Results 1 to 10 of 10

Thread: Darknet

  1. #1

    Darknet

    I scanned and searched, and didn't find anything previous on this topic. I've run across information on using a "darknet" in place of, or in addition to, an IDS or other network protections. The project is described in this link:

    http://www.cymru.com/Darknet/index.html#comments

    Has anyone set up and run one? What success have you had with it? Mostly, looking for some real-world validation that I can take to the rest of the crew at some point. The idea sounds good and may be a more "proactive" solution. I hate that word, but the concept is good.

  2. #2
    Junior Member
    Join Date
    Feb 2005
    Posts
    26
    From reading the introduction I didn't really understand the point of it, just seems like introducing another layer of the network to filter out a bit more of the rubbish?

  3. #3
    Senior Member
    Join Date
    Sep 2005
    Posts
    332
    This malware, actively scanning for vulnerable devices, will send packets into the Darknet, and this is exactly what we want.
    This almost sounds like a honey pot to me.

    With a Darknet in place, it is far easier to determine the amount of naughty traffic on a network, as well as the sources of said traffic.
    And with this little snit bit it seems like a darknet is more for analysis and forensics than actual prevention.
    \"He who shall introduce into public affairs the principles of primitive Christianity will change the face of the world.\"
    Benjamin Franklin

  4. #4
    Yes, it seems like a honeypot, but from the description and configuration, there should be no traffic to speak of on the net (thus dark net) unless it is malicious?

    Anyway, I was hoping that someone here may have attempted to implement this and has some real world experience to share.

  5. #5
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206
    I attempted this once but it wasn't very usefull to me, i think you need a fair size network.
    I guess on my small network at the time i just wasn't getting that many viruses or anything
    else that could trigger a lot of traffic hitting the "darknet" part. Anyway it was a little different
    setup then this one but i suppouse it worked similar to this.
    ----------------------------------------------------------------------------------------------------------
    "If I'd asked my customers what they wanted, they'd have said a faster horse." ~ Henry Ford

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I can see a _serious_ issue with the concept of a darknet... complacency...

    A dark net will alert you to noisy, badly written malware intent on mayhem. I would suggest that with the influx of organized crime and simple individuals trying to commit crimes the current trend is away from such malware and more towards malware that fulfils it's purpose without noise. This malware will be specifically targetted and will only "speak" to specific assets in a specific way. It will not sit there shouting it's presence at anyone who wishes to put a sniffer on his network.

    That spiffy new darknet you just implemented will not see this malware.... But it's far more costly to you than the mayhem intended malware.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Thanks for that perspective, TS. That helps a lot. I noticed that the dates on the documents were a couple years old.

    Hmmm ... so, even the recon traffic would not be seen in the darknet with the current type of malware and attacks?

    That's kind of what I was hoping to see if this was implemented, kind of as an early warning system.

    I'm not thinking of putting all the eggs in this basket, just so ya know. I thought it might be a good addition to the full range of detections we're planning.

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    It's going to catch the stuff that recons... That's the basic, mayhem intended stuff.... The costly stuff won't recon.. It's not intended for mayhem... Think of it like this:-

    Mayhem malware = An armored division

    Costly malware = SEAL team infiltrating enemy lines

    Which is easier to find?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Excellent point.

    That's how you explain things to me. As an old tread-head, I understand armored division.


  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    LOL... Whatever works...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •