Podcasts
Word Notes
Ep 38
Word Notes 2.23.21
Ep 38 | 2.23.21

network telescope (noun)

Show Notes
Transcript

Rick Howard: The word is: network telescope.

Rick Howard: Spelled: network or a system of electronic endpoints interconnected by telecommunications equipment in order to transmit or receive information, and telescope for an instrument designed to make distant objects appear nearer.

Rick Howard: Definition: Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.

Rick Howard: Example sentence: Monitoring unexpected traffic arriving at a network telescope might provide early warning for serious network security events.

Rick Howard: Origin and context: Network telescopes are also known as "Internet background radiation monitors" and "packet telescopes." And according to a 2010 research paper, "Internet Background Radiation Revisited," because there are no legitimate hosts in these unused IP blocks, packets arriving must be the result of worm propagation, DDoS attacks, network misconfiguration, or other annoying or nefarious activity that's usually hidden in the noise of normal Internet traffic. Bill Cheswick and Steve Bellovin originally conceived the idea in 1998. Since then, various researchers have sought to extend the idea. The most prolific is probably the Center for Applied Internet Data Analysis, or CAIDA.

Rick Howard: Nerd reference: Bill Cheswick and Steve Bellovin are famous in old guy cybersecurity circles for writing one of the first cybersecurity books, "Firewalls and Internet Security: Repelling the Wily Hacker." I had a dog-eared copy in my desk back in the day when I was a young Unix system administrator. At the Vintage Computer Federation East 9.1 Conference in 2015, Cheswick described how he and Bellovin created the first network telescope.

Bill Cheswick: We built the first packet telescope, which basically meant we said, ‘Hey World, Network Twelve is here.’ Network Twelve is AT&T’s Internet address. We got it back in 1998 by asking for it. We said ‘Can we have this class A address?’ A Class A address probably has a market value of a billion dollars now, something like that. We said ‘We need it.’ And they said, ‘Oh you're a big company, you get one. Sure, we're giving them out to every big company.’ So Net Twelve came to us and we couldn't use it. It was too big. So we had this big, useless address. And I said, ‘let's gather all the traffic that comes to this big unused network and watch it and see what it is.’ It's a packet telescope and Steve Bellovin put up some monitoring and so on. And we got about 25 MB a day of random packets, which basically where the death screams of various machines around the Internet that we're shouting packets at that network.

Word Notes
Podcast Info
HOST(S):
Rick Howard
Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.
Schedule: Tuesdays
Creator: CyberWire, Inc.
ADVERTISEMENT
ExtraHop
ExtraHop

ExtraHop provides cyber analytics for the hybrid enterprise. Using wire data and machine learning for real-time threat detection and investigation from Core to Cloud, ExtraHop delivers unprecedented visibility, definitive insights, and immediate answers so security teams can act with confidence. Learn more at ExtraHop.