DeepSec 2013 Talk (U21): The Dark Side of the Internet
You may have heard of background radiation. It’s the kind of ionizing radiation you are exposed when wandering around on this planet. The sources are radioactive isotopes in the air, the soil, our food, and the water. In addition there is cosmic radiation from outer space. So even without artificial radiation sources you will have a natural background radiation. The Internet has a similar phenomenon. The pendant of the fundamental particle in Nature is the packet. Internet traffic consists of data packets going from their source to a target address. Imagine a part of the Internet which isn’t used at all. Its address space isn’t advertised anywhere. It holds no services and no active hosts. This place is called Darknet. In theory there will be no packets. In practice there are.
A student from our U21 initiative has explored a Darknet and will present his findings in the talk The Dark Side of the Internet. The idea was to take an unallocated portion of the Internet and to watch it. In a sense it is a network telescope. All you need it to record packets hitting the address space. Since there are no services, all packets are likely to be probes, attacks or back scatter. The collected samples are very interesting for security researchers of all kinds. They can be linked to active attacks, can serve as an indicator for malicious software running rampant, and they can be analysed to counter their impact.
The U21 talk will focus will focus on the analysis of the information collected using a particular Darknet as well as the set-up being used to extract the back scatter. Furthermore you will get to see the results of the projects together with statistics, metadata and packet analysis. We recommend this talk to anyone dealing with network security or analysis of malicious activities.