Welcome to Internet Lab, a project dedicated to exploring, researching and sharing insights about several aspects of the Internet. This initiative serves as both a playground and a public outlet for research that has been brewing in the background for quite some time. If you are in the field of cybersecurity, you have likely stumbled upon interesting observations, jotted down a few notes and thought "I'll explore this later." Often, it ends up never being explored since there is little more to it that just your curiosity?

Why?

For me, Max Resing, this has happened far too often. My list of research ideas kept growing, while researching and exploring some of these ideas let to little reward other than satisfying my curiosity. While I shared my discoveries with friends and colleagues regularly, and often even received positive feedback, the efforts rarely gained momentum beyond those conversations. This website is dedicated to share this intrigued feeling with more people than just those close to me.

Another motivation for creating this public research outlet are the constraints I usually faced in the academic, or the professional setting. Working under the banner of another organization comes along with rules and regulations - not a bad thing, but it requires justification for your work.

What?

That is my reasion for building this website: Document and share research with a broader audience. I will cover topics of my interests: Network protocols, Internet-measurements and threat intelligence, while utilizing and improving on my skillset of data science and engineering.

Topics to be covered will be (without any priority and order):

• Core protocols of the Internet

While widely explored and documented, it is a good learning experience to explore some aspects in the field of DNS, BGP, NTP and such.

• Niche protocols

Protocols which are not yet standardized, but rise in popularity. A protocol that caught my attention for instance is Gemini.

• Subcultures of the Internet

An example are public resolvers operated by me who served the parallel DNS root OpenNIC - a supposedly open and democtratic alternative to the DNS root.

• Botnets

A field of research I find particularly interesting, which amazed me for way too long. I might incorporate some tracking of infrastructure into this project.

• Threat Intelligence excursions

Often just those small things that caught my attention while working on something unrelated or different to the discovery. This could include some clusters of (not-stricly) malicious, or questionable usage of Internet resources.

There is no grand roadmap on what will come next. I want to let this project grow organically. As more data is gathered, more analysis is conductd, more insights will emerge leading to a new set of short- and mid-term directions.

How?

For my measurements, I aim to streamline some of my (repeated) measurements. So far, the infrastructure is composed of a skeleton of open-source tools. Infrastructure on my agenda are primarily three components:

A worker node to perform ETL jobs, data enrichment, data storing and archiving.

A middle ware composed of a message queue and a self-hosted S3 solution. It will communicate events (MQ) and data (S3) between jobs.

Lastly, a scanning infrastructure to perform Internet-wide scans on my research efforts. For this, we collaborate with a cloud provider who allowed us to perform non-disrupting, low-impact Internet-wide scans.

When?

Well, there are still many considerations to make. Where to build my data lake? Self-hosted? On-prem? In the cloud? Using a solution provider? Many of those considerations need to be made to avoid vendor lock-in, but also to stick to my (tight) budget. At the moment of building this, I am finishing up my graduation, as well as sticking up to my standards on my job. Next to my private life, I aim to spend some hours each week on this project. A long-term rule-of-thumb would be a new blog post every month.

I hope you are as curious as me, which insights this effort will reveal. Stay tuned!