Word Notes 2.23.21
Ep 38 | 2.23.21

network telescope (noun)


Rick Howard: The word is: network telescope.

Rick Howard: Spelled: network or a system of electronic endpoints interconnected by telecommunications equipment in order to transmit or receive information, and telescope for an instrument designed to make distant objects appear nearer.

Rick Howard: Definition: Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.

Rick Howard: Example sentence: Monitoring unexpected traffic arriving at a network telescope might provide early warning for serious network security events.

Rick Howard: Origin and context: Network telescopes are also known as "Internet background radiation monitors" and "packet telescopes." And according to a 2010 research paper, "Internet Background Radiation Revisited," because there are no legitimate hosts in these unused IP blocks, packets arriving must be the result of worm propagation, DDoS attacks, network misconfiguration, or other annoying or nefarious activity that's usually hidden in the noise of normal Internet traffic. Bill Cheswick and Steve Bellovin originally conceived the idea in 1998. Since then, various researchers have sought to extend the idea. The most prolific is probably the Center for Applied Internet Data Analysis, or CAIDA.

Rick Howard: Nerd reference: Bill Cheswick and Steve Bellovin are famous in old guy cybersecurity circles for writing one of the first cybersecurity books, "Firewalls and Internet Security: Repelling the Wily Hacker." I had a dog-eared copy in my desk back in the day when I was a young Unix system administrator. At the Vintage Computer Federation East 9.1 Conference in 2015, Cheswick described how he and Bellovin created the first network telescope.

Bill Cheswick: We built the first packet telescope, which basically meant we said, ‘Hey World, Network Twelve is here.’ Network Twelve is AT&T’s Internet address. We got it back in 1998 by asking for it. We said ‘Can we have this class A address?’ A Class A address probably has a market value of a billion dollars now, something like that. We said ‘We need it.’ And they said, ‘Oh you're a big company, you get one. Sure, we're giving them out to every big company.’ So Net Twelve came to us and we couldn't use it. It was too big. So we had this big, useless address. And I said, ‘let's gather all the traffic that comes to this big unused network and watch it and see what it is.’ It's a packet telescope and Steve Bellovin put up some monitoring and so on. And we got about 25 MB a day of random packets, which basically where the death screams of various machines around the Internet that we're shouting packets at that network.