Alexander Männel, Jonas Mücke, kc Claffy, Max Gao, Ricky K. P. Mok, Marcin Nawrocki, Thomas C. Schmidt, Matthias Wählisch,
Lessons learned from operating a large network telescope,
In: Proc. of ACM SIGCOMM, New York: ACM, 2025.
Abstract: Network telescopes (aka "darknets") collect unsolicited Internet traffic (aka "Internet background radiation" or "IBR"), which includes benign and malicious scanning as well as artifacts of spoofed denial-of-service attacks and misconfigured software and networks. Analysis of this traffic has revealed macroscopic insights into security-related events such as large-scale attacks and malware spread, and global network dynamics such as outages --- guiding not only further research but also public policies. Operating a large-scale network telescope instrumentation is not trivial but is often taken for granted, unlike measurement infrastructures in physics. We offer the first study documenting our experiences operating the UCSD Network Telescope, the largest, public research telescope. We provide background on the history of the telescope, and focus on increasing challenges with maintaining the integrity of the data as the underlying network evolves, e.g. as the underlying address allocations shift. We develop and apply techniques to leverage third-party scanning activity to validate the integrity of the data, and to discover operational misconfigurations in the instrumentation. Those insights are crucial for understanding measurement results, as we illustrate using a data-driven analysis of concrete examples. We discuss how our findings generalize to support the expanding ecosoystem of other passive techniques to track security phenomena such as honeypot deployments.
Note: accepted for publication
Topics: Network Security | Network Management | Internet Measurements and Analysis
This page generated by bibTOhtml on Sa 12. Jul 00:05:05 CEST 2025