Notes and Receipts (PCAPs) for TCP and ICMP Noise Storms

The GitHub repository named "2024-09-noise-storms" contains notes and packet capture (PCAP) files related to TCP and ICMP Noise Storms, phenomena first observed in January 2020. These events are characterized by large-scale spoofed packet transmissions, primarily from Brazil, involving millions of spoofed IP addresses. The traffic consists mainly of TCP packets on port 443 and ICMP packets, with recent ICMP packets notably containing the ASCII string "LOVE." The time-to-live (TTL) values for these packets are spoofed between 120 and 200. Noise Storms have evolved to target smaller segments of the internet with increasing intensity and are often linked to significant geopolitical events. The TCP traffic appears to mimic various operating systems, successfully avoiding detection by AWS while impacting other service providers. Theories regarding the motivations behind these storms include covert communications, DDoS attacks, misconfigured routers, or attempts to manipulate network congestion. For further insights, the repository is associated with a specific episode of Storm⚡️Watch that discusses these phenomena in detail.

- The repository contains samples of TCP and ICMP Noise Storms.

- Noise Storms are linked to geopolitical events and involve spoofed packets.

- TCP traffic primarily targets port 443, while ICMP packets include a specific ASCII string.

- The phenomenon has evolved to affect smaller internet segments with increased intensity.

- Various theories exist regarding the motivations behind these noise storms.