Darknet's the Black holes of the Internet
by Darren Miller
Published on this site: July 8th, 2005 - See
more articles from this month...
Black Holes & Darknet's
A "Black Hole" can be defined many ways. One definition
is "An area of space-time with a gravitational field
so intense that its escape velocity is equal to or exceeds
the speed of light", another is "A great void or
abyss", and yet another and more relevant definition
is "What data has fallen into if it disappears mysteriously
between its origin and destination sites" For instance,
an e-mail that never reaches it's destination and the sender
never receives a bounce or undeliverable message.
Darknet's - The Internet – A Million Points Of Light
Just for a moment, try to visualize the Internet like a clear
night sky with millions of stars. Some stars are dim while
others are bright, and others appears to blink on an off.
Now turn your attention to what you "don't" see.
What appears to be the black spaces between stars in the night
sky. In many cases, there are stars there, just to faint to
see with the naked eye. However, great voids of darkness could
be the result of a black hole, an area of space where nothing
that goes in, not even light, can escape.
There are places like this on the Internet. Some are there
by accident, maybe through the incorrect configuration of
a router or group of Internet hosts. But there are those areas
of Internet dark space that are there quite on purpose. Darknet's,
unlike honey nets or honey pots, where malicious activity
can be monitored and recorded, appear as black holes in the
Internet address space. Any data, communications, or request
that falls into a Darknet is lost for ever. The sending host
never receives a response.
A Darknet, intentionally configured, is a great research
and monitoring tool. In many cases, these systems are used
as early warning systems. For instance, say a new worm appears
and starts probing the Internet address space for live hosts
to infect. Many worms do so in a blind fashion, scanning and
probing many areas of address space on the Internet. Because
Darknet's are relatively quite areas of the Internet, any
spike in incoming activity may be considered suspicious. As
the packets of data stream into the Darknet, they are collected
and can then be analyzed. Because the host the packet originated
from never receives a response, it may continue to stream
its data into the Darknet hoping to finally find a live host.
Unfortunately for the sending host, it never will.
Conclusion
If you are interested in learning more about Darknet's, maybe
even setting one up your self, take a look at the work done
by Team Cyrmru. They have posted detailed information on how
to construct a Darknet and provide statistical information
on their Darknet servers and other Internet network monitoring
initiatives.
Darren Miller is an Information Security Consultant
with over sixteen years experience. He has written many technology
& security articles, some of which have been published
in nationally circulated magazines & periodicals. If you
would like to contact Darren you can e-mail him at [email protected].
If you would like to know more about computer security please
visitus at http://www.defendingthenet.com
|
