BLACKHOLE NETWORKS - AN UNDERESTIMATED SOURCE FOR INFORMATION LEAKS presented at First 2017

by Alexandre Dulaunoy,

Summary : Common approaches for measuring attacks are honeypots and blackhole networks. Honeypots on one side are resources designed to be attacked, are popular to measure attacks. On the other side there are blackhole networks, which are monitored announced unused IP-address-spaces, which are currently popular for measuring botnet activities as recently, the activities of the Mirai IoT botnet. Other observations on both can be backscatter traffic and misconfigured systems, as for example servers and routers, which often include default routes to the internet and have been forgotten to be removed or reconfigured. Different metrics are discussed in this work to assess misconfigured systems in raw packet captures.
In this experimental research activity, a framework will be presented to measure these misconfigurations in near real time. A survey of information leak categories will be presented, pinpointing the protocols that need special care while being configured. The evaluation of the various detection techniques and heuristics will be presented with major focus on pcap processing tools.