I liked that article.
It was interesting to see the paths he chose and the progress
and partial results.
I also learned about new ways to use certain tools.
It all reminds a lot of Dan Kaminskys classic presentations
at DefCon where he found new and interesting places where
that could fit and what you could do with it.
When I clicked on Graynoise corporate website to read their
posts on it and it sounds pretty close to armageddon.
"
Something is happening, we think you need to be really scared.
The only thing that will help is to buy the services our startup
provides you"
>These events have stumped cybersecurity experts and now pose new, complex risks, demanding attention from security professionals worldwide. These persistent mysteries add new layers of complexity to the cybersecurity landscape, prompting security leaders to reevaluate their defenses and ensure they are equipped with the right tools for an ironclad security posture.
> China China
>Prioritize What Matters: With an overwhelming number of alerts, it’s critical to employ tools that cut through irrelevant noise and prioritize actionable threats.
Optimize Resource Efficiency: With security teams under immense pressure, solutions that reduce false positives can help optimize time and resources.
Be Proactive: Reactivity is no longer sufficient. Noise Storms demonstrate that security is about anticipating and mitigating risks before they cause disruption.
Use Actionable Intelligence: Sophisticated threats require real-time, actionable intelligence capable of detecting traffic anomalies like Noise Storms — and any black swan that may follow.
hi I'm the founder of GreyNoise. Not our intention at all to fearmonger on this. Buying our products doesn't do anything at all to "fix" or "solve" this phenomenon. We still haven't figured out the "why". That said, for better or worse GreyNoise is a venture-backed for-profit company that sells stuff to big corporate clients and our website is pretty geared towards doing that.
The intention of this post was to elicit responses from the community, just like yours. So, thanks for reading and thanks for the feedback.
EDIT: Shameless freemium plug: We give our product away for free at viz.greynoise.io
Well, we do have more than 700 servers pinging everything we can, but in a very respectful manner (https://ipinfo.io/blog/probe-network-how-we-make-sure-our-da...). There is no special packet type or anything; it is just pings. Our volume is much much lower. We avoid doing anything that could annoy anyone. We just take the RTT and triangulate the IP location.
Accuracy is difficult to measure, but ours is the best in the industry because we use active measurement. We verify our IP geolocation data with voluntary device location data backed by GPS coordinates, but putting a universal figure on the accuracy is quite difficult.
Based on the RTT to each IP address from a server, we essentially draw radii on the world map. Now, as we ping that IP address from other servers, we can draw more of these radii. From the overlapping areas between these server RTT radii, we can now estimate where the IP address could be. So, in general, areas where we have a high density of servers usually have the highest location granularity.
Now, with 720 servers, these overlapping areas get quite small and reach zip code level accuracy for wired IPv4 addresses. For data centers and larger offices, it goes to geographic coordinate levels sometimes. But for carrier IP IPv6 addresses, consistent city-level accuracy is what we usually aim for.
The data is continuously getting better as we add more probe servers. Currently, from public information, in terms of location diversity, our server network infrastructure is larger than Cloudflare's and any commercial VPN service out there. And we are looking for more servers to add (https://forms.gle/kNYr2MBL8zRPgNrJ8).
Really interesting puzzle. The author also has an update on the other packet types: https://darthnull.org/noise-storm-update/
I liked that article. It was interesting to see the paths he chose and the progress and partial results. I also learned about new ways to use certain tools.
It all reminds a lot of Dan Kaminskys classic presentations at DefCon where he found new and interesting places where that could fit and what you could do with it.
When I clicked on Graynoise corporate website to read their posts on it and it sounds pretty close to armageddon.
" Something is happening, we think you need to be really scared. The only thing that will help is to buy the services our startup provides you"
>These events have stumped cybersecurity experts and now pose new, complex risks, demanding attention from security professionals worldwide. These persistent mysteries add new layers of complexity to the cybersecurity landscape, prompting security leaders to reevaluate their defenses and ensure they are equipped with the right tools for an ironclad security posture.
> China China
>Prioritize What Matters: With an overwhelming number of alerts, it’s critical to employ tools that cut through irrelevant noise and prioritize actionable threats. Optimize Resource Efficiency: With security teams under immense pressure, solutions that reduce false positives can help optimize time and resources. Be Proactive: Reactivity is no longer sufficient. Noise Storms demonstrate that security is about anticipating and mitigating risks before they cause disruption. Use Actionable Intelligence: Sophisticated threats require real-time, actionable intelligence capable of detecting traffic anomalies like Noise Storms — and any black swan that may follow.
hi I'm the founder of GreyNoise. Not our intention at all to fearmonger on this. Buying our products doesn't do anything at all to "fix" or "solve" this phenomenon. We still haven't figured out the "why". That said, for better or worse GreyNoise is a venture-backed for-profit company that sells stuff to big corporate clients and our website is pretty geared towards doing that.
The intention of this post was to elicit responses from the community, just like yours. So, thanks for reading and thanks for the feedback.
EDIT: Shameless freemium plug: We give our product away for free at viz.greynoise.io
Smells like the kind of location triangulation that IPinfo.io has talked about engaging in.
Well, we do have more than 700 servers pinging everything we can, but in a very respectful manner (https://ipinfo.io/blog/probe-network-how-we-make-sure-our-da...). There is no special packet type or anything; it is just pings. Our volume is much much lower. We avoid doing anything that could annoy anyone. We just take the RTT and triangulate the IP location.
We also tag all our traffic with greynoise: https://viz.greynoise.io/query/actor:%22IPinfo.io%22
How accurately can you triangulate an IP?
Accuracy is difficult to measure, but ours is the best in the industry because we use active measurement. We verify our IP geolocation data with voluntary device location data backed by GPS coordinates, but putting a universal figure on the accuracy is quite difficult.
Based on the RTT to each IP address from a server, we essentially draw radii on the world map. Now, as we ping that IP address from other servers, we can draw more of these radii. From the overlapping areas between these server RTT radii, we can now estimate where the IP address could be. So, in general, areas where we have a high density of servers usually have the highest location granularity.
Now, with 720 servers, these overlapping areas get quite small and reach zip code level accuracy for wired IPv4 addresses. For data centers and larger offices, it goes to geographic coordinate levels sometimes. But for carrier IP IPv6 addresses, consistent city-level accuracy is what we usually aim for.
The data is continuously getting better as we add more probe servers. Currently, from public information, in terms of location diversity, our server network infrastructure is larger than Cloudflare's and any commercial VPN service out there. And we are looking for more servers to add (https://forms.gle/kNYr2MBL8zRPgNrJ8).
Using noise scanners explicitly as a data exfiltration mechanism is actually a genius idea!