Slashdot Mirror

← Back to Stories (view on slashdot.org)

Build A Darknet To Capture Naughty Traffic

Posted by timothy on from the then-bend-it-to-your-evil-will dept.

DM_NeoFLeX writes "Have some routable Address Space lying around? You might want to build a DarkNet. The folks over at Team Cymru have outlined instructions for creating one with FreeBSD and as little as /32 routable space. From the article: 'A Darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are 'dark' because there is, seemingly, nothing within these networks. Any packet that enters a Darknet is by its presence Aberrant.' Darknets can provide useful information for tracking the flow of naughty network traffic."

6 of 266 comments (clear)

  1. Really . . . by OverlordQ · · Score: 4, Insightful

    These are 'dark' because there is, seemingly, nothing within these networks. Any packet that enters a Darknet is by its presence Aberrant.

    That's like the mailman trying to deliver letters to Santa Claus, or somebody addressing a letter wrong, thank good I know all those letters are Abberant now.

    --
    Your hair look like poop, Bob! - Wanker.
    1. Re:Really . . . by Effugas · · Score: 4, Insightful

      Snail mail just can't drop packets on the floor as easily...

      Quite the contrary; it's far easier to drop a letter on the floor. A letter has mass. ;-)

  2. But then by trialsboy · · Score: 5, Insightful

    Ok, it's a really good idea, but catching the naughty traffic isnt the hard part, what does it do witht he naughty traffic it gets, just make a pretty graph?

    --

    "Pushing little children, with their fully automatics, they like to push the weak around"
  3. HoneyPot? by molo · · Score: 4, Insightful

    Sounds like a standard HoneyPot, except the only machine on the nextwork segement is a packet sniffer, so the address doesn't have any real destinations.. Not a big deal. I'm sure the honeynet people have done similar.

    -molo

    --
    Using your sig line to advertise for friends is lame.
  4. Darknet used as filter. by jelwell · · Score: 5, Insightful

    An interesting use of a darknet would be to shield a real server from unwanted attacks. Have the darknet relate any internet IPs that contact the darknet to your real server to ignore.

    As an example. Setup a darknet on the following IPs:
    DARK_A : 204.210.34.1
    DARK_B : 204.210.34.3

    Setup the real server mathematically between the two darknet IP addresses:
    REAL : 204.210.34.2

    Now have DARK_A & DARK_B contact REAL whenever DARK_A or DARK_B receive any packets. REAL can be setup to, on the fly, filter out any packets received from the same source as the DARK servers reported.

    In a sense you're creating a realtime blacklist. You can set the list on a timed delay to expire. Or even filter out specific packet signatures instead of entire suspect IP addresses.

    just a thought...
    Joseph Elwell

  5. Darknet not needed by lukewarmfusion · · Score: 4, Insightful

    I have a whole list of bookmarks for my naughty traffic.

    Seriously, though... I have a spare wireless router set up at work that's easily hacked, easily found, and logs every damn thing that touches it. Our real wireless network is obscured, encrypted, mac filtered, etc. I realize it's not technically the same thing as the post describes (I guess you'd call it a honeypot network or something) but it's the same idea.

    Of course, nobody will care if a hacker makes his way into our network (honeypot or not) unless he does some "damage."