r-blog-projects
/
cran-mirror-security
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Exploring CRAN claims of the "security" of CRAN mirrors
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
3.7 MiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
cran-mirror-security/orly.md

1025 lines
34 KiB
Raw Permalink Normal View History

nearly-done
5 years ago
---
title: "CRAN HTTPS Mirrors"
author: ""
date: ""
output:
html_document:
df_print: kable
keep_md: true
theme: simplex
highlight: monochrome
---
```r
library(xml2)
library(httr)
library(curl)
library(stringi)
library(urltools)
library(ipinfo)
library(openssl)
library(furrr)
library(vershist) # install.packages("vershist", repos = "https://cinc.rud.is/")
library(ggalt)
library(ggbeeswarm)
library(hrbrthemes)
library(tidyverse)
```
## Collect CRAN mirrors' metadata
```r
if (!file.exists(here::here("data/mir-dat.rds"))) {
forblog
5 years ago
mdoc <- xml2::read_xml(here::here("data/mirrors.html"), as_html = TRUE)
nearly-done
5 years ago
xml_find_all(mdoc, ".//td/a[contains(@href, 'https')]") %>%
xml_attr("href") %>%
unique() -> ssl_mirrors
plan(multiprocess)
dl_cert <- possibly(openssl::download_ssl_cert, NULL)
HEAD_ <- possibly(httr::HEAD, NULL)
dig <- possibly(curl::nslookup, NULL)
query_ip_ <- possibly(ipinfo::query_ip, NULL)
ssl_mirrors %>%
future_map(~{
host <- domain(.x)
ip <- dig(host, TRUE)
ip_info <- if (length(ip)) query_ip_(ip) else NULL
list(
host = host,
cert = dl_cert(host),
head = HEAD_(.x),
ip = ip,
ip_info = ip_info
)
}) -> mir_dat
saveRDS(mir_dat, here::here("data/mir-dat.rds"))
} else {
mir_dat <- readRDS(here::here("data/mir-dat.rds"))
}
str(mir_dat[1], 3)
```
```
## List of 1
## $ :List of 5
## ..$ host : chr "cloud.r-project.org"
## ..$ cert :List of 4
## .. ..$ :List of 8
## .. ..$ :List of 8
## .. ..$ :List of 8
## .. ..$ :List of 8
## ..$ head :List of 10
## .. ..$ url : chr "https://cloud.r-project.org/"
## .. ..$ status_code: int 200
## .. ..$ headers :List of 13
## .. .. ..- attr(*, "class")= chr [1:2] "insensitive" "list"
## .. ..$ all_headers:List of 1
## .. ..$ cookies :'data.frame': 0 obs. of 7 variables:
## .. ..$ content : raw(0)
## .. ..$ date : POSIXct[1:1], format: "2018-11-29 09:41:27"
## .. ..$ times : Named num [1:6] 0 0.0507 0.0512 0.0666 0.0796 ...
## .. .. ..- attr(*, "names")= chr [1:6] "redirect" "namelookup" "connect" "pretransfer" ...
## .. ..$ request :List of 7
## .. .. ..- attr(*, "class")= chr "request"
## .. ..$ handle :Class 'curl_handle' <externalptr>
## .. ..- attr(*, "class")= chr "response"
## ..$ ip : chr "52.85.89.62"
## ..$ ip_info:List of 8
## .. ..$ ip : chr "52.85.89.62"
## .. ..$ hostname: chr "server-52-85-89-62.jfk6.r.cloudfront.net"
## .. ..$ city : chr "Seattle"
## .. ..$ region : chr "Washington"
## .. ..$ country : chr "US"
## .. ..$ loc : chr "47.6348,-122.3450"
## .. ..$ postal : chr "98109"
## .. ..$ org : chr "AS16509 Amazon.com, Inc."
```
Gratuitous map of CRAN mirror locations
```r
maps::map("world", ".", exact = FALSE, plot = FALSE, fill = TRUE) %>%
fortify() %>%
filter(region != "Antarctica") -> world
map_chr(mir_dat, ~.x$ip_info$loc) %>%
stri_split_fixed(pattern = ",", n = 2, simplify = TRUE) %>%
as.data.frame(stringsAsFactors = FALSE) %>%
as_tibble() %>%
mutate_all(list(as.numeric)) -> wheres_cran
```
```r
ggplot() +
ggalt::geom_cartogram(
data = world, map = world, aes(long, lat, map_id=region),
color = ft_cols$gray, size = 0.125
) +
geom_point(
data = wheres_cran, aes(V2, V1), size = 2,
color = ft_cols$slate, fill = alpha(ft_cols$yellow, 3/4), shape = 21
) +
ggalt::coord_proj("+proj=wintri") +
labs(
x = NULL, y = NULL,
title = "Geolocation of HTTPS-'enabled' CRAN Mirrors"
) +
theme_ft_rc(grid="") +
theme(axis.text = element_blank())
```
<img src="orly_files/figure-html/cran-map-1.png" width="960" />
## Look at certificate info
```r
map_df(mir_dat, ~{
tibble(
host = .x$host,
s_issuer = .x$cert[[1]]$issuer %||% NA_character_,
i_issuer = .x$cert[[2]]$issuer %||% NA_character_,
algo = .x$cert[[1]]$algorithm %||% NA_character_,
names = .x$cert[[1]]$alt_names %||% NA_character_,
nm_ct = length(.x$cert[[1]]$alt_names),
key_size = .x$cert[[1]]$pubkey$size %||% NA_integer_
)
}) -> certs
```
### How many either blocked the connection or don't exist
```r
certs[!complete.cases(certs),]
```
<div class="kable-table">
host s_issuer i_issuer algo names nm_ct key_size
------------------- --------- --------- ----- ------ ------ ---------
mirrors.shu.edu.cn NA NA NA NA 0 NA
ftp.heanet.ie NA NA NA NA 0 NA
</div>
```r
certs <- filter(certs, complete.cases(certs))
```
### How many domains do these certs serve?
```r
count(certs, host, sort=TRUE) %>%
ggplot() +
geom_quasirandom(
aes("", n), size = 2,
color = ft_cols$slate, fill = alpha(ft_cols$yellow, 3/4), shape = 21
) +
scale_y_comma() +
labs(
x = NULL, y = "# Servers",
title = "Distribution of the number of alt-names in CRAN mirror certificates"
) +
theme_ft_rc(grid="Y")
```
<img src="orly_files/figure-html/alt-names-ct-1.png" width="768" />
Take a look at some of them
```r
filter(certs, host == "cran.cnr.berkeley.edu") %>%
select(names) %>%
head(20)
```
<div class="kable-table">
|names |
|:------------------------------|
|nature.berkeley.edu |
|ag-labor.cnr.berkeley.edu |
|agro-laboral.cnr.berkeley.edu |
|agroecology.berkeley.edu |
|anthoff.erg.berkeley.edu |
|are-dev.cnr.berkeley.edu |
|are-prod.cnr.berkeley.edu |
|are-qa.cnr.berkeley.edu |
|are.berkeley.edu |
|arebeta.berkeley.edu |
|areweb.berkeley.edu |
|atkins-dev.cnr.berkeley.edu |
|atkins-prod.cnr.berkeley.edu |
|atkins-qa.cnr.berkeley.edu |
|atkins.berkeley.edu |
|bakerlab-dev.cnr.berkeley.edu |
|bakerlab-prod.cnr.berkeley.edu |
|bakerlab-qa.cnr.berkeley.edu |
|bamg.cnr.berkeley.edu |
|beahrselp-dev.cnr.berkeley.edu |
</div>
```r
filter(certs, host == "cran.rapporter.net") %>%
select(names) %>%
head(20)
```
<div class="kable-table">
|names |
|:---------------------------------|
|sni45256.cloudflaressl.com |
|*.aplusacademicresources.org |
|*.bjjandfitness.com |
|*.bytheyard.com |
|*.ces-nc.com |
|*.ddgalesinc.com |
|*.doa-ncgov.com |
|*.emmabhairextensions.com |
|*.enovateih.com |
|*.enuerto.media |
|*.erp-mc.com |
|*.gaylejohnsonmassage.com |
|*.gobl.eu |
|*.greaterny-realestate.com |
|*.guidinglightseniorresources.com |
|*.hightech-store.net |
|*.holandacontabil.com.br |
|*.iabg-consulting.com |
|*.iltempiodellenergiafemminile.eu |
|*.jnt-woodworks.com |
</div>
```r
filter(certs, host == "cran-r.c3sl.ufpr.br") %>%
select(names) %>%
head(20)
```
<div class="kable-table">
|names |
|:--------------------------------|
|alpinelinux.c3sl.ufpr.br |
|aptosid.c3sl.ufpr.br |
|archlinux.c3sl.ufpr.br |
|biglinux.c3sl.ufpr.br |
|chakra.c3sl.ufpr.br |
|clamavdb.c3sl.ufpr.br |
|cran-r.c3sl.ufpr.br |
|dadosabertos.c3sl.ufpr.br |
|debian.c3sl.ufpr.br |
|demoiselle.c3sl.ufpr.br |
|devuan.c3sl.ufpr.br |
|eclipse.c3sl.ufpr.br |
|f123.c3sl.ufpr.br |
|fedora-alt.c3sl.ufpr.br |
|fedora.c3sl.ufpr.br |
|gentoo.c3sl.ufpr.br |
|gnu.c3sl.ufpr.br |
|grml.c3sl.ufpr.br |
|kde-applicationdata.c3sl.ufpr.br |
|kde.c3sl.ufpr.br |
</div>
```r
filter(certs, host == "fourdots.com") %>%
select(names) %>%
head(20)
```
<div class="kable-table">
|names |
|:---------------------------|
|ssl390890.cloudflaressl.com |
|*.alghuraircentre.com |
|*.cachealumni.org.uk |
|*.chla.com |
|*.djborhan.com |
|*.easypay.am |
|*.fourdots.com |
|*.isteadrise.org.uk |
|*.japand.biz |
|*.lunaimani.com |
|*.qualhub.co.uk |
|*.qvest.io |
|*.samuelbernstein.com |
|*.soulsplit.net |
|*.southbeachavenue.com |
|*.urbanbellemag.com |
|alghuraircentre.com |
|cachealumni.org.uk |
|chla.com |
|djborhan.com |
</div>
### Certificate algo/key
```r
distinct(certs, host, algo, key_size) %>%
count(algo, key_size, sort=TRUE)
```
<div class="kable-table">
forblog
5 years ago
|algo | key_size| n|
|------------------------|--------:|-:|
|sha256WithRSAEncryption | 2048|59|
|sha256WithRSAEncryption | 4096|13|
|ecdsa-with-SHA256 | 256| 2|
|sha256WithRSAEncryption | 256| 1|
|sha256WithRSAEncryption | 384| 1|
|sha512WithRSAEncryption | 2048| 1|
|sha512WithRSAEncryption | 4096| 1|
nearly-done
5 years ago
</div>
### Certificate issuers
```r
distinct(certs, host, i_issuer) %>%
count(i_issuer, sort = TRUE) %>%
head(28)
```
<div class="kable-table">
forblog
5 years ago
|i_issuer | n|
|:----------------------------------------------------------------------------------------------------------------------|--:|
|CN=DST Root CA X3,O=Digital Signature Trust Co. | 20|
|CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB | 7|
|CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US | 7|
|CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US | 6|
|CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US | 6|
|CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM | 5|
|CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US | 5|
|CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE | 4|
|CN=Trusted Root CA SHA256 G2,O=GlobalSign nv-sa,OU=Trusted Root,C=BE | 3|
|CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB | 2|
|CN=DFN-Verein PCA Global - G01,OU=DFN-PKI,O=DFN-Verein,C=DE | 2|
|OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP | 2|
|CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE | 1|
|CN=Amazon Root CA 1,O=Amazon,C=US | 1|
|CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE | 1|
|CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL | 1|
|CN=DFN-Verein Certification Authority 2,OU=DFN-PKI,O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.,C=DE | 1|
|CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US | 1|
|CN=InCommon RSA Server CA,OU=InCommon,O=Internet2,L=Ann Arbor,ST=MI,C=US | 1|
|CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM | 1|
|CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM | 1|
nearly-done
5 years ago
</div>
## Interactive SSL tests
Using [`testssl.sh`](https://github.com/drwetter/testssl.sh).
```r
list.files(here::here("data/ssl"), "json$", full.names = TRUE) %>%
map_df(jsonlite::fromJSON) %>%
as_tibble() -> ssl_tests
sev <- c("OK", "LOW", "MEDIUM", "HIGH", "WARN", "CRITICAL")
```
```r
filter(ssl_tests, severity %in% sev) %>%
group_by(ip) %>%
count(severity) %>%
ungroup() %>%
complete(ip = unique(ip), severity = sev) %>%
mutate(severity = factor(severity, levels = sev)) %>%
arrange(ip) %>%
mutate(ip = factor(ip, levels = rev(unique(ip)))) %>%
ggplot(aes(severity, ip, fill=n)) +
geom_tile(color = "#b2b2b2", size = 0.125) +
scale_x_discrete(name = NULL, expand = c(0,0.1), position = "top") +
scale_y_discrete(name = NULL, expand = c(0,0)) +
viridis::scale_fill_viridis(
name = "# Tests", option = "cividis", na.value = ft_cols$gray
) +
labs(
title = "CRAN Mirror SSL Test Summary Findings by Severity"
) +
theme_ft_rc(grid="") +
theme(axis.text.y = element_text(size = 8, family = "mono")) -> gg
# We're going to move the title vs have too wide of a plot
gb <- ggplot2::ggplotGrob(gg)
gb$layout$l[gb$layout$name %in% "title"] <- 2
grid::grid.newpage()
grid::grid.draw(gb)
```
<img src="orly_files/figure-html/testssl-1.png" width="768" />
## Web server headers
```r
map_df(mir_dat, ~{
if (length(.x$head$headers) == 0) return(NULL)
host <- .x$host
flatten_df(.x$head$headers) %>%
gather(name, value) %>%
mutate(host = host)
}) -> hdrs
count(hdrs, name, sort=TRUE) %>%
head(nrow(.))
```
<div class="kable-table">
forblog
5 years ago
|name | n|
|:-------------------------|--:|
|content-type | 79|
|date | 79|
|server | 79|
|last-modified | 72|
|content-length | 67|
|accept-ranges | 65|
|etag | 65|
|content-encoding | 38|
|connection | 28|
|vary | 28|
|strict-transport-security | 13|
|x-frame-options | 8|
|x-content-type-options | 7|
|cache-control | 4|
|expires | 3|
|x-xss-protection | 3|
|cf-ray | 2|
|expect-ct | 2|
|set-cookie | 2|
|via | 2|
|ms-author-via | 1|
|pragma | 1|
|referrer-policy | 1|
|upgrade | 1|
|x-amz-cf-id | 1|
|x-cache | 1|
|x-permitted-cross-domain | 1|
|x-powered-by | 1|
|x-robots-tag | 1|
|x-tuna-mirror-id | 1|
|x-ua-compatible | 1|
nearly-done
5 years ago
</div>
### 'Security' Headers
```r
c(
"content-security-policy", "x-frame-options", "x-xss-protection",
"x-content-type-options", "strict-transport-security", "referrer-policy"
) -> secure_headers
count(hdrs, name, sort=TRUE) %>%
filter(name %in% secure_headers)
```
<div class="kable-table">
forblog
5 years ago
|name | n|
|:----------------------------|-:|
|strict-transport-security |13|
|x-frame-options | 8|
|x-content-type-options | 7|
|x-xss-protection | 3|
|referrer-policy | 1|
nearly-done
5 years ago
</div>
```r
filter(hdrs, name %in% secure_headers) %>%
count(host, sort = TRUE)
```
<div class="kable-table">
host n
----------------------------- ---
cran.csiro.au 5
fourdots.com 3
ftp.gwdg.de 3
ftp.uni-sofia.bg 3
ftp.yzu.edu.tw 3
www.freestatistics.org 3
mirrors.nics.utk.edu 2
vps.fmvz.usp.br 2
cran.case.edu 1
cran.cnr.berkeley.edu 1
cran.hafro.is 1
cran.ncc.metu.edu.tr 1
cran.stat.upd.edu.ph 1
mirror.cedia.org.ec 1
mirrors.tongji.edu.cn 1
mirrors.tuna.tsinghua.edu.cn 1
</div>
```r
filter(hdrs, host == "cran.csiro.au", name %in% secure_headers)
```
<div class="kable-table">
name value host
-------------------------- ------------------------------------- --------------
x-content-type-options nosniff cran.csiro.au
x-frame-options SAMEORIGIN cran.csiro.au
x-xss-protection 1; mode=block cran.csiro.au
referrer-policy strict-origin-when-cross-origin cran.csiro.au
strict-transport-security max-age=15768000; includeSubdomains; cran.csiro.au
</div>
### 'Server' Types
```r
filter(hdrs, name == "server") %>%
separate(
value, c("kind", "version"), sep="/", fill="right", extra="merge"
) -> svr
count(svr, kind, sort=TRUE)
```
<div class="kable-table">
forblog
5 years ago
|kind | n|
|:--------------------------------|--:|
|Apache | 57|
|nginx | 15|
|cloudflare | 2|
|CSIRO | 1|
|Hiawatha v10.8.4 | 1|
|High Performance 8bit Web Server | 1|
|none | 1|
|openresty | 1|
nearly-done
5 years ago
</div>
#### apache
```r
apache_httpd_version_history() %>%
arrange(rls_date) %>%
mutate(
vers = factor(as.character(vers), levels = as.character(vers))
) -> apa_all
filter(svr, kind == "Apache") %>%
filter(!is.na(version)) %>%
mutate(version = stri_replace_all_regex(version, " .*$", "")) %>%
count(version) %>%
separate(version, c("maj", "min", "pat"), sep="\\.", convert = TRUE, fill = "right") %>%
mutate(pat = ifelse(is.na(pat), 1, pat)) %>%
mutate(v = sprintf("%s.%s.%s", maj, min, pat)) %>%
mutate(v = factor(v, levels = apa_all$vers)) %>%
arrange(v) -> apa_vers
filter(apa_all, vers %in% apa_vers$v) %>%
arrange(rls_date) %>%
group_by(rls_year) %>%
slice(1) %>%
ungroup() %>%
arrange(rls_date) -> apa_yrs
```
```r
ggplot() +
geom_blank(
data = apa_vers, aes(v, n)
) +
geom_segment(
data = apa_yrs, aes(vers, 0, xend=vers, yend=Inf),
linetype = "dotted", size = 0.25, color = "white"
) +
geom_segment(
data = apa_vers, aes(v, n, xend=v, yend=0),
color = ft_cols$gray, size = 8
) +
geom_label(
data = apa_yrs, aes(vers, Inf, label = rls_year),
family = font_rc, color = "white", fill = "#262a31", size = 4,
vjust = 1, hjust = 0, nudge_x = 0.01, label.size = 0
) +
scale_y_comma(limits = c(0, 15)) +
labs(
x = "Apache Version #", y = "# Servers",
title = "CRAN Mirrors Apache Version History"
) +
theme_ft_rc(grid="Y") +
theme(axis.text.x = element_text(family = "mono", size = 8, color = "white"))
```
<img src="orly_files/figure-html/apache-history-1.png" width="1200" />
#### nginx
```r
nginx_version_history() %>%
arrange(rls_date) %>%
mutate(
vers = factor(as.character(vers), levels = as.character(vers))
) -> ngx_all
filter(svr, kind == "nginx") %>%
filter(!is.na(version)) %>%
mutate(version = stri_replace_all_regex(version, " .*$", "")) %>%
count(version) %>%
separate(version, c("maj", "min", "pat"), sep="\\.", convert = TRUE, fill = "right") %>%
mutate(v = sprintf("%s.%s.%s", maj, min, pat)) %>%
mutate(v = factor(v, levels = ngx_all$vers)) %>%
arrange(v) -> ngx_vers
filter(ngx_all, vers %in% ngx_vers$v) %>%
arrange(rls_date) %>%
group_by(rls_year) %>%
slice(1) %>%
ungroup() %>%
arrange(rls_date) -> ngx_yrs
```
```r
ggplot() +
geom_blank(
data = ngx_vers, aes(v, n)
) +
geom_segment(
data = ngx_yrs, aes(vers, 0, xend=vers, yend=Inf),
linetype = "dotted", size = 0.25, color = "white"
) +
geom_segment(
data = ngx_vers, aes(v, n, xend=v, yend=0),
color = ft_cols$gray, size = 8
) +
geom_label(
data = ngx_yrs, aes(vers, Inf, label = rls_year),
family = font_rc, color = "white", fill = "#262a31", size = 4,
vjust = 1, hjust = 0, nudge_x = 0.01, label.size = 0
) +
scale_y_comma(limits = c(0, 15)) +
labs(
x = "nginx Version #", y = "# Servers",
title = "CRAN Mirrors nginx Version History"
) +
theme_ft_rc(grid="Y") +
theme(axis.text.x = element_text(family = "mono", color = "white"))
```
<img src="orly_files/figure-html/nginx-history-1.png" width="768" />
### What else do CRAN mirrors run?
```r
cran_mirror_other_things <- readRDS(here::here("data/cran-mirror-other-things.rds"))
```
#### A look by port
```r
distinct(cran_mirror_other_things, ip, port) %>%
count(ip, sort = TRUE) %>%
head(20)
```
<div class="kable-table">
forblog
5 years ago
|ip | n|
|:---------------|--:|
|104.25.94.23 | 8|
|143.107.10.17 | 7|
|104.27.133.206 | 5|
|137.208.57.37 | 5|
|192.75.96.254 | 5|
|208.81.1.244 | 5|
|119.40.117.175 | 4|
|130.225.254.116 | 4|
|133.24.248.17 | 4|
|14.49.99.238 | 4|
|148.205.148.16 | 4|
|190.64.49.124 | 4|
|194.214.26.146 | 4|
|200.236.31.1 | 4|
|201.159.221.67 | 4|
|202.90.159.172 | 4|
|217.31.202.63 | 4|
|222.66.109.32 | 4|
|45.63.11.93 | 4|
|62.44.96.11 | 4|
nearly-done
5 years ago
</div>
```r
distinct(cran_mirror_other_things, ip, port) %>%
filter(!(port %in% c(21, 80, 443))) %>%
count(ip) %>%
count(n) %>%
mutate(n = factor(n)) %>%
ggplot() +
geom_segment(
aes(n, nn, xend = n, yend = 0), size = 10, color = ft_cols$gray
) +
scale_y_comma() +
labs(
x = "Total number of running services", y = "# hosts",
title = "How many other services do CRAN mirrors run?",
subtitle = "NOTE: Not counting 80/443/21"
) +
theme_ft_rc(grid="Y")
```
<img src="orly_files/figure-html/other-stuff-1.png" width="576" />
Take a look at a few of them
```r
distinct(cran_mirror_other_things, ip, port) %>%
count(port, sort=TRUE)
```
<div class="kable-table">
forblog
5 years ago
| port| n|
|:----|--:|
| 80| 75|
| 443| 75|
| 21| 29|
| 22| 18|
| 8080| 6|
| 25| 5|
| 53| 2|
| 2082| 2|
| 2086| 2|
| 8000| 2|
| 8008| 2|
| 8443| 2|
| 111| 1|
| 465| 1|
| 587| 1|
| 993| 1|
| 995| 1|
| 2083| 1|
| 2087| 1|
nearly-done
5 years ago
</div>
```r
distinct(cran_mirror_other_things, ip, port) %>%
filter(ip == "104.25.94.23")
```
<div class="kable-table">
ip port
------------- -----
104.25.94.23 8443
104.25.94.23 2082
104.25.94.23 2087
104.25.94.23 8080
104.25.94.23 80
104.25.94.23 2083
104.25.94.23 443
104.25.94.23 2086
</div>
```r
distinct(cran_mirror_other_things, ip, port) %>%
filter(ip == "143.107.10.17")
```
<div class="kable-table">
ip port
-------------- -----
143.107.10.17 993
143.107.10.17 587
143.107.10.17 80
143.107.10.17 443
143.107.10.17 465
143.107.10.17 25
143.107.10.17 995
</div>
```r
distinct(cran_mirror_other_things, ip, port) %>%
filter(ip == "137.208.57.37")
```
<div class="kable-table">
ip port
-------------- -----
137.208.57.37 443
137.208.57.37 22
137.208.57.37 80
137.208.57.37 21
137.208.57.37 8080
</div>
#### What kinds of services were detected?
```r
cran_recog <- readRDS(here::here("data/cran-recog.rds"))
distinct(cran_recog, ip, cpe) %>%
count(cpe, sort = TRUE) %>%
head(50)
```
<div class="kable-table">
cpe n
------------------------------------ ---
cpe:/a:apache:http_server:- 13
cpe:/o:debian:debian_linux:- 13
cpe:/a:apache:http_server:2.4.6 11
cpe:/o:canonical:ubuntu_linux:- 11
cpe:/o:centos:centos:- 9
cpe:/a:apache:http_server:2.4.25 6
cpe:/a:nginx:nginx:- 6
cpe:/a:nginx:nginx:1.10.3 6
cpe:/o:redhat:linux:- 5
cpe:/a:apache:http_server:2.2.15 4
cpe:/a:openbsd:openssh:7.4p1 4
cpe:/o:debian:debian_linux:9.0 4
cpe:/a:apache:http_server:2.4.7 3
cpe:/a:openbsd:openssh:6.7p1 3
cpe:/a:openbsd:openssh:7.4 3
cpe:/a:apache:http_server:2.4.10 2
cpe:/a:apache:http_server:2.4.18 2
cpe:/a:apache:http_server:2.4.29 2
cpe:/a:openbsd:openssh:7.6p1 2
cpe:/o:debian:debian_linux:8.0 2
cpe:/a:apache:http_server:2.2.16 1
cpe:/a:apache:http_server:2.2.22 1
cpe:/a:apache:http_server:2.2.3 1
cpe:/a:apache:http_server:2.2.32 1
cpe:/a:apache:http_server:2.2.34 1
cpe:/a:apache:http_server:2.4 1
cpe:/a:apache:http_server:2.4.16 1
cpe:/a:apache:http_server:2.4.34 1
cpe:/a:apache:http_server:2.4.37 1
cpe:/a:apache:http_server:2.4.38 1
cpe:/a:apache:tomcat:- 1
cpe:/a:cherrypy:cherrypy:6.0.2 1
cpe:/a:isc:bind:9.11.2 1
cpe:/a:isc:bind:9.11.5-P1 1
cpe:/a:nginx:nginx:1.14.0 1
cpe:/a:nginx:nginx:1.15.8 1
cpe:/a:nginx:nginx:1.15.9 1
cpe:/a:nginx:nginx:1.9.4 1
cpe:/a:openbsd:openssh:5.5p1 1
cpe:/a:openbsd:openssh:6.6.1 1
cpe:/a:openbsd:openssh:6.6.1p1 1
cpe:/a:openbsd:openssh:7.2p2 1
cpe:/a:openbsd:openssh:7.6 1
cpe:/a:proftpd:proftpd:1.3.5b 1
cpe:/a:proftpd:proftpd:1.3.5rc3 1
cpe:/o:canonical:ubuntu_linux:14.04 1
cpe:/o:debian:debian_linux:6.0 1
cpe:/o:freebsd:freebsd:- 1
</div>
### What other DNS entries use CRAN IPs?
```r
cran_dns <- readRDS(here::here("data/cran-dns.rds"))
filter(cran_dns, !grepl("CLOUDFLARENET|AMAZON", as_name)) %>%
count(value, as_name, sort = TRUE)
```
<div class="kable-table">
value as_name n
---------------- ------------------------------------------------------------------------------------------------- ----
222.66.109.32 CHINANET-SH-AP China Telecom (Group), CN 243
200.3.192.46 EMPRESAS MUNICIPALES DE CALI E.I.C.E. E.S.P., CO 30
176.9.40.200 HETZNER-AS, DE 18
137.208.57.37 Wirtschaftsuniversitaet Wien, AT 10
169.229.19.202 UCB - University of California at Berkeley, US 10
202.121.199.235 ERX-CERNET-BKB China Education and Research Network Center, CN 10
150.229.0.204 CSIRO Commonwealth Scientific and Industrial, AU 8
130.206.13.2 REDIRIS RedIRIS Autonomous System, ES 6
192.80.24.196 Universidad de Chile, CL 6
202.141.176.110 CMNET-GD Guangdong Mobile Communication Co.Ltd., CN 6
45.63.11.93 AS-CHOOPA - Choopa, LLC, US 6
64.50.233.100 TDS-AS - TDS TELECOM, US 5
119.29.56.102 CNNIC-TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN 4
13.66.202.75 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US 4
131.188.12.211 DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE 4
194.214.26.146 FR-RENATER Reseau National de telecommunications pour la Technologie, FR 4
200.236.31.1 FUNPAR - Fundacao da UFPR para o DCTC, BR 4
130.225.254.116 FSKNET-DK Forskningsnettet - Danish network for Research and Education, DK 3
133.58.120.95 SINET-AS Research Organization of Information and Systems, National Institute of Informatics, JP 3
142.58.101.156 SFU-AS - Simon Fraser University, CA 3
148.205.148.16 Instituto Tecnologico Autonomo de Mexico(ITAM), MX 3
155.198.195.11 JANET Jisc Services Limited, GB 3
157.193.230.39 BELNET, BE 3
193.1.193.64 HEANET, IE 3
193.40.0.5 EENET-AS, EE 3
194.71.11.165 SUNET SUNET Swedish University Network, SE 3
202.90.159.172 DOST-PH-AP Department of Science and Technology, PH 3
46.143.212.45 IR-FUM, IR 3
101.6.8.193 ERX-CERNET-BKB China Education and Research Network Center, CN 2
128.176.148.9 DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE 2
129.237.125.92 UKANS - University of Kansas, US 2
14.49.99.238 KIXS-AS-KR Korea Telecom, KR 2
143.107.10.17 UNIVERSIDADE DE SAO PAULO, BR 2
144.122.156.22 METU-NET Middle East Technical University / Orta Dogu Teknik Universitesi, TR 2
190.96.111.43 Escuela Politecnica Nacional, EC 2
192.75.96.254 DALUNIV - Dalhousie University, CA 2
194.254.245.138 FR-RENATER Reseau National de telecommunications pour la Technologie, FR 2
200.144.254.65 UNIVERSIDADE DE SAO PAULO, BR 2
201.159.221.67 CEDIA, EC 2
210.218.217.24 KREONET-AS-KR KISTI, KR 2
62.44.96.11 SU-NET-AS, BG 2
103.109.101.20 AMARUTU-TECHNOLOGY, NL 1
103.224.137.193 IDNIC-PDISBPPT-AS-ID PDIS - BADAN PENGKAJIAN DAN PENERAPAN TEKNOLOGI, ID 1
119.40.117.175 UPM-AS-AP Universiti Putra Malaysia AS, MY 1
128.250.213.6 UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU 1
129.132.119.195 SWITCH Peering requests: (peering@switch.ch), CH 1
129.177.13.120 UNINETT UNINETT, The Norwegian University & Research Network, NO 1
129.186.138.51 IASTATE-AS - Iowa State University, US 1
129.22.208.161 CWRU-AS-1 - Case Western Reserve University, US 1
130.208.58.81 RHNET SURIS/RHnet, IS 1
130.216.2.235 AKUNI-NZ The University of Auckland, NZ 1
133.24.248.17 AS-YAMAGATAU Yamagata University, JP 1
134.214.32.76 FR-RENATER RENATER_ASNBLOCK1, FR 1
134.76.12.6 DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE 1
137.132.33.20 NUS-AS-AP NUS Information Technology, SG 1
137.222.10.189 JANET Jisc Services Limited, GB 1
140.138.144.169 ERX-TANET-ASN1 Taiwan Academic Network (TANet) Information Center, TW 1
141.219.191.249 MICHIGANTECH - Michigan Technological University, US 1
146.155.23.20 Pontificia Universidad Catolica de Chile, CL 1
147.162.35.231 ASGARR Consortium GARR, IT 1
147.52.159.12 UCNET, GR 1
156.56.247.193 INDIANA-AS - Indiana University, US 1
157.86.96.98 FUNDACAO INSTITUTO OSWALDO CRUZ, BR 1
165.229.11.55 YU-AS-KR Yeungnam University, KR 1
190.64.49.124 Administracion Nacional de Telecomunicaciones, UY 1
192.249.6.222 UTK - University of Tennessee, Knoxville, US 1
193.144.61.75 REDIRIS RedIRIS Autonomous System, ES 1
193.194.89.173 ARN, DZ 1
193.255.52.152 ULAKNET, TR 1
193.50.6.155 FR-RENATER Reseau National de telecommunications pour la Technologie, FR 1
202.158.214.106 AARNET-AS-AP Australian Academic and Reasearch Network (AARNet), AU 1
202.201.0.160 ERX-CERNET-BKB China Education and Research Network Center, CN 1
208.81.1.244 LESNET - LES.NET, CA 1
217.31.202.63 CZNIC-AS, CZ 1
87.98.155.219 OVH, FR 1
</div>
---
title: "orly.R"
author: "bob"
date: "Sun Mar 3 11:20:15 2019"
---