Watching the Darknets for Warning

Arbor Networks says its new initiative allows ISPs to see new threats coming before they're publicly reported by their first victims.

By Andy Patrizio | Posted Feb 5, 2007
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

We know there are black holes in space, but would you believe there are black holes on the Internet? We're not talking about the customer service inboxes of certain firms. We're talking about darknets.

Network security firm Arbor Networks has introduced ATLAS, an initiative allowing ISPs to monitor darknets for whatever wanders into them.

Darknets are dead ends of the Internet. Every top-level domain has them. When an ISP sets up shop, it is given a large batch of TCP/IP addresses. But not all of them are allocated. Malware (define) uses them, though. Viruses and spyware can't tell the difference between the IP address of a server and an IP address to nowhere. That's one way to catch them.

ATLAS monitors the global Internet, and all participants can see what's happening in the other members' darknets. By being part of the ATLAS network, ISPs can see what's happening to the Internet on a global level. This provides ISPs like Cable & Wireless or Comcast with a warning as soon as it hits another network, so they can take precautionary steps.

The first phase of the ATLAS Initiative is a publicly accessible portal that monitors the darknet for any potential problems. It shows a real-time global threat map and has daily summaries of activities.

Unless it's a misconfigured router, the only thing that should be found in one of these dead ends is some form of malware. Sunil James, product manager for ATLAS, told internetnews.com that monitoring darknets gives a clear picture of what threats are out there.

"We've found that by sitting in a dark IP, we get access to propagation of these threats," he said. "Viruses aren't smart enough to know where they are going. So they often go into dark spaces. If anything, coming into that space, it's there because it thinks there's something to attack."

More importantly, ISPs really can't get a picture of the Internet far beyond their own network. They won't know NTT in Japan, for example, is under attack until the attack comes. As more ISPs put sensors on their darknets, the global map will get larger and more in-depth, said James.

Article courtesy of internetnews.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter