icon-carat-right menu search cmu-wordmark

Network Telescopes Revisited: From Loads of Unwanted Traffic to Threat Intelligence

Presentation
This presentation introduces a comprehensive system developed to analyze malicious traffic on a large scale and produce actionable results in close to real time.
Publisher

NASK, Poland

Topic or Tag

Abstract

Network telescope (a.k.a., darknet) is a monitored but otherwise unused IP space that should not receive any legitimate network traffic. In practice, a lot of packets can be observed in there: our network telescope deployed at NASK (Research and Academic Computer Network, Poland) which consists of more than 100 000 unused IP addresses gets about 30 million of packets per hour on average. Case studies are presented where data from a network telescope is used for threat hunting and improving situational awareness.

Part of a Collection

FloCon 2019 Presentations

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.