Network telescope

A network telescope (also known as a packet telescope,^[1] darknet, Internet motion sensor or black hole)^[2]^[3]^[4] is an Internet system that allows one to observe different large-scale events taking place on the Internet. The basic idea is to observe traffic targeting the dark (unused) address-space of the network. Since all traffic to these addresses is suspicious, one can gain information about possible network attacks (random scanning worms, and DDoS backscatter) as well as other misconfigurations by observing it.

The resolution of the Internet telescope is dependent on the number of IP addresses it monitors. For example, a large Internet telescope that monitors traffic to 16,777,216 addresses (the /8 Internet telescope in IPv4), has a higher probability of observing a relatively small event than a smaller telescope that monitors 65,536 addresses (a /16 Internet telescope).

The naming comes from an analogy to optical telescopes, where a larger physical size allows more photons to be observed.^[5]

A variant of a network telescope is a sparse darknet, or greynet, consisting of a region of IP address space that is sparsely populated with "darknet" addresses interspersed with active (or "lit") IP addresses.^[2] These include a greynet assembled from 210,000 unused IP addresses mainly located in Japan.^[6]

Large network telescope instances

More information Coverage, IPs ...

Network	Coverage	IPs	Name	Life span	Captures
1/8	100%^[3]	~16M	APNIC	2010-02-23 (1 week)	4.1 terabyte^[3]
44/8	99%^[4]	~16M	UCSD Network Telescope^{[note 1]}	2001-02-01‒2017-12-31	3.25 petabyte^[7]
2018-01-01‒2019-06-04
74%	~12M	2019-06-05—
35/8	67%^[4]	~11M	Merit Network^{[note 2]}	2005-10-05—	18.2 terabyte^[9]
50/8	100%^[3]	~16M	ARIN	2010-03-12 (1 week)	1.1 terabyte^[3]
107/8	100%^[3]	~16M	ARIN	2010-03-25 (1 week)	1.2 terabyte^[3]
1,300 networks	Akamai^[10] / MIT^[11]	2009/2019—
/16	100%	65k	HEAnet^[12]	2019-03 (1 week)	96 gigabyte^[12]
/15	100%	~130k	SURFnet^[13]
2a10::/12 (IPv6)	100%	8.3 billion trillion trillion (2^112)	RIPE NCC^[14]	2020-01-13 – 2020-01-16 (3 days)	19M packets

[N 1]
Hosted at San Diego Supercomputer Center, operated by Center for Applied Internet Data Analysis for University of California, San Diego, using Amateur Radio AMPRNet IP addresses.
[N 2]
Merit Network Telescope, consisting of ~5.5 million (2014),^[8] or ~11 million, unused IP addresses.

Remove ads

Network telescope

Large network telescope instances

See also

References

Further reading

External links

Wikiwand - on