Friday, January 27, 2006

On Darknets...

I wrote a page on how to visualise traffic volumes on Darknets using tcpdump and mrtg. A darknet is a section of network that is explicitly assigned to not be used. As such, any traffic heading into that network (or even worse, any traffic coming out of it) is suspicious traffic.

Monitoring the traffic flows to a Darknet is very useful as an early warning system for new network-based exploits, or for detecting attempted Denial of Service attacks. I operate one of those Darknets for UvT-CERT, and it has always provided us with very useful information about attempted abuse, but also about misconfigured systems on our own network.

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.