 _   _  ___  ____  _____   _   _  ___   ____ 
| | | |/ _ \|  _ \| ____| | \ | |/ _ \ / ___|
| |_| | | | | |_) |  _|   |  \| | | | | |    
|  _  | |_| |  __/| |___  | |\  | |_| | |___ 
|_| |_|\___/|_|   |_____| |_| \_|\___/ \____|

Network Operations Center

HOPE XVI • August 15-17, 2025 • St. John's University

📡 Conference WiFi Access

SSID: HOPE16

Password: hope2025

Security: WPA2-PSK

DNS Server: 172.31.0.10

⚡ Full IPv4 support • DoH/DoT available • No blocked ports

🌐 Network Status

Last update: 08/17 19:00

Core Network: OFFLINE

Current Users: 1699

Bandwidth Usage: ↓ 100.5 Mbps / ↑ 99.24 Mbps

Previous uptime: 12 days, 20 hours, 50 minutes

📈 Network Statistics

Last Updated: August 17, 4:30 PM

🔝 Top Protocols & Applications

TCP

63%

UDP

35%

ICMP

Web 593 GB ↑

Unknown 577 GB ↑

CDN 248 GB ↓

Secure Web 95 GB →

GitHub 55 GB ↑

AWS 45 GB ↑

Anonymous.VPN 37 GB ↓

M247 Hosting 28 GB ↑

🏆 Top 10 ASN Leaderboard

1. INTERNAL 604 GB →

2. GOOGLE 292 GB →

3. FASTLY 159 GB →

4. APPLE-AUSTIN 131 GB →

5. TZULO 117 GB →

6. AMAZON-02 114 GB →

7. CLOUDFLARENET 93 GB →

8. AXCELX-NET 66 GB →

9. AKAMAI-ASN1 56 GB →

10. CDNEXT 42 GB →

11. USA-2022 41 GB →

🌍 Geographic Reach & Destinations

Traffic from 104 countries

Unique ASNs: 200+

Top Destinations:

1. United States 1.07 TB →

2. Internal 485 GB →

3. Unknown 73 GB ↑

4. Netherlands 37 GB ↑

5. Germany 25 GB ↓

6. Canada 22 GB ↓

7. France 13 GB ↑

🛡️ Security & Privacy Stats

Viruses Downloaded: 0

(but we're not decrypting traffic, so? 🤷)

PUA Detections: 9

Potentially Unwanted Apps Detected:

TSyndicate[.]com 5x 172.31.3.218

Sqoutout[.]com 2x 172.31.4.69

Optvz[.]com 1x 172.31.3.218

Clinch[.]co 1x 172.31.1.172

Ways People Are Bypassing Our Inspection:

Mullvad VPN 42% ↑

Apple Private Relay 22% ↑

Private Internet Access 9% →

Google Tunnel 7% ↓

ProtonVPN 4% ↑

SurfShark 3% →

NordVPN 2% ↓

IVPN 1% ↑

Others (WireGuard, OpenVPN, DoH) 10% →

⚠️ Export Control Countries Traffic

Traffic to countries with export restrictions detected!

🇨🇳 China 670 MB ↑

🇷🇺 Russian Federation 269 MB ↑

🇮🇷 Iran 20 MB →

🇸🇦 Saudi Arabia 351 MB ↑

🇦🇪 UAE 245 MB →

🇵🇰 Pakistan 133 MB ↑

🇻🇪 Venezuela 47 MB →

🇦🇫 Afghanistan 723 KB ↓

🚨 Suspicious Network Traffic Alert

⚠️ THREAT DETECTED:
308 GB of traffic to suspicious ASNs including bulletproof hosting providers and ransomware infrastructure

Total Suspicious 308 GB

Flagged ASNs 18

Critical Threats 2

Critical Threats:

THE-HOSTING (AS44477)

BULLETPROOF 2.46 GB

NFORCE (AS43350)

CSAM/ATTACKS 1.17 GB

High Risk Networks:

TZULO (AS11878)

VPN/SPAM 113 GB

MEGA (AS205809)

RANSOMWARE 18 GB

Medium Risk Networks:

CDNEXT (AS212238)

HIGH-RISK CDN 32 GB

M247 (AS9009)

ABUSE REPORTS 16 GB

CONTABO (AS51167)

MALWARE HOST 7 GB

🚨 Network Anomaly Detection

Total Anomalies (24h) 847

Active Attackers 23

Attack Types 5

Attack Types Detected:

UDP Flood 712 events CRITICAL

ICMP Sweep 47 events HIGH

UDP Scan 38 events HIGH

ICMP Flood 29 events MEDIUM

Session Flood 21 events MEDIUM

Most Active Anomaly Sources:

1. 172.31.2.141 WireGuard floods 187

2. 172.31.1.190 NFS flooding 156

3. 172.31.4.160 ICMP sweeper 89

4. 172.31.6.128 IKE floods 42

5. 172.31.1.23 UDP scanner 28

Notable Patterns:

🔐 Heavy WireGuard VPN traffic (port 51820) - 133K+ packets in single flood

📡 DNS amplification attempts to 172.31.0.10 (13,760 packets)

🌐 Persistent NFS service abuse detected from internal network

🎯 ICMP sweeper (172.31.4.160) scanning multiple ranges

⚡ QUIC/UDP floods on port 443 (DoH/DoT attempts)

🔑 Significant Kerberos authentication traffic: 10.36 GB detected

📍 Heavy ICMP traffic volume: 10.07 GB (ping floods & scanning)

Suspicious Beaconing Activity Detected:

Primary Offender: 172.31.1.16 → China (907 MB, 933K packets)

Most Active Beacon: 172.31.5.29 → Multiple Chinese IPs (15+ destinations)

Total Volume to China: ~920 MB across 100+ unique connections

Affected Internal IPs: 28 unique HOPE attendee devices

Top Chinese Destinations: Alibaba Cloud, Tencent, Baidu infrastructure

⚠️ Pattern Analysis: Consistent small packet sizes suggest command & control communications rather than data exfiltration, except for 172.31.1.16 which shows large volume transfer.

📞 External Complaints

🤔

UNVERIFIED REPORT
We received unconfirmed reports of alleged attacks targeting DNS servers originating from the HOPE XVI network

Report Status: UNVERIFIED

Investigation: No evidence found in logs

NOC Response: Monitoring for suspicious DNS activity

💕 Hacker Social Preferences

📊 Top Bandwidth Users

172.31.1.149 103 GB ↑

172.31.2.80 84 GB ↑

172.31.5.222 67 GB ↑

172.31.1.90 64 GB →

172.31.7.77 56 GB ↑

172.31.1.27 55 GB ↑

172.31.1.68 26 GB ↑

172.31.1.182 19 GB ↑

172.31.1.55 18 GB →

172.31.4.254 17 GB ↑

📊 Network Traffic - Combined Wireless + Wired (Trending)

Last update: 08/17 19:00

⬇ Download ⬆ Upload

🔧 Network Overview

Click to enlarge

Infrastructure Highlights

Total Bandwidth Transferred: 2.54 TB (604 GB Internal + 1.94 TB External)
Coverage: All wireless APs across the campus including dorms, wired network spanning Cafeteria, all Auditoriums, and Workshop rooms
Uplink: 10 Gbps network handoff via Cat6A
Core Switch: Cisco Catalyst 3560-CX
Power Protection: UPS to keep power to all the things
Out-of-band Management: Wireless access provided by an Eero
Physical Security: NOC monitored via active audio/video surveillance and university public safety personnel (not quite a datacenter, but it works)
Security & Services: Fortinet FortiGate 90G providing:
- Network inspection, DHCP, and DNS services
- Up to 4.5 Gbps IPS throughput
- 2.5 Gbps NGFW capability
- 2.2 Gbps Threat Protection
Analytics: Netflow analysis using FortiMonitor
Note: This website is a point-in-time snapshot with code generated by Anthropic Claude and friends

📢 Latest Announcements

[2025-08-15 09:00] Apologies for the brief interruption, needed to re-route some power to UPS before the con starts. Cisco 3560-CX went into an error state which took a few minutes to recover from. :(

[2025-08-15 08:12] Axcelx is giving away free SWAG in the NOC, drop by Tobin 211 and chat with us today.

[2025-08-14 14:04] Network is stable, all systems green.

❓ Frequently Asked Questions

How do I connect to the WiFi?

Select SSID: HOPE16
Enter password: hope2025
You're connected! No captive portal required.

What ports are open?

All ports are open! We don't block any traffic. Use responsibly and respect others on the network.

Is IPv6 supported?

No, we currently have no IPv6 support. IPv4 only.

Can I use custom DNS?

Yes! You can use alternate DNS providers such as:

Google DNS: 8.8.8.8
Quad9: 9.9.9.9

Or if you want to allow us to harvest your details, you can continue using our default DNS server at 172.31.0.10 which supports:

Standard UDP DNS (port 53)
DNS over HTTPS (DoH)
DNS over TLS (DoT)

DoH/DoT Certificate Fingerprints (trust these!):

Certificate: 2050404cf7bcde05bf36da1da6af3874635064a3c76b8025a38d77f47062e23c
Public Key: 7dd7256aca25cc699fe5384dfc51cb95ce9951d8b359d1157c0b40a129863178

Is wired network access available?

Yes! Wired network access is available in the Cafeteria with support up to 1 Gbps. Bring your ethernet cable and enjoy the speed!

What about network security and monitoring?

While we're actively utilizing IPS and other functionality for visibility into packets using a FortiGate 90G, we're not blocking traffic. It's just so we can keep an eye on what's going on and point out general silliness. Remember, this is an open network - encrypt your sensitive traffic!

Can I do "X" illegal activity on the network?

Would not recommend it. The general "we" are watching. We suggest use of VPNs in general for your own protection, as this network is the wild wild west.

Can I volunteer?

We're looking for people interested in security data analysis or that have a general network engineering background. The hard work is done, we're in steady state monitoring.

Where is the NOC located?

The Network Operations Center is located in Tobin 211. Come drop by and say hello to the team!

💡 Network Tips

🔐 Use VPN or SSH tunnels for sensitive traffic
🚀 Wired ethernet available in workshop rooms and the cafeteria for maximum speed
📡 5GHz band recommended for better performance
🛡 Remember: Despite WPA2, this is the wild wild west - encrypt your traffic!
⚡ Report any issues to the NOC team in Tobin 211

👥 HOPE NOC Staff

Alex

NOC Leader

James

Datacenter Guru

Jesse

Network Engineer

Michael

Security Engineer

📍 Find us in Tobin 211 - Drop by anytime!