Network Telescope

Honeypot

network telescope (also known as a ‘packet telescope,’ ‘darknet,’ ‘Internet motion sensor,’ or ‘black hole’) is an Internet system that allows one to observe different large-scale events taking place on the Internet. The basic idea is to observe traffic targeting the dark (unused) address-space of the network.

Since all traffic to these addresses is suspicious, one can gain information about possible network attacks (random scanning worms, and DDoS backscatter) as well as other misconfigurations by observing it.

The resolution of the Internet telescope is dependent on the number of IP addresses it monitors. For example, a large Internet telescope that monitors traffic to 16,777,216 addresses (the /8 Internet telescope in IPv4), has a higher probability of observing a relatively small event than a smaller telescope that monitors 65,536 addresses (a /16 Internet telescope). The naming comes from an analogy to optical telescopes, where a larger physical size allows more photons to be observed.

A variant of a network telescope is a ‘sparse darknet,’ or ‘greynet,’ consisting of a region of IP address space that is sparsely populated with ‘darknet’ addresses interspersed with active (or ‘lit’) IP addresses. These include a greynet assembled from 210,000 unused IP addresses mainly located in Japan.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.