[unisog] Darknet tools

Peter Van Epp vanepp at sfu.ca
Fri Nov 5 17:24:02 GMT 2004


	Ah! I have a bunch of darknets (we just call them unallocated address
space) and didn't know what I should be calling them :-). A kind person 
pointed me at http://www.cymru.com/Darknet/index.html. As others have mentioned 
argus on both of our links (outside all of our border filtering) sees all sorts 
of interesting attempts to do odd things to non existant addresses (as well
of course as our users doing undesirable things outbound until discouraged ...)
and has done so (if I go to tape and old argus versions) for the last 5 years
or so. My new netoptics regen taps will allow me (with a sufficiently powerful
box and disks) to capture the complete packet if desired without impacting the
argus capture (the volume is such that attempting to run tcpdump in parallel
with argus on the same machine causes packet loss).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

On Thu, Nov 04, 2004 at 10:53:48PM -0500, Jennifer Tu wrote:
> As a project for a network security course at MIT, we have set up a
> darknet on an MIT subnet.  What tools have you used to parse, analyze,
> monitor, and visualize darknet data?  Do you have a darknet on your
> network?  What do you use it for?
> 
> Jennifer Tu
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list