8.8.8.8    6.6 M(28.0)    6.9 M(28.7)  481.3 M(11.9)      210   117729    69 54.194.223.253    3.1 M(13.2)    3.2 M(13.2)  585.0 M(14.5)       96   143093   185 54.170.50.200    1.4 M( 5.9)    1.4 M( 5.9)  260.5 M( 6.5)       43    63732   183 8.8.4.4   524439( 2.2)   529322( 2.2)   36.9 M( 0.9)       16     9031    69 95.100.173.129   351942( 1.5)   352659( 1.5)   38.6 M( 1.0)       10     9451   109 65.55.117.41   232569( 1.0)   232947( 1.0)   25.3 M( 0.6)        7     6199   108 193.108.88.128   224874( 1.0)   225281( 0.9)   24.8 M( 0.6)        6     6069   110 18.194.2.137   133669( 0.6)   133796( 0.6)   12.7 M( 0.3)        4     3105    94 13.107.222.240   131352( 0.6)   131570( 0.5)   14.2 M( 0.4)        4     3465   107 88.221.81.192   116718( 0.5)   117541( 0.5)   11.2 M( 0.3)        3     2746    95 total bytes: 4.0 G, total packets: 24.0 M, avg bps: 985030, avg pps: 732, avg bpp: 168 - 2021-10-13 17:04:59 eduroam können wir bei knapp 9M Flows vergessen, gehen fast 7 an die RWTH. Netz" betreiben.