[unisog] Darknet tools

Jennifer Tu jtu at MIT.EDU
Fri Nov 5 17:09:57 GMT 2004


The basic idea is "packets come in, no packets go out."  Since no traffic
is exiting your darknet, the only traffic you'll see is from misconfigured
or malicious hosts.  Darknets are also called "network telescopes"
(I think because you can observe small or distant network events).

I read about the idea on Team Cymru's page, which has a much more thorough
explanation:  http://www.cymru.com/Darknet/index.html.  My project team
hasn't been able to find much beyond that (CAIDA has some information on
their website).

Jennifer Tu


On Fri, 5 Nov 2004, Peter Van Epp wrote:

> 	OK, since no one else seems inclined to, I'll display my ignorance:
> whats a darknet? I've heard of honeynets and I gather a darknet is similar if
> perhaps not identical?
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
> On Thu, Nov 04, 2004 at 10:53:48PM -0500, Jennifer Tu wrote:
> > As a project for a network security course at MIT, we have set up a
> > darknet on an MIT subnet.  What tools have you used to parse, analyze,
> > monitor, and visualize darknet data?  Do you have a darknet on your
> > network?  What do you use it for?
> >
> > Jennifer Tu
> > _______________________________________________
> > unisog mailing list
> > unisog at lists.sans.org
> > http://www.dshield.org/mailman/listinfo/unisog
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>



More information about the unisog mailing list