[unisog] Darknet tools

Brance Amussen :)_S brance at jhu.edu
Fri Nov 5 17:52:32 GMT 2004

looks like there is more than one definition of a "darknet"
I am assuming of coarse that Jennifer is refering to the definition at
B :)_S

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org]On Behalf Of Peter Van Epp
Sent: Friday, November 05, 2004 12:24 PM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Darknet tools

	Ah! I have a bunch of darknets (we just call them unallocated address
space) and didn't know what I should be calling them :-). A kind person
pointed me at http://www.cymru.com/Darknet/index.html. As others have
argus on both of our links (outside all of our border filtering) sees all
of interesting attempts to do odd things to non existant addresses (as well
of course as our users doing undesirable things outbound until discouraged
and has done so (if I go to tape and old argus versions) for the last 5
or so. My new netoptics regen taps will allow me (with a sufficiently
box and disks) to capture the complete packet if desired without impacting
argus capture (the volume is such that attempting to run tcpdump in parallel
with argus on the same machine causes packet loss).

Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada

On Thu, Nov 04, 2004 at 10:53:48PM -0500, Jennifer Tu wrote:
> As a project for a network security course at MIT, we have set up a
> darknet on an MIT subnet.  What tools have you used to parse, analyze,
> monitor, and visualize darknet data?  Do you have a darknet on your
> network?  What do you use it for?
> Jennifer Tu
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list