Internet Black Hole

Originating from “a globally routed /8 network (approximately 1/256th of all IPv4 Internet addresses) that carries almost no legitimate traffic…traffic destined to darkspace has evolved to include longer-duration, low-intensity events intended to establish and maintain botnets.”

“By monitoring these unsolicited responses, researchers can identify denial-of-service attack victims and infer information about the volume of the attack, the bandwidth of the victim, the location of the victim, and the types of services the attacker targets.”

“Scans are automated, semi-automated, and manual attempts to locate exploitable computers on the Internet.” – nmap scripting

“The scan traffic often differs from other types of traffic visible on the network telescope because it is not driven by chance.” – port and address range scanning /24

“Rather, the attacker’s byzantine motives in selecting scan targets appear arbitrary from the perspective of the recipient of the scan.” –  TCP-SYN/TCP-ACK/ICMP/SCTP/UDP/etc pings

“The UCSD Network Telescope observes many types of scans continually, including ping based scans for the existence of a device at a given IP address, sequential scans of ports on a single IP address, methodical scans for a single or a small number of vulnerable ports sequentially through an IP address range, and even scans utilizing TCP resets.”

Related: Serious Vulnerabilities Patched in CUPS Printing Service (og)

Real-time graphs:



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s