Network telescopes are collections of unused but BGP-announced IP addresses. They collect the pollution of the Internet: scanning, misconfigurations, backscatter from DoS attacks, bugs, etc. For example, several historical studies used network telescopes to examine worm outbreaks.
In this talk I will discuss phenomena that have recently induced many sources to send traffic to network telescopes. By examining this pollution we find a wealth of security-related data. Specifically, I’ll touch on scanning trends, DoS attacks that leverage open DNS resolvers to overwhelm authoritative name servers, BitTorrent index poisoning attacks (which targeted torrents with China in their name), a byte order bug in Qihoo 360 (while updating, this security software sent acknowledgements to wrong IP addresses… for 5 years), and the consequence of an error in Sality’s distributed hash table.
Karyn recently defended her PhD in computer science. Prior to starting graduate school she wrote intrusion detection software for the US Army. When not looking at packets, Karb eats tacos, runs marathons, and collects state quarters.