Wiki

« Back to FrontPage

internet background noise

Internet Background Noise #

Le bruit de fond Internet est constitué de l'ensemble du trafic Internet à destination d'adresses IP (et de ports) sur lequel aucun équipement réseau n'est configuré dark internet. La majorité de ce trafics est lié à des scan de port (portscan) provenant de virus, et autres utilisateurs malveillants.

Visualisation graphique du buit de fond Internet
http://www.switch.ch/security/services/IBN/

Dark Internet #

Portion de l'espace d'adressage IP Internet inoccupé (aucun équipement présent).

Le trafic reçu sur ces adresses inoccupées est alors considéré comme du bruit de fond ( internet background noise ).

En "écoutant" le trafic sur de telles adresses on peut plus facilement mettre en place des systèmes de détection ou prévention d'intrusion. Ressources

The Team Cymru Darknet Project http://www.cymru.com/Darknet/
A Darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are "dark" because there is, seemingly, nothing within these networks. Any packet that enters a Darknet is by its presence aberrant. No legitimate packets should be sent to a Darknet. Such packets may have arrived by mistake or misconfiguration, but the majority of such packets are sent by malware. This malware, actively scanning for vulnerable devices, will send packets into the Darknet, and this is exactly what we want. Darknets have multiple uses. These can be used to host flow collectors, backscatter detectors, packet sniffers, and IDS boxes. The elegance of the Darknet is that it cuts down considerably on the false positives for any device or technology.

The network telescope http://www.caida.org/analysis/security/telescope/
A network telescope is a portion of routed IP address space on which little or no legitimate traffic exists. Monitoring unexpected traffic arriving at a network telescope yields a view of certain remote network events. Among the visible events are various forms of flooding DoS attacks, infection of hosts by Internet worms, and network scanning.

Internet Motion Sensor http://ims.eecs.umich.edu/
The Internet Motion Sensor (IMS) is a globally-scoped threat monitoring system whose goal is to measure, characterize, and track emerging threats such as worms, denial of service attacks and network scanning activities. The IMS utilizes a large collection of distributed sensors that monitor blocks of globally routable unused address space. Because the blocks contain no active hosts, the traffic must be the result of misconfiguration, backscatter from spoofed source addresses, or scanning from worms and other probing.

0 Attachments
81873 Views
Average (0 Votes)
The average rating is 0.0 stars out of 5.
Comments
No comments yet. Be the first.