Abstract

Alexander Männel, Jonas Mücke, kc Claffy, Max Gao, Ricky K. P. Mok, Marcin Nawrocki, Thomas C. Schmidt, Matthias Wählisch,
Lessons Learned from Operating a Large Network Telescope,
In: Proc. of ACM Special Interest Group on Data Communication (SIGCOMM), ACM : New York, 2025.
[html][BibTeX][Abstract]

Abstract: Network telescopes (aka darknets) collect unsolicited Internet traffic (aka Internet background radiation or IBR), which includes benign and malicious scanning as well as artifacts of spoofed denial-of-service attacks and misconfigured software and networks. Analysis of this traffic has revealed macroscopic insights into security-related events and global network dynamics such as outages. Operating a large-scale network telescope is challenging but often taken for granted, unlike measurement infrastructures in physics. We offer the first study documenting our experiences operating the UCSD Network Telescope, the largest and longest-operating network telescope supporting scientific research. We provide background on the history of the telescope, and focus on increasing operational challenges We develop and apply techniques to leverage third-party scanning activity to validate the integrity of the data, and to discover misconfigurations in the instrumentation. These insights are crucial for understanding measurement results, which we illustrate using concrete examples. We discuss how our findings generalize to support the expanding ecosystem of other passive techniques, such as honeypots, to track security phenomena.

Themes: Network Security , Internet Measurement and Analysis

 

This page generated by bibTOhtml on Mon Apr 28 12:05:05 AM UTC 2025