{"id":228,"date":"2015-04-08T13:33:58","date_gmt":"2015-04-08T13:33:58","guid":{"rendered":"http:\/\/blogs.kent.ac.uk\/unseenit\/?p=228"},"modified":"2015-04-08T14:50:26","modified_gmt":"2015-04-08T14:50:26","slug":"rpz-and-malware-domain-traffic","status":"publish","type":"post","link":"https:\/\/blogs.kent.ac.uk\/unseenit\/rpz-and-malware-domain-traffic\/","title":{"rendered":"RPZ and malware domain traffic"},"content":{"rendered":"

Response Policy Zones (RPZ) can be used not only to protect the University community from botnet command and control traffic<\/a>, but also connections to malware domains.<\/p>\n

If unprotected your computer could be at risk of such activities as phishing (where a fraudulent web site trick you into handing over your private details), downloading additional malware, malware infected adverts and the like.<\/p>\n

Below is a graph with the connections from individual IP addresses to these malware domains, with the botnet C&C traffic shown on the same timeline – this runs from Sept 2014 to mid March 2015. The botnet traffic is shown in blue and uses the y-axis on the right. The malware traffic is shown in orange and uses the y-axis on the left.<\/p>\n

 <\/p>\n

\"malwarerpz\"<\/a><\/p>\n

It is important to note that these are not a count of the infected devices on the network. Each user may have a number of different IP addresses during the day due to the way in which we manage the address space on the eduroam wireless.<\/p>\n

Whilst the graph shows a reduction in the numbers of malware, we have not yet been able to reduce it to the levels of botnet C&C traffic. This is something we hope to address as many of the people using these devices will become BYOD users of the future and connect their devices to other networks.<\/p>\n

Also of note is the increase in mid-late Jan 2015 which coincides with the start of term.<\/p>\n

It will be interesting to monitor these numbers and see what happens when the new academic year starts and approximately one third of our student cohort turns over.<\/p>\n","protected":false},"excerpt":{"rendered":"

Response Policy Zones (RPZ) can be used not only to protect the University community from botnet command and control traffic, but also connections to malware … Read more<\/a><\/p>\n","protected":false},"author":38488,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[122],"tags":[],"_links":{"self":[{"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/posts\/228"}],"collection":[{"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/users\/38488"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/comments?post=228"}],"version-history":[{"count":9,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/posts\/228\/revisions"}],"predecessor-version":[{"id":239,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/posts\/228\/revisions\/239"}],"wp:attachment":[{"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/media?parent=228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/categories?post=228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/tags?post=228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}