🛡️ Security & Privacy Stats
Viruses Downloaded:
0
(but we're not decrypting traffic, so? 🤷)
PUA Detections:
9
Potentially Unwanted Apps Detected:
TSyndicate[.]com
5x
172.31.3.218
Sqoutout[.]com
2x
172.31.4.69
Optvz[.]com
1x
172.31.3.218
Clinch[.]co
1x
172.31.1.172
Ways People Are Bypassing Our Inspection:
Mullvad VPN
42% ↑
Apple Private Relay
22% ↑
Private Internet Access
9% →
Google Tunnel
7% ↓
ProtonVPN
4% ↑
SurfShark
3% →
NordVPN
2% ↓
IVPN
1% ↑
Others (WireGuard, OpenVPN, DoH)
10% →
🚨 Network Anomaly Detection
Total Anomalies (24h)
847
Active Attackers
23
Attack Types
5
Attack Types Detected:
UDP Flood
712 events
CRITICAL
ICMP Sweep
47 events
HIGH
UDP Scan
38 events
HIGH
ICMP Flood
29 events
MEDIUM
Session Flood
21 events
MEDIUM
Most Active Anomaly Sources:
1.
172.31.2.141
WireGuard floods
187
2.
172.31.1.190
NFS flooding
156
3.
172.31.4.160
ICMP sweeper
89
4.
172.31.6.128
IKE floods
42
5.
172.31.1.23
UDP scanner
28
Notable Patterns:
🔐
Heavy WireGuard VPN traffic (port 51820) - 133K+ packets in single flood
📡
DNS amplification attempts to 172.31.0.10 (13,760 packets)
🌐
Persistent NFS service abuse detected from internal network
🎯
ICMP sweeper (172.31.4.160) scanning multiple ranges
⚡
QUIC/UDP floods on port 443 (DoH/DoT attempts)
🔑
Significant Kerberos authentication traffic: 10.36 GB detected
📍
Heavy ICMP traffic volume: 10.07 GB (ping floods & scanning)
Suspicious Beaconing Activity Detected:
Primary Offender:
172.31.1.16 → China (907 MB, 933K packets)
Most Active Beacon:
172.31.5.29 → Multiple Chinese IPs (15+ destinations)
Total Volume to China:
~920 MB across 100+ unique connections
Affected Internal IPs:
28 unique HOPE attendee devices
Top Chinese Destinations:
Alibaba Cloud, Tencent, Baidu infrastructure
⚠️ Pattern Analysis: Consistent small packet sizes suggest command & control communications rather than data exfiltration, except for 172.31.1.16 which shows large volume transfer.
📞 External Complaints
🤔
UNVERIFIED REPORT
We received unconfirmed reports of alleged attacks targeting DNS servers originating from the HOPE XVI network
Report Status:
UNVERIFIED
Investigation:
No evidence found in logs
NOC Response:
Monitoring for suspicious DNS activity