Title :
Defining and Evaluating Greynets (Sparse Darknets)
Author :
Harrop, Warren ; Armitage, Grenville
Author_Institution :
Centre for Adv. Internet Archit., Swinburne Univ. of Technol., Melbourne, Vic.
Abstract :
Darknets are increasingly being proposed as a means by which network administrators can monitor for anomalous, externally sourced traffic. Current darknet designs require large, contiguous blocks of unused IP addresses - not always feasible for enterprise network operators. In this paper we introduce, define and evaluate the concept of a greynet - a region of IP address space that is sparsely populated with ´darknet´ addresses interspersed with active (or ´lit´) IP addresses. We use raw traffic traces collected within a university network to evaluate how sparseness affects a greynet ´s effectiveness and hence show that enterprise operators can achieve useful levels of network scan detection, with only small numbers of ´dark´ IP addresses making up their greynets
Keywords :
IP networks; computer network management; telecommunication traffic; IP address; greynets; network administrators; network scan detection; sourced traffic; sparse darknets; Australia; Backscatter; IP networks; Internet; Intrusion detection; Monitoring; Probes; Scattering; Telecommunication traffic; Telescopes;
Conference_Titel :
Local Computer Networks, 2005. 30th Anniversary. The IEEE Conference on
Conference_Location :
Sydney, NSW
Print_ISBN :
0-7695-2421-4
DOI :
10.1109/LCN.2005.46
