Network Telescopes Revisited: From Loads of Unwanted Traffic to Threat Intelligence
January 2019 • Presentation
Piotr Bazydlo (Research and Academic Computer Network (NASK, Poland)), Adrian Korczak (Research and Academic Computer Network (NASK, Poland), Pawel Pawlinski (Research and Academic Computer Network (NASK, Poland))
This presentation introduces a comprehensive system developed to analyze malicious traffic on a large scale and produce actionable results in close to real time.
Network telescope (a.k.a., darknet) is a monitored but otherwise unused IP space that should not receive any legitimate network traffic. In practice, a lot of packets can be observed in there: our network telescope deployed at NASK (Research and Academic Computer Network, Poland) which consists of more than 100 000 unused IP addresses gets about 30 million of packets per hour on average. Case studies are presented where data from a network telescope is used for threat hunting and improving situational awareness.