Our Insight

Team Cymru monitors specific Internet critical infrastructure, providing the results in this section. This permits the viewer to determine the scope and duration of Internet-effecting outages, and the localized effect of such outages.

Many such monitoring projects use ICMP (ping), yet this isn't a great measure of performance. For this reason we also monitor connectivity to Internet critical infrastructure and between Team Cymru pods using both TCP and UDP.

The monitoring focuses on DNS and BGP, the two most critical services. The DNS monitoring includes both the DNS service as well as network connectivity to the given name server. The BGP monitoring is based on peering with over 100 BGP-speaking routers, providing us with a granular view of the internal routing tables.

We provide traffic statistics for a small subset of our Darknet pods. A Darknet is a powerful tool for situational awareness, and even these simple traffic statistics can provide early warning of network events. Our Internet Garbage Meter is an aggregate measure of the bits entering a very small subset our Darknets. Remember that any packet entering a Darknet is aberrant! Thus this graphic depicts the amount of unwanted traffic endured by all Internet-connected networks.

Machbot heatmap image

This map shows the geographic distribution of infected computers that form a Machbot botnet. It is in the form of a 'heatmap' meaning the white (hot) colors represent the highest concentration of infected machines and the blue (colder) color represents a lesser concentration of machines in that particular area. The distribution is particularly interesting for this botnet as there is an unusually high proportion of infected machines in Eastern Europe. We are working with law enforcement agencies around the world to identify and bring to justice those responsible for this botnet.
View a time-lapse movie of 11 days of this botnet's activity (128kB Quicktime movie download)