[ale] [OT] Voicepulse question
Aditya Srinivasan
sriad at uab.edu
Thu Dec 9 18:19:02 EST 2004
Micheal,
On Thu, 9 Dec 2004, Michael H. Warfield wrote:
> "Dark addresses" and "dark networks" are terms that are in use by
> some of us and some of us (I for one) run dark networks. These are also,
> sometimes, referred to as "net telescopes". They are addresses (public,
> advertised, and fully routable) which have nothing on them and and configured
> to not even return errors or ICMP returns. Thus they are "dark" or "black
> hole" addresses. Packets route in, nothing ever comes back. The largest
> "dark network" I know of, for sure, is Cadia's /8 net telescope (mine
> is a bit less than a /17). These are what, at least in the security
> community, are referred to as "dark addresses" or "dark networks".
>
> I also have some addresses which are "grey". They respond to
> pings "ICMP ECHO request and reply" but everything else is black holed.
> That's set up for "bump and bite" malware that likes to ping an address
> first and then attempt to connect to a target. But that's not as
> much in common use as the term "dark net" or "dark address" to refer
> to addresses which are totally black holed and totally dark.
Thanks for the explanation.
What are dark nets used for, other than for keeping track of viruses/worms
that attempt to scan IP addresses and make connections.
Who funds this service ? And how do they profit ?
Thanks,
sriad
More information about the Ale
mailing list