The term “Darknet” has been used by some in the IT community to describe hidden areas of the Internet used for illicit activites. It means something else to Paul Vixie, CEO of Farsight Security and the original creator of the open-source DNS BIND server.
In a video interview, Vixie discussed the Darknet and how it can be leveraged to collect data that can help in security investigations. The Darknet is more of what Vixie refers to as a “network telescope” providing a view into what is going on across the Internet.
“This [Darknet] is address space that is reachable from the Internet, but is not currently used for anything,” Vixie said.
Vixie explained that in BGP routing, service providers tend to advertise big chunks of address space into the Internet core.
“Inevitably there will be addresses that are advertised by BGP that are reachable, but are not being used,” Vixie said. “Traditionally, when people receive packets that are sent to those unused addresses, they are sent to a null-zero interface on a border router, which means they are dropped.”
While dropped Darknet packets don’t mean all that much to any one individual service provider, Vixie’s view is that once all the Darknet information is aggregated by way of Farsight Security, there is some real insight that can be obtained.
“You can see all the bad people, and some good people as well, that are scanning the Internet looking for various things,” Vixie said. “We have a very large Darknet of between five and fifteen Megabits per second of traffic that is just cosmic background radiation, reflected through the Internet as people scan for things.”
Watch the video with Paul Vixie below:
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.