Team Cymru Community Services

Packet Clearing House (PCH) Services
May 16, 2019
APNIC Community Activities
May 16, 2019

Team Cymru Community Services

Team Cymru Research NFP is a group of technologists passionate about making the Internet more secure and dedicated to that goal. They work closely with and within Internet security communities and they all need help to ensure that their parts of the network remain safe and secure. Team Cymru helps organizations identify and eradicate problems in their networks, providing insight that improves lives.

Team Cymru is a geographically-dispersed group of security professionals who are able to collaborate due to the benefits of the Internet. They endeavor to make the entire Inter

net more secure, more aware, and more reliable. In addition to such practical contributions they also work in partnership with a number of organizations that are engaged in investigation, internet governance, best practice and consumer advice.

Map shows the geographic distribution of infected computers
that form a Machbot botnet (source: Team cymru Website)

SERVICES OFFERED BY TEAM CYMRU

The Bogon Reference
A bogon prefix is a route that should never appear in the Internet routing table. This can be for one of several reasons – either the prefix is within a private or reserved IP address block, or a block that has not yet been allocated to a Regional Internet Registry (RIR). The Bogon Reference pages provide a number of resources for the filtering of bogon prefixes from your routers and hosts.

The Darknet Project
A darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are “dark” because there is, seemingly, nothing within these networks. In fact, the darknet does contain at least one server, which vacuums up packets and flows entering the “dark” space for real-time analysis or post-event network forensics.

The IP to ASN Mapping Project
Team Cymru provides a number of query interfaces that allow for the mapping of IP addresses to BGP prefixes and Autonomous System Numbers (ASNs), based on BGP feeds from our 50+ BGP peers, and updated every 4 hours. This data is available through traditional WHOIS (TCP 43), DNS (UDP 53), HTTP (TCP 80), and HTTPS (TCP 443).

The Malware Hash Registry
The Malware Hash Registry provides the ability to perform lookups of MD5 and SHA-1 hashes of files to see if Team Cymru’s malware analysis system has classified them as malware, along with information about when the sample was last seen and an approximate anti-virus detection percentage.

RSS Feed Screensaver
RSS feed screensaver for Mac OS X displays information from RSS news feed, Twitter feed, and a graphical representation of compromised machine counts on a rotating globe, all automatically updated on an ongoing basis. At this time the screensaver is only available for Mac OS X, versions for other operating systems will be available in the future.

Totalhash Malware Analysis
Totalhash is a community malware analysis service. This service provides users the ability to quickly find and view both static and dynamic analysis of malware samples. An API is available to those who require programmatic access to the service. Totalhash is the entry point to Team Cymru’s comprehensive malware service offerings.

BDIX as its community services hosting Team Cymru services for flow analysis and malware detection of Internet traffic.

For more information and resources about Team cymru and its services, such as services in details and different graphs, visit  Team cymru Page

Source: www.team-cymru.org