_   _  ___  ____  _____   _   _  ___   ____ 
| | | |/ _ \|  _ \| ____| | \ | |/ _ \ / ___|
| |_| | | | | |_) |  _|   |  \| | | | | |    
|  _  | |_| |  __/| |___  | |\  | |_| | |___ 
|_| |_|\___/|_|   |_____| |_| \_|\___/ \____|
            

Network Operations Center

HOPE XVI • August 15-17, 2025 • St. John's University

📡 Conference WiFi Access

SSID: HOPE16
Password: hope2025
Security: WPA2-PSK
DNS Server: 172.31.0.10

⚡ Full IPv4 support • DoH/DoT available • No blocked ports

🌐 Network Status

Last update: 08/17 19:00
Core Network: OFFLINE
Current Users: 1699
Bandwidth Usage: ↓ 100.5 Mbps / ↑ 99.24 Mbps
Previous uptime: 12 days, 20 hours, 50 minutes

📈 Network Statistics

Last Updated: August 17, 4:30 PM

🔝 Top Protocols & Applications

TCP
63%
UDP
35%
ICMP
2%
Web 593 GB
Unknown 577 GB
CDN 248 GB
Secure Web 95 GB
GitHub 55 GB
AWS 45 GB
Anonymous.VPN 37 GB
M247 Hosting 28 GB

🏆 Top 10 ASN Leaderboard

1. INTERNAL 604 GB
2. GOOGLE 292 GB
3. FASTLY 159 GB
4. APPLE-AUSTIN 131 GB
5. TZULO 117 GB
6. AMAZON-02 114 GB
7. CLOUDFLARENET 93 GB
8. AXCELX-NET 66 GB
9. AKAMAI-ASN1 56 GB
10. CDNEXT 42 GB
11. USA-2022 41 GB

🌍 Geographic Reach & Destinations

Traffic from 104 countries
Unique ASNs: 200+
Top Destinations:
1. United States 1.07 TB
2. Internal 485 GB
3. Unknown 73 GB
4. Netherlands 37 GB
5. Germany 25 GB
6. Canada 22 GB
7. France 13 GB

🛡️ Security & Privacy Stats

Viruses Downloaded: 0
(but we're not decrypting traffic, so? 🤷)
PUA Detections: 9
Potentially Unwanted Apps Detected:
TSyndicate[.]com 5x 172.31.3.218
Sqoutout[.]com 2x 172.31.4.69
Optvz[.]com 1x 172.31.3.218
Clinch[.]co 1x 172.31.1.172
Ways People Are Bypassing Our Inspection:
Mullvad VPN 42%
Apple Private Relay 22%
Private Internet Access 9%
Google Tunnel 7%
ProtonVPN 4%
SurfShark 3%
NordVPN 2%
IVPN 1%
Others (WireGuard, OpenVPN, DoH) 10%

⚠️ Export Control Countries Traffic

Traffic to countries with export restrictions detected!
🇨🇳 China 670 MB
🇷🇺 Russian Federation 269 MB
🇮🇷 Iran 20 MB
🇸🇦 Saudi Arabia 351 MB
🇦🇪 UAE 245 MB
🇵🇰 Pakistan 133 MB
🇻🇪 Venezuela 47 MB
🇦🇫 Afghanistan 723 KB

🚨 Suspicious Network Traffic Alert

⚠️ THREAT DETECTED:
308 GB of traffic to suspicious ASNs including bulletproof hosting providers and ransomware infrastructure
Total Suspicious 308 GB
Flagged ASNs 18
Critical Threats 2
Critical Threats:
THE-HOSTING (AS44477)
BULLETPROOF 2.46 GB
NFORCE (AS43350)
CSAM/ATTACKS 1.17 GB
High Risk Networks:
TZULO (AS11878)
VPN/SPAM 113 GB
MEGA (AS205809)
RANSOMWARE 18 GB
Medium Risk Networks:
CDNEXT (AS212238)
HIGH-RISK CDN 32 GB
M247 (AS9009)
ABUSE REPORTS 16 GB
CONTABO (AS51167)
MALWARE HOST 7 GB

🚨 Network Anomaly Detection

Total Anomalies (24h) 847
Active Attackers 23
Attack Types 5
Attack Types Detected:
UDP Flood 712 events CRITICAL
ICMP Sweep 47 events HIGH
UDP Scan 38 events HIGH
ICMP Flood 29 events MEDIUM
Session Flood 21 events MEDIUM
Most Active Anomaly Sources:
1. 172.31.2.141 WireGuard floods 187
2. 172.31.1.190 NFS flooding 156
3. 172.31.4.160 ICMP sweeper 89
4. 172.31.6.128 IKE floods 42
5. 172.31.1.23 UDP scanner 28
Notable Patterns:
🔐 Heavy WireGuard VPN traffic (port 51820) - 133K+ packets in single flood
📡 DNS amplification attempts to 172.31.0.10 (13,760 packets)
🌐 Persistent NFS service abuse detected from internal network
🎯 ICMP sweeper (172.31.4.160) scanning multiple ranges
QUIC/UDP floods on port 443 (DoH/DoT attempts)
🔑 Significant Kerberos authentication traffic: 10.36 GB detected
📍 Heavy ICMP traffic volume: 10.07 GB (ping floods & scanning)
Suspicious Beaconing Activity Detected:
Primary Offender: 172.31.1.16 → China (907 MB, 933K packets)
Most Active Beacon: 172.31.5.29 → Multiple Chinese IPs (15+ destinations)
Total Volume to China: ~920 MB across 100+ unique connections
Affected Internal IPs: 28 unique HOPE attendee devices
Top Chinese Destinations: Alibaba Cloud, Tencent, Baidu infrastructure
⚠️ Pattern Analysis: Consistent small packet sizes suggest command & control communications rather than data exfiltration, except for 172.31.1.16 which shows large volume transfer.

📞 External Complaints

🤔
UNVERIFIED REPORT
We received unconfirmed reports of alleged attacks targeting DNS servers originating from the HOPE XVI network
Report Status: UNVERIFIED
Investigation: No evidence found in logs
NOC Response: Monitoring for suspicious DNS activity

💕 Hacker Social Preferences

📊 Top Bandwidth Users

172.31.1.149 103 GB
172.31.2.80 84 GB
172.31.5.222 67 GB
172.31.1.90 64 GB
172.31.7.77 56 GB
172.31.1.27 55 GB
172.31.1.68 26 GB
172.31.1.182 19 GB
172.31.1.55 18 GB
172.31.4.254 17 GB

📊 Network Traffic - Combined Wireless + Wired (Trending)

Last update: 08/17 19:00
⬇ Download ⬆ Upload

🔧 Network Overview

NOC Equipment Rack
Click to enlarge

Infrastructure Highlights

  • Total Bandwidth Transferred: 2.54 TB (604 GB Internal + 1.94 TB External)
  • Coverage: All wireless APs across the campus including dorms, wired network spanning Cafeteria, all Auditoriums, and Workshop rooms
  • Uplink: 10 Gbps network handoff via Cat6A
  • Core Switch: Cisco Catalyst 3560-CX
  • Power Protection: UPS to keep power to all the things
  • Out-of-band Management: Wireless access provided by an Eero
  • Physical Security: NOC monitored via active audio/video surveillance and university public safety personnel (not quite a datacenter, but it works)
  • Security & Services: Fortinet FortiGate 90G providing:
    • Network inspection, DHCP, and DNS services
    • Up to 4.5 Gbps IPS throughput
    • 2.5 Gbps NGFW capability
    • 2.2 Gbps Threat Protection
  • Analytics: Netflow analysis using FortiMonitor
  • Note: This website is a point-in-time snapshot with code generated by Anthropic Claude and friends

📢 Latest Announcements

[2025-08-15 09:00] Apologies for the brief interruption, needed to re-route some power to UPS before the con starts. Cisco 3560-CX went into an error state which took a few minutes to recover from. :(
[2025-08-15 08:12] Axcelx is giving away free SWAG in the NOC, drop by Tobin 211 and chat with us today.
[2025-08-14 14:04] Network is stable, all systems green.

❓ Frequently Asked Questions

How do I connect to the WiFi?
  1. Select SSID: HOPE16
  2. Enter password: hope2025
  3. You're connected! No captive portal required.
What ports are open?
All ports are open! We don't block any traffic. Use responsibly and respect others on the network.
Is IPv6 supported?
No, we currently have no IPv6 support. IPv4 only.
Can I use custom DNS?
Yes! You can use alternate DNS providers such as:
  • Google DNS: 8.8.8.8
  • Quad9: 9.9.9.9

Or if you want to allow us to harvest your details, you can continue using our default DNS server at 172.31.0.10 which supports:

  • Standard UDP DNS (port 53)
  • DNS over HTTPS (DoH)
  • DNS over TLS (DoT)

DoH/DoT Certificate Fingerprints (trust these!):

  • Certificate: 2050404cf7bcde05bf36da1da6af3874635064a3c76b8025a38d77f47062e23c
  • Public Key: 7dd7256aca25cc699fe5384dfc51cb95ce9951d8b359d1157c0b40a129863178
Is wired network access available?
Yes! Wired network access is available in the Cafeteria with support up to 1 Gbps. Bring your ethernet cable and enjoy the speed!
What about network security and monitoring?
While we're actively utilizing IPS and other functionality for visibility into packets using a FortiGate 90G, we're not blocking traffic. It's just so we can keep an eye on what's going on and point out general silliness. Remember, this is an open network - encrypt your sensitive traffic!
Can I do "X" illegal activity on the network?
Would not recommend it. The general "we" are watching. We suggest use of VPNs in general for your own protection, as this network is the wild wild west.
Can I volunteer?
We're looking for people interested in security data analysis or that have a general network engineering background. The hard work is done, we're in steady state monitoring.
Where is the NOC located?
The Network Operations Center is located in Tobin 211. Come drop by and say hello to the team!

💡 Network Tips

👥 HOPE NOC Staff

Alex
NOC Leader
James
Datacenter Guru
Jesse
Network Engineer
Michael
Security Engineer

📍 Find us in Tobin 211 - Drop by anytime!

🤝 Network Sponsors