DESCRIPTION LAST UPDATED: 2024-08-16
DEFAULT SEVERITY LEVEL: HIGH
This report records observed traffic to darknet networks.
Darknets (also known as network telescopes) are unused sets of IP addresses, which in theory should observe no traffic. In practice, however, a lot of traffic reaches such networks through activities such as Internet scanning, malware propagation, or backscatter from spoofed DDoS events – meaning that these network packets can often be immediately classified as suspicious or malicious. In this way, darknets serve a similar type of function as honeypot listeners, only simpler. Additional packet fingerprinting measures can be employed to attribute tools or malware sending out such packets.
You can learn more on the report in our Darknet Events Report tutorial.
You can learn more on our reports in general in our Overview of Free Public Benefit Shadowserver Reports presentation, which also explains example Use Cases.
Severity levels are described here.
File name: event4_honeypot_darknet
This report type was created as part of the EU Horizon 2020 SISSDEN Project.
