In nature, vigilance and intelligence are essential for the survival
of any species. The ability to communicate information quickly and uniformly, particularly threats, is often the difference between evolution and extinction.Survival also depends on the ability to respond appropriately to a detected threat. The faster you can identify the location and intent of a possible threat, the faster you can choose a response. IDSs act as a form of network "radar", but they generally only benefit specific networks.
As the importance and use of the Internet increases, rapid identification of threats at a global level becomes even more vital. Better advance warning benefits the entire Internet, and this is where darknets and network telescopes come into play.
These terms describe both a concept and actual tool used for sounding early warning of Internet threats. By detecting port scanning activity early, it's possible to gain valuable information about a threat before it becomes widespread.
A darknet is basically a "dark" network, an area of routed IP address space that has few or no valid services or hosts. By default, you can consider any traffic entering a darknet from any source as hostile (except, of course, traffic you specifically know about).
The larger the IP address space, the better the darknet can monitor potential sources of malicious Internet traffic. If you configure a darknet with public Internet address space, you can use it to monitor malicious activity on the Internet itself. However, due to the limitations of public Internet address space, only organisations such as the CAIDA and universities involved in Internet research generally set up darknets on public Internet space.
But you still have options on a private IP network. You can use a darknet to track internal network activity indicative of an internal host compromise or worm. Darknets aren't difficult to set up — just take a large...
For more, click here...
