Network Telescopes Revisited: From Loads of Unwanted Traffic to Threat Intelligence
• Presentation
This presentation introduces a comprehensive system developed to analyze malicious traffic on a large scale and produce actionable results in close to real time.
Publisher
NASK, Poland
Topic or Tag
Abstract
Network telescope (a.k.a., darknet) is a monitored but otherwise unused IP space that should not receive any legitimate network traffic. In practice, a lot of packets can be observed in there: our network telescope deployed at NASK (Research and Academic Computer Network, Poland) which consists of more than 100 000 unused IP addresses gets about 30 million of packets per hour on average. Case studies are presented where data from a network telescope is used for threat hunting and improving situational awareness.
Part of a Collection
FloCon 2019 Presentations
This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.