A network telescope (also known as a darknet, internet motion sensor or black hole) is an internet system that allows one to observe different large-scale events taking place on the Internet. The basic idea is to observe traffic targeting the dark (unused) address-space of the network. Since all traffic to these addresses is suspicious, one can gain information about possible network attacks (random scanning worms, and DDoS backscatter) as well as other misconfigurations by observing it.
The resolution of the Internet telescope is dependent on the number of dark addresses it monitors. For example, a large Internet telescope that monitors traffic to 16,777,216 addresses (a /8 Internet telescope in IPv4), has a higher probability of observing a relatively small event than a smaller telescope that monitors 65,536 addresses (a /16 Internet telescope).
A variant of a network telescope is a sparse darknet, or greynet, consisting of a region of IP address space that is sparsely populated with 'darknet' addresses interspersed with active (or 'lit') IP addresses.
The resolution of the Internet telescope is dependent on the number of dark addresses it monitors. For example, a large Internet telescope that monitors traffic to 16,777,216 addresses (a /8 Internet telescope in IPv4), has a higher probability of observing a relatively small event than a smaller telescope that monitors 65,536 addresses (a /16 Internet telescope).
A variant of a network telescope is a sparse darknet, or greynet, consisting of a region of IP address space that is sparsely populated with 'darknet' addresses interspersed with active (or 'lit') IP addresses.
No comments:
Post a Comment