This report records observed traffic to darknet networks.
Darknets (also known as network telescopes) are unused sets of IP addresses, which in theory should observe no traffic. In practice, however, a lot of traffic reaches such networks through activities such as Internet scanning, malware propagation, or backscatter from spoofed DDoS events – meaning that these network packets can often be immediately classified as suspicious or malicious. In this way, darknets serve a similar type of function as honeypot listeners, only simpler. Additional packet fingerprinting measures can be employed to attribute tools or malware sending out such packets.
File name: event4_honeypot_darknet
This report type was created as part of the EU Horizon 2020 SISSDEN Project.