last update: 2012-10-23

What is TSUBAME?

JPCERT/CC started deploying "ISDAS (Internet Scan Data Acquisition System)" for domestic use in fiscal year 2003.

In 2008, JPCERT/CC started a new Internet threat monitoring system "TSUBAME" and deployed sensors in CSIRTs in the Asia Pacific region to establish a common platform for Internet threat monitoring, information sharing and analysis in the region, and to promote collaboration among CSIRTs by using this common platform.

In 2012, ISDAS was also updated and incorporated to "TSUBAME".

TSUBAME has a wide distributed arrangement of sensors, and observes various scan activities in the Asia Pacific region; worm infections, probing vulnerable systems, etc.

JPCERT/CC provides summarized scan trends (graphs) by using the data observed in TSUBAME. Moreover, the observed data are used as a basis of JPCERT/CC activities for publishing alerts and advisories, security awareness documents, etc.

About Sensors

TSUBAME sensors are placed over various address blocks in the Asia Pacific region; on the edge of xDSL lines, near the IXes, etc. The sensors watch TCP, UDP, and ICMP packets coming through the Internet.

How to Read the TSUBAME Graph

Here is the description on what the TSUBAME graph shows

Destination Port Graph

The graph publicized on the web shows the top five accessed ports, based on the average number of packet counts per sensor by quarter and by year, respectively.

* The unit time differs in each graph (qurarterly and year).