Abstract

A network telescope is a portion of routed IP address space in which\nlittle or no legitimate traffic exists. Monitoring unexpected traffic arriving\nat a network telescope provides the opportunity to view remote network security\nevents such as various forms of flooding denial-of-service attacks, infection\nof hosts by Internet worms, and network scanning. In this paper, we examine\nthe effects of the scope and locality of network telescopes on accurate\nmeasurement of both pandemic incidents (the spread of an Internet worm) and\nendemic incidents (denial-of-service attacks) on the Internet. In particular,\nwe study the relationship between the size of the network telescope and its\nability to detect network events, characterize its precision in determining\nevent duration and rate, and discuss practical considerations in the deployment\nof network telescopes.Pre-2018 CSE ID: CS2004-0795