Network telescope
From Wikipedia, the free encyclopedia
A network telescope (also known as a packet telescope,[1] darknet, Internet motion sensor or black hole)[2][3][4] is an Internet system that allows one to observe different large-scale events taking place on the Internet. The basic idea is to observe traffic targeting the dark (unused) address-space of the network. Since all traffic to these addresses is suspicious, one can gain information about possible network attacks (random scanning worms, and DDoS backscatter) as well as other misconfigurations by observing it.
The resolution of the Internet telescope is dependent on the number of IP addresses it monitors. For example, a large Internet telescope that monitors traffic to 16,777,216 addresses (the /8 Internet telescope in IPv4), has a higher probability of observing a relatively small event than a smaller telescope that monitors 65,536 addresses (a /16 Internet telescope).
The naming comes from an analogy to optical telescopes, where a larger physical size allows more photons to be observed.[5]
A variant of a network telescope is a sparse darknet, or greynet, consisting of a region of IP address space that is sparsely populated with "darknet" addresses interspersed with active (or "lit") IP addresses.[2] These include a greynet assembled from 210,000 unused IP addresses mainly located in Japan.[6]
Large network telescope instances
Network | Coverage | IPs | Name | Life span | Captures |
---|---|---|---|---|---|
1/8 | 100%[3] | ~16M | APNIC | 2010-02-23 (1 week) | 4.1 terabyte[3] |
44/8 | 99%[4] | ~16M | UCSD Network Telescope[note 1] | 2001-02-01‒2017-12-31 | 3.25 petabyte[7] |
2018-01-01‒2019-06-04 | |||||
74% | ~12M | 2019-06-05— | |||
35/8 | 67%[4] | ~11M | Merit Network[note 2] | 2005-10-05— | 18.2 terabyte[9] |
50/8 | 100%[3] | ~16M | ARIN | 2010-03-12 (1 week) | 1.1 terabyte[3] |
107/8 | 100%[3] | ~16M | ARIN | 2010-03-25 (1 week) | 1.2 terabyte[3] |
1,300 networks | Akamai[10] / MIT[11] | 2009/2019— | |||
/16 | 100% | 65k | HEAnet[12] | 2019-03 (1 week) | 96 gigabyte[12] |
/15 | 100% | ~130k | SURFnet[13] | ||
2a10::/12 (IPv6) | 100% | 8.3 billion trillion trillion (2^112) | RIPE NCC[14] | 2020-01-13 – 2020-01-16 (3 days) | 19M packets |
- Hosted at San Diego Supercomputer Center, operated by Center for Applied Internet Data Analysis for University of California, San Diego, using Amateur Radio AMPRNet IP addresses.
- Merit Network Telescope, consisting of ~5.5 million (2014),[8] or ~11 million, unused IP addresses.
See also
References
Further reading
External links
Wikiwand - on
Seamless Wikipedia browsing. On steroids.