Network Telescopes Revisited: From Loads of Unwanted Traffic to Threat Intelligence

January 9, 2019 • Presentation

By

Piotr Bazydlo (Research and Academic Computer Network (NASK, Poland)), Adrian Korczak (Research and Academic Computer Network (NASK, Poland), and Pawel Pawlinski (Research and Academic Computer Network (NASK, Poland))

This presentation introduces a comprehensive system developed to analyze malicious traffic on a large scale and produce actionable results in close to real time.

Publisher

NASK, Poland

Subjects

Flocon

Abstract

Network telescope (a.k.a., darknet) is a monitored but otherwise unused IP space that should not receive any legitimate network traffic. In practice, a lot of packets can be observed in there: our network telescope deployed at NASK (Research and Academic Computer Network, Poland) which consists of more than 100 000 unused IP addresses gets about 30 million of packets per hour on average. Case studies are presented where data from a network telescope is used for threat hunting and improving situational awareness.

Software Engineering Institute