Analysis of information sources in references of the Wikipedia article "Network telescope" in English language version.
corroborated by similar drops in observed by CAIDA's UCSD Network Telescope, which serves a function similar to the set of Akamai servers that collect attack traffic data.
"network telescope that we operate presently amounts to approximately 210 thousand unused IPv4 addresses spread over the networks of a number of partner organizations (located in Japan and aboard). Those unused addresses form darknets ranging in size from a few addresses to whole /16 subnets ... the notion of a "greynet" ... composed of a mixture of used and unused IP addresses
network telescopes were named as an analogy to astronomical telescopes, ... driven by the comparison of packets arriving in a portion of address space to photons arriving in the aperture of a light telescope. ... a larger aperture increases the resolution of objects by providing more positional detail; with network telescopes, having a larger address space increases the resolution of events by providing more time detail. ... to observe one or more packets from a Code-Red-like host on a /8 with 99.999% probability requires 4.9 minutes. ... Even if the attack lasted 5 minutes, there is only a 89.9% chance that a /16 telescope would see at least 1 packet. ... thank Brian Kantor, Jim Madden, and Pat Wilson of UCSD for technical support of the Network Telescope project. ... Support for this work is provided by NSF Trusted Computing Grant CCR-0311690, Cisco Systems University Research Program, DARPA FTN Contract N66001-01-1-8933, NSF Grant ANI-0221172, National Institute of Standards Grant 60NANB1D0118, and a generous gift from AT&T.
a setup with /15 network telescope
Systems that monitor unused address spaces have a variety of names, including darknets, network telescopes, blackhole monitors, network sinks, and network motion sensors. ... 1/8 ... 50/8 ... 107/8 ... 35/8
in the case of a TCP SYN flood attack with a spoofed source IP, the victim will reply with a TCP SYN-ACK to the spoofed IP; if the spoofed IP happened to be within the 35/8 address space, our darknet will capture the SYN-ACK replies ... Collection Starting: [2005-10-05]; ... Data collection is ongoing ... Size: 18.2TB Size is growing as more data is collected[permanent dead link]
darknet operated at Merit Network for the period from [2013-01-01] to [2014-05-01]. ... 5.5 million addresses, ... 1.4 billion packets, or 55 GB of traffic, per day.
a setup with /15 network telescope
Thank you to Eoin Kenny from HEAnet ... A traditional /16 network telescope was provided by HEAnet, Ireland's National Education and Research Network. ... /16 address space had been unused for a number of years before this research ... 256 times smaller than the CAIDA /8 ... recorded data rate was 1.25Mbps ... 95.6GB
about this time (late 1980s) Mark Horton obtained a class A address for AT&T from the powers-that-be by simply asking. ... our Cray computer seemed to require a class A network ... took 12.0.0.0/8 and announced it to the Net, feeding the packets to a non-existent Ethernet address and running tcpdump on the traffic, which came to about 12 to 25 MB/day. Steve analyzed that traffic and wrote a fine paper. Basically, we were watching the death screams of attacked hosts that used IP address-based authentication. ... This is the first packet telescope I can remember, and I think I might even have coined the term "packet telescope," but my memory is fuzzy on that.
about this time (late 1980s) Mark Horton obtained a class A address for AT&T from the powers-that-be by simply asking. ... our Cray computer seemed to require a class A network ... took 12.0.0.0/8 and announced it to the Net, feeding the packets to a non-existent Ethernet address and running tcpdump on the traffic, which came to about 12 to 25 MB/day. Steve analyzed that traffic and wrote a fine paper. Basically, we were watching the death screams of attacked hosts that used IP address-based authentication. ... This is the first packet telescope I can remember, and I think I might even have coined the term "packet telescope," but my memory is fuzzy on that.
Systems that monitor unused address spaces have a variety of names, including darknets, network telescopes, blackhole monitors, network sinks, and network motion sensors. ... 1/8 ... 50/8 ... 107/8 ... 35/8
network telescopes were named as an analogy to astronomical telescopes, ... driven by the comparison of packets arriving in a portion of address space to photons arriving in the aperture of a light telescope. ... a larger aperture increases the resolution of objects by providing more positional detail; with network telescopes, having a larger address space increases the resolution of events by providing more time detail. ... to observe one or more packets from a Code-Red-like host on a /8 with 99.999% probability requires 4.9 minutes. ... Even if the attack lasted 5 minutes, there is only a 89.9% chance that a /16 telescope would see at least 1 packet. ... thank Brian Kantor, Jim Madden, and Pat Wilson of UCSD for technical support of the Network Telescope project. ... Support for this work is provided by NSF Trusted Computing Grant CCR-0311690, Cisco Systems University Research Program, DARPA FTN Contract N66001-01-1-8933, NSF Grant ANI-0221172, National Institute of Standards Grant 60NANB1D0118, and a generous gift from AT&T.
darknet operated at Merit Network for the period from [2013-01-01] to [2014-05-01]. ... 5.5 million addresses, ... 1.4 billion packets, or 55 GB of traffic, per day.
corroborated by similar drops in observed by CAIDA's UCSD Network Telescope, which serves a function similar to the set of Akamai servers that collect attack traffic data.
Thank you to Eoin Kenny from HEAnet ... A traditional /16 network telescope was provided by HEAnet, Ireland's National Education and Research Network. ... /16 address space had been unused for a number of years before this research ... 256 times smaller than the CAIDA /8 ... recorded data rate was 1.25Mbps ... 95.6GB
