Commercial Usage of Signals?
Donation Recommended
In the preamble of each of our Signals we state:
The [...] report is free for non-commercial use ONLY. If you wish
to discuss commercial use of this service, please contact us at
info@dataplane.org.
When a commercial organization inquires, as instructed by this statement, regarding the commercial use of Signal data feeds, we thank them for asking and allow the non-commercial use. All we have asked for is feedback and to stay in touch. Now we recommend a minimum donation of $1000 (USD) per year for those wishing to use Signals in commercial systems. Our non-profit provides a public benefit, but what we do comes at a cost that requires funding. Covering costs and attracting funding to fulfill our mission is not just practical but a fiscal duty. We believe the recommended donation to be both reasonable and fair.
Mitigating Spoofed Addresses in Signal Feed Data
We’ve frequently pointed out that our signals feed data are not block lists. On the one hand, the activity reflected in Signals is not necessarily malicious. On the other hand, some of the Signals data feeds are susceptible to source address spoofing, making it difficult to reliably associate some events to the originating systems. Despite the challenge of source attribution, we remain convinced that even spoofed source events are useful NETINT (network intelligence) in certain contexts, and we prefer to make them available.
We recently described a peculiar pattern of “destination-adjacent source address (DASA) spoofing” activity observed by our DNS sensors. As we suggested in that article, we took measures to limit the effect of this activity from showing up in some of our signal data. Deciding what data to publish publicly is a trade-off. For example, we publish a list of SSH id and password pairs our sensors see, but we exclude low visibility pairs that are not seen across multiple distinct sensors. This is to limit the disclosure of accidental SSH login attempts we may be party to as well as to limit the ability for someone to use the report to stage a sensor exposure attack. Likewise, by limiting DASA spoofing, we limit someone's ability to conduct a sensor network identification attack.
Limiting the public dissemination of some data is a delicate balance to protect ourselves and third parties. Combined with the knowledge of Signal feeds, including both their potential utility and limitation, we believe the end result is a reasonable. For authorized researchers and special projects, the full set of data can be made available.
Research Collaboration
Dataplane.org has roots in academia, and in the past few months, we have expanded our support of in support of university research projects. Our platform was used to help evaluate Internet Sanctions on Russia Media, which appeared in the 2024 Free and Open Communications on the Internet (FOCI) workshop. Summary blogs of this work also mentioned Datplane.org appears at SIDN Labs and RIPE Labs.
More recently, as you read this we are helping support another academic active measurement research project by running web-based client connectivity tests from a select set of our vantage points. We are also helping to support an active DNSSEC measurement project by running pollers at a select set of our vantage points. We expect this type of academic research support to continue into 2024 and beyond.
If you are an academic that needs help performing passive or active measurements on a global scale, please reach out to see if we might be able to help.
Analysis and Commentaries
Our own John Kristoff contributed a guest blog post entitled Forgotten Protocol Chronicles: Do Not Underestimate the Installed Base. The article includes a reference to one of our earliest research projects. This project is still monitoring ISATAP, sinkhole legacy IPv6 transition mechanism activity as a community service.
In early March we produced a popular piece entitled Destination-Adjacent Source Address Spoofing. As mentioned earlier, there we took a deep dive into a curious series of spoofed DNS queries we were observing.
Our plan is to release analysis and commentary such as these more frequently in the coming months.
On Boot Clock Skew and Logging
We make great use of logging throughout our infrastructure. We also limit the number of unique configurations across our globally distributed set of virtual machines (VMs) and dedicated servers, but some things are beyond our control. One of those system properties that we are at the mercy of is the accuracy of a system clock, particularly on VMs. Occasionally, we noticed the time stamp of system log messages shortly after a system boot, when the time was wildly off from the true time. It is not always clear why this happens, but in some cases, it can take a couple of minutes for a system to adjust to the clock. Until time is synchronized, log messages and other system events can cause problems when accuracy is important.
Modern Linux distributions using systemd should have a corresponding “wait” service (e.g., systemd-time-wait-sync, ntpsec-wait). If you are like us and have distributed systems where an accurate notion of time is important for a set of running services, you may wish to add something like this in the associated systemd service file of the process you want to start once time is stable:
[Unit]
After ntpsec-wait.service
Be sure to issue a systemctl daemon-reload
for this change to take effect.
Organization and Financial Updates
We entered 2024 after our first full year as a US 501(c)3 non-profit. Last year, at this time, with the help of our accountants, we were preparing our first tax filing with funding revenue only from the founders. This year, we are happy to report that we have begun to receive external funding to report on our 2023 returns. We are far from being able to hire and pay salaries, but at least now we have a bit of breathing room with funds to help cover operating costs.
For transparency, we plan to provide detailed breakdowns of expenses and revenues.
We are still spending the majority of our time bolstering infrastructure, putting the organization on firm footing fiscally, and developing outputs to meet our mission. Our wish list of projects is continually growing. In the year ahead, we intend to build on our foundation, strengthen what we do, expand where we can, and capitalize on opportunities that arise.
For many months, we have been exploring changes in our organizational structure with legal counsel. This was precipitated largely by how we expect to drive funding to support Dataplane.org. We are still in the early phases, but we are considering the creation of a commercial entity to support our non-profit. In a nutshell, this would help provide more flexibility for revenue to fund the non-profit. There is a ton to explore on this front, what we do know is that this will require investing more into Dataplane.org. First, of course, is the legal fees, followed by appropriate paperwork and filings for any restructuring that may occur. We will also need to explore separation between our board and management if we add this additional structure, as the three founders cannot both run a commercial and non-profit entity without causing a conflict of interest. We are not in a rush, but we expect to be heading towards another evolution in the organization.
We welcome feedback, thoughts, and guidance in 2024 on any items covered in our update or suggestions for improvement.
Please consider making a donation to support our mission, our Signals availability, and our ability to take on new projects.
Feel free to reach out via email, Mastodon, or on our Slack space (request an invite if you need one).