Jump to content

Network telescope

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by JRey (talk | contribs) at 15:20, 10 September 2013 (→‎External links: - added Merit IPv6 Darknet). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A network telescope (also known as a darknet, Internet motion sensor or black hole[1]) is an Internet system that allows one to observe different large-scale events taking place on the Internet. The basic idea is to observe traffic targeting the dark (unused) address-space of the network. Since all traffic to these addresses is suspicious, one can gain information about possible network attacks (random scanning worms, and DDoS backscatter) as well as other misconfigurations by observing it.

The resolution of the Internet telescope is dependent on the number of dark addresses it monitors. For example, a large Internet telescope that monitors traffic to 16,777,216 addresses (a /8 Internet telescope in IPv4), has a higher probability of observing a relatively small event than a smaller telescope that monitors 65,536 addresses (a /16 Internet telescope).

A variant of a network telescope is a sparse darknet, or greynet, consisting of a region of IP address space that is sparsely populated with "darknet" addresses interspersed with active (or "lit") IP addresses.[1]

See also

References

  1. ^ a b "Defining and Evaluating Greynets (Sparse Darknets)". ieeexplore.ieee.org. Retrieved 2008-06-24.


Stub icon

This computer networking article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Network_telescope&oldid=572355579"