An Analysis of Internet Background Radiation within an African IPv4 netblock
- Authors: Hendricks, Wadeegh
- Date: 2020
- Subjects: Computer networks -- Monitoring –- South Africa , Dark Web , Computer networks -- Security measures –- South Africa , Universities and Colleges -- Computer networks -- Security measures , Malware (Computer software) , TCP/IP (Computer network protocol)
- Language: English
- Type: text , Thesis , Masters , MSc
- Identifier: http://hdl.handle.net/10962/103791 , vital:32298
- Description: The use of passive network sensors has in the past proven to be quite effective in monitoring and analysing the current state of traffic on a network. Internet traffic destined to a routable, yet unused address block is often referred to as Internet Background Radiation (IBR) and characterised as unsolicited. This unsolicited traffic is however quite valuable to researchers in that it allows them to study the traffic patterns in a covert manner. IBR is largely composed of network and port scanning traffic, backscatter packets from virus and malware activity and to a lesser extent, misconfiguration of network devices. This research answers the following two questions: (1) What is the current state of IBR within the context of a South African IP address space and (2) Can any anomalies be detected in the traffic, with specific reference to current global malware attacks such as Mirai and similar. Rhodes University operates five IPv4 passive network sensors, commonly known as network telescopes, each monitoring its own /24 IP address block. The oldest of these network telescopes has been collecting traffic for over a decade, with the newest being established in 2011. This research focuses on the in-depth analysis of the traffic captured by one telescope in the 155/8 range over a 12 month period, from January to December 2017. The traffic was analysed and classified according the protocol, TCP flag, source IP address, destination port, packet count and payload size. Apart from the normal network traffic graphs and tables, a geographic heatmap of source traffic was also created, based on the source IP address. Spikes and noticeable variances in traffic patterns were further investigated and evidence of Mirai like malware activity was observed. Network and port scanning were found to comprise the largest amount of traffic, accounting for over 90% of the total IBR. Various scanning techniques were identified, including low level passive scanning and much higher level active scanning.
- Full Text:
- Date Issued: 2020
- Authors: Hendricks, Wadeegh
- Date: 2020
- Subjects: Computer networks -- Monitoring –- South Africa , Dark Web , Computer networks -- Security measures –- South Africa , Universities and Colleges -- Computer networks -- Security measures , Malware (Computer software) , TCP/IP (Computer network protocol)
- Language: English
- Type: text , Thesis , Masters , MSc
- Identifier: http://hdl.handle.net/10962/103791 , vital:32298
- Description: The use of passive network sensors has in the past proven to be quite effective in monitoring and analysing the current state of traffic on a network. Internet traffic destined to a routable, yet unused address block is often referred to as Internet Background Radiation (IBR) and characterised as unsolicited. This unsolicited traffic is however quite valuable to researchers in that it allows them to study the traffic patterns in a covert manner. IBR is largely composed of network and port scanning traffic, backscatter packets from virus and malware activity and to a lesser extent, misconfiguration of network devices. This research answers the following two questions: (1) What is the current state of IBR within the context of a South African IP address space and (2) Can any anomalies be detected in the traffic, with specific reference to current global malware attacks such as Mirai and similar. Rhodes University operates five IPv4 passive network sensors, commonly known as network telescopes, each monitoring its own /24 IP address block. The oldest of these network telescopes has been collecting traffic for over a decade, with the newest being established in 2011. This research focuses on the in-depth analysis of the traffic captured by one telescope in the 155/8 range over a 12 month period, from January to December 2017. The traffic was analysed and classified according the protocol, TCP flag, source IP address, destination port, packet count and payload size. Apart from the normal network traffic graphs and tables, a geographic heatmap of source traffic was also created, based on the source IP address. Spikes and noticeable variances in traffic patterns were further investigated and evidence of Mirai like malware activity was observed. Network and port scanning were found to comprise the largest amount of traffic, accounting for over 90% of the total IBR. Various scanning techniques were identified, including low level passive scanning and much higher level active scanning.
- Full Text:
- Date Issued: 2020
Understanding a West African recreational fishery as a complex social-ecological system – a case study of the fishery for giant African threadfin Polydactylus quadrifilis (Cuvier, 1829) in the Kwanza Estuary, Angola
- Authors: Butler, Edward C
- Date: 2020
- Subjects: Cuanza River (Angola) , Fishing -- Angola , Polynemidae , Fishes -- Angola -- Ecology
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/146688 , vital:38548
- Description: Despite increasing global recognition of the importance of recreational fisheries, their management largely remains poor. This is because they exhibit unique human-nature relationships and are nested within complex social-ecological systems (SESs). Recreational fisheries in the developing world have large potential for socio-economic development, but are generally underappreciated, in terms of their value and their impact, and are poorly governed. This is particularly concerning as they are highly complex and often compete for resources with dependent artisanal and subsistence fisheries. Developing world recreational fishery SESs are not well understood and present an important research gap for improved governance. The general aim of this thesis was to explore the recreational fishery targeting Polydactylus quadrifilis on the Kwanza Estuary, Angola, and provide context for how managers should approach recreational fisheries in the developing world and in Africa. To do this, the recreational fishery SES was explored using a combination of methodologies including those characteristic of traditional fisheries science, and new methods involving biology, sociology, and economics. The thesis contains an introductory chapter, a chapter describing the background, study area and study species, five data chapters and a discussion chapter. Chapter 3 aimed to investigate the reproductive style of P. quadrifilis. Results identified the species as a protandrous hermaphrodite. Evidence to suggest this included degenerating testicular tissue and the presence of early developing ovarian tissues in transitional individuals. Early-stage oocytes were commonly found in the outer area of male regions and residual late-stage spermatids and spermatozoa were found in the luminal space of ovarian regions, suggesting a process of sex change from the outside inwards. Owing to the species’ reliance on large highly fecund females for reproduction, it is likely that P. quadrifilis will be sensitive to fisheries that target larger individuals, such as trophy recreational fisheries and line fisheries within other sectors. Chapter 4 aimed to investigate alternative methods for adequately describing the growth of P. quadrifilis individuals belonging to either one of two distinct hypothetical life-history pathways: pathway I (‘changers’) – initial maturation as a primary male followed by a sex change to female; pathway II (‘non-changers’) – initial maturation as a male fish with no subsequent sex change, using von Bertalanffy Growth Functions (VBGFs). Other specific objectives included determining the size- and age-at-maturity and size- and age-at-sex-change for P. quadrifilis. Otolith aging revealed rapid growth and early maturation (L50 = 399.2 mm FL, A50 = 1.50 years) and sex change occurred over a wide size (790–1125 mm FL) and age (3–8 years) range. There was strong evidence for partial protandry in P. quadrifilis with several extremely old male fish (up to 22 years) observed in the population. When compared to the conventional model produced for the entire population, there were significant differences in the models for the ‘non-changers’ (LRT, p < 0.01) and their parameters L∞ (full model = 130.8, ‘non-changers’ = 113.3, p < 0.01), k (0.32, 0.44, p < 0.01) and t0 (0.23, 0.43, p = 0.03) in the first approach and the models (LRT, p < 0.01) and their L∞ (‘changers’ = 113.7, p < 0.01) values in the second approach. This suggests that utilising conventional modelling techniques may be inappropriate for the stock assessment and management of P. quadrifilis and, potentially, other sequentially hermaphroditic fishery species. Chapter 5 aimed to assess the sensitivity of P. quadrifilis to recreational C&R within the foreign recreational fishery using a rapid assessment approach. To do this, a number of C&R variables including fight time, air exposure, hook placement, hooking injury, total time of the stress event, river depth and angling method were measured and related to two indicators of fish health and survival – the physiological stress indicators blood glucose and blood lactate concentration and reflex action mortality predictors (RAMPs). Air exposure was identified as a major contributor to motor impairment (Cumulative Link Model: p < 0.01) and fight time was an important contributor to motor impairment via its interaction with air exposure (Cumulative Link Model: p = 0.02). Handling practices appear to be particularly important for larger individuals as fish size was positively correlated with air exposure (Pearson’s r coefficient = 0.41, p < 0.01) and fight times (0.88, p < 0.01). The findings suggest that recreational C&R may result in mortalities directly, via C&R, and indirectly, via predation, and several recommendations were made for best practice. Chapter 6 aimed to assess the direct economic contribution of the recreational fishery for Polydactylus quadrifilis on the Kwanza Estuary. Results indicated that the recreational fishery for contributed significantly to the economy of an area that would otherwise likely receive little external input ($282 054 per four-month fishing season). However, high rates of economic leakage from the study area were identified (58.7%–92.9% of locally spent revenue) and were attributed to the sourcing of lodge supplies, services and staff outside of the local area and the repatriation of profit by foreign business owners. Capacity building within the local community is likely required to develop ‘linkages’ between the local community and the recreational fishery. Greater community involvement in the fishery is suggested to incentivise the protection of recreationally important fishery species and their associated ecosystems. Chapter 7 aimed to investigate the resource user groups involved within the SES. Results illustrated that artisanal and domestic recreational anglers are well-established and are characterised by long histories of participation. The artisanal fishery was highly valued as a source of livelihoods for the local community. Artisanal fishers were eager for involvement in the recreational sector, through the chartering of their vessels, due to the attractiveness of extra earnings. Both recreational and artisanal fishers reported recent decreases in P. quadrifilis catch and anticipated further declines. Domestic recreational anglers appeared to be highly consumptive in their use of the fishery and C&R angling was uncommon. User conflict may be problematic for future management as recreational anglers perceived the artisanal gill-net fishery to be a threat towards P. quadrifilis stocks. In conclusion, the open-access nature of the fishery was identified as the most pertinent threat to its sustainability and likely needs to be addressed. Potential solutions involve offering users the opportunity to purchase access rights (e.g. day permits), thus initiating the concept that users must pay for their use of public resources. Management should aim to protect large female fish due to their increased reproductive value and worth as trophy fish. Thus, C&R angling is likely to be an important interaction between users and the resource. However, angler behaviour will need to be manipulated to promote C&R and minimise C&R-related mortalities. Solutions include angler educational drives and interventions and the implementation of competitive C&R-only angling. Foreign recreational fisheries, although touted as potential ecotourism ventures, will only succeed in improving the lives of local people if they fully integrate the community into the operation of the fishery.
- Full Text:
- Date Issued: 2020
- Authors: Butler, Edward C
- Date: 2020
- Subjects: Cuanza River (Angola) , Fishing -- Angola , Polynemidae , Fishes -- Angola -- Ecology
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/146688 , vital:38548
- Description: Despite increasing global recognition of the importance of recreational fisheries, their management largely remains poor. This is because they exhibit unique human-nature relationships and are nested within complex social-ecological systems (SESs). Recreational fisheries in the developing world have large potential for socio-economic development, but are generally underappreciated, in terms of their value and their impact, and are poorly governed. This is particularly concerning as they are highly complex and often compete for resources with dependent artisanal and subsistence fisheries. Developing world recreational fishery SESs are not well understood and present an important research gap for improved governance. The general aim of this thesis was to explore the recreational fishery targeting Polydactylus quadrifilis on the Kwanza Estuary, Angola, and provide context for how managers should approach recreational fisheries in the developing world and in Africa. To do this, the recreational fishery SES was explored using a combination of methodologies including those characteristic of traditional fisheries science, and new methods involving biology, sociology, and economics. The thesis contains an introductory chapter, a chapter describing the background, study area and study species, five data chapters and a discussion chapter. Chapter 3 aimed to investigate the reproductive style of P. quadrifilis. Results identified the species as a protandrous hermaphrodite. Evidence to suggest this included degenerating testicular tissue and the presence of early developing ovarian tissues in transitional individuals. Early-stage oocytes were commonly found in the outer area of male regions and residual late-stage spermatids and spermatozoa were found in the luminal space of ovarian regions, suggesting a process of sex change from the outside inwards. Owing to the species’ reliance on large highly fecund females for reproduction, it is likely that P. quadrifilis will be sensitive to fisheries that target larger individuals, such as trophy recreational fisheries and line fisheries within other sectors. Chapter 4 aimed to investigate alternative methods for adequately describing the growth of P. quadrifilis individuals belonging to either one of two distinct hypothetical life-history pathways: pathway I (‘changers’) – initial maturation as a primary male followed by a sex change to female; pathway II (‘non-changers’) – initial maturation as a male fish with no subsequent sex change, using von Bertalanffy Growth Functions (VBGFs). Other specific objectives included determining the size- and age-at-maturity and size- and age-at-sex-change for P. quadrifilis. Otolith aging revealed rapid growth and early maturation (L50 = 399.2 mm FL, A50 = 1.50 years) and sex change occurred over a wide size (790–1125 mm FL) and age (3–8 years) range. There was strong evidence for partial protandry in P. quadrifilis with several extremely old male fish (up to 22 years) observed in the population. When compared to the conventional model produced for the entire population, there were significant differences in the models for the ‘non-changers’ (LRT, p < 0.01) and their parameters L∞ (full model = 130.8, ‘non-changers’ = 113.3, p < 0.01), k (0.32, 0.44, p < 0.01) and t0 (0.23, 0.43, p = 0.03) in the first approach and the models (LRT, p < 0.01) and their L∞ (‘changers’ = 113.7, p < 0.01) values in the second approach. This suggests that utilising conventional modelling techniques may be inappropriate for the stock assessment and management of P. quadrifilis and, potentially, other sequentially hermaphroditic fishery species. Chapter 5 aimed to assess the sensitivity of P. quadrifilis to recreational C&R within the foreign recreational fishery using a rapid assessment approach. To do this, a number of C&R variables including fight time, air exposure, hook placement, hooking injury, total time of the stress event, river depth and angling method were measured and related to two indicators of fish health and survival – the physiological stress indicators blood glucose and blood lactate concentration and reflex action mortality predictors (RAMPs). Air exposure was identified as a major contributor to motor impairment (Cumulative Link Model: p < 0.01) and fight time was an important contributor to motor impairment via its interaction with air exposure (Cumulative Link Model: p = 0.02). Handling practices appear to be particularly important for larger individuals as fish size was positively correlated with air exposure (Pearson’s r coefficient = 0.41, p < 0.01) and fight times (0.88, p < 0.01). The findings suggest that recreational C&R may result in mortalities directly, via C&R, and indirectly, via predation, and several recommendations were made for best practice. Chapter 6 aimed to assess the direct economic contribution of the recreational fishery for Polydactylus quadrifilis on the Kwanza Estuary. Results indicated that the recreational fishery for contributed significantly to the economy of an area that would otherwise likely receive little external input ($282 054 per four-month fishing season). However, high rates of economic leakage from the study area were identified (58.7%–92.9% of locally spent revenue) and were attributed to the sourcing of lodge supplies, services and staff outside of the local area and the repatriation of profit by foreign business owners. Capacity building within the local community is likely required to develop ‘linkages’ between the local community and the recreational fishery. Greater community involvement in the fishery is suggested to incentivise the protection of recreationally important fishery species and their associated ecosystems. Chapter 7 aimed to investigate the resource user groups involved within the SES. Results illustrated that artisanal and domestic recreational anglers are well-established and are characterised by long histories of participation. The artisanal fishery was highly valued as a source of livelihoods for the local community. Artisanal fishers were eager for involvement in the recreational sector, through the chartering of their vessels, due to the attractiveness of extra earnings. Both recreational and artisanal fishers reported recent decreases in P. quadrifilis catch and anticipated further declines. Domestic recreational anglers appeared to be highly consumptive in their use of the fishery and C&R angling was uncommon. User conflict may be problematic for future management as recreational anglers perceived the artisanal gill-net fishery to be a threat towards P. quadrifilis stocks. In conclusion, the open-access nature of the fishery was identified as the most pertinent threat to its sustainability and likely needs to be addressed. Potential solutions involve offering users the opportunity to purchase access rights (e.g. day permits), thus initiating the concept that users must pay for their use of public resources. Management should aim to protect large female fish due to their increased reproductive value and worth as trophy fish. Thus, C&R angling is likely to be an important interaction between users and the resource. However, angler behaviour will need to be manipulated to promote C&R and minimise C&R-related mortalities. Solutions include angler educational drives and interventions and the implementation of competitive C&R-only angling. Foreign recreational fisheries, although touted as potential ecotourism ventures, will only succeed in improving the lives of local people if they fully integrate the community into the operation of the fishery.
- Full Text:
- Date Issued: 2020
An exploration of the overlap between open source threat intelligence and active internet background radiation
- Authors: Pearson, Deon Turner
- Date: 2020
- Subjects: Computer networks -- Security measures , Computer networks -- Monitoring , Malware (Computer software) , TCP/IP (Computer network protocol) , Open source intelligence
- Language: English
- Type: text , Thesis , Masters , MSc
- Identifier: http://hdl.handle.net/10962/103802 , vital:32299
- Description: Organisations and individuals are facing increasing persistent threats on the Internet from worms, port scanners, and malicious software (malware). These threats are constantly evolving as attack techniques are discovered. To aid in the detection and prevention of such threats, and to stay ahead of the adversaries conducting the attacks, security specialists are utilising Threat Intelligence (TI) data in their defense strategies. TI data can be obtained from a variety of different sources such as private routers, firewall logs, public archives, and public or private network telescopes. However, at the rate and ease at which TI is produced and published, specifically Open Source Threat Intelligence (OSINT), the quality is dropping, resulting in fragmented, context-less and variable data. This research utilised two sets of TI data, a collection of OSINT and active Internet Background Radiation (IBR). The data was collected over a period of 12 months, from 37 publicly available OSINT datasets and five IBR datasets. Through the identification and analysis of common data between the OSINT and IBR datasets, this research was able to gain insight into how effective OSINT is at detecting and potentially reducing ongoing malicious Internet traffic. As part of this research, a minimal framework for the collection, processing/analysis, and distribution of OSINT was developed and tested. The research focused on exploring areas in common between the two datasets, with the intention of creating an enriched, contextualised, and reduced set of malicious source IP addresses that could be published for consumers to use in their own environment. The findings of this research pointed towards a persistent group of IP addresses observed on both datasets, over the period under research. Using these persistent IP addresses, the research was able to identify specific services being targeted. Amongst these persistent IP addresses were significant packets from Mirai like IoT Malware on port 23/tcp and 2323/tcp as well as general scanning activity on port 445/TCP.
- Full Text:
- Date Issued: 2020
- Authors: Pearson, Deon Turner
- Date: 2020
- Subjects: Computer networks -- Security measures , Computer networks -- Monitoring , Malware (Computer software) , TCP/IP (Computer network protocol) , Open source intelligence
- Language: English
- Type: text , Thesis , Masters , MSc
- Identifier: http://hdl.handle.net/10962/103802 , vital:32299
- Description: Organisations and individuals are facing increasing persistent threats on the Internet from worms, port scanners, and malicious software (malware). These threats are constantly evolving as attack techniques are discovered. To aid in the detection and prevention of such threats, and to stay ahead of the adversaries conducting the attacks, security specialists are utilising Threat Intelligence (TI) data in their defense strategies. TI data can be obtained from a variety of different sources such as private routers, firewall logs, public archives, and public or private network telescopes. However, at the rate and ease at which TI is produced and published, specifically Open Source Threat Intelligence (OSINT), the quality is dropping, resulting in fragmented, context-less and variable data. This research utilised two sets of TI data, a collection of OSINT and active Internet Background Radiation (IBR). The data was collected over a period of 12 months, from 37 publicly available OSINT datasets and five IBR datasets. Through the identification and analysis of common data between the OSINT and IBR datasets, this research was able to gain insight into how effective OSINT is at detecting and potentially reducing ongoing malicious Internet traffic. As part of this research, a minimal framework for the collection, processing/analysis, and distribution of OSINT was developed and tested. The research focused on exploring areas in common between the two datasets, with the intention of creating an enriched, contextualised, and reduced set of malicious source IP addresses that could be published for consumers to use in their own environment. The findings of this research pointed towards a persistent group of IP addresses observed on both datasets, over the period under research. Using these persistent IP addresses, the research was able to identify specific services being targeted. Amongst these persistent IP addresses were significant packets from Mirai like IoT Malware on port 23/tcp and 2323/tcp as well as general scanning activity on port 445/TCP.
- Full Text:
- Date Issued: 2020
- «
- ‹
- 1
- ›
- »