In September 2019, 600 armed German cops seized the physical premise of a
Bulletproof Hoster (BPH) referred to as CyberBunker 2.0. The hoster resided in
a decommissioned NATO bunker and advertised to host everything but child porn
and anything related to terrorism while keeping servers online no matter what.
While the anatomy, economics and interconnection-level characteristics of BPHs
are studied, their traffic characteristics are unknown. In this poster, we
present the first analysis of domains, web pages, and traffic captured at a
major tier-1 ISP and a large IXP at the time when the CyberBunker was in
operation. Our study sheds light on traffic characteristics of a BPH in
operation. We show that a traditional BGP-based BPH identification approach
cannot detect the CyberBunker, but find characteristics from a domain and
traffic perspective that can add to future identification approaches.
Go to Source of this post
Author Of this post: <a href="http://arxiv.org/find/cs/1/au:+Kopp_D/0/1/0/all/0/1">Daniel Kopp</a>, <a href="http://arxiv.org/find/cs/1/au:+Strehle_E/0/1/0/all/0/1">Eric Strehle</a>, <a href="http://arxiv.org/find/cs/1/au:+Hohlfeld_O/0/1/0/all/0/1">Oliver Hohlfeld</a>