| Publisher DOI: | 10.1145/3718958.3754347 | Title: | Lessons learned from operating a large network telescope | Language: | English | Authors: | Männel, Alexander Mücke, Jonas Claffy, K. C. Gao, Max Mok, Ricky K. P. Nawrocki, Marcin Schmidt, Thomas C. Wählisch, Matthias |
Keywords: | Internet Telescope; Internet Measurement; Infrastructure Operation; IPv4; Darknet; Network telescope; Passive measurements; Operational experience; Research infrastructure; UCSD-NT | Issue Date: | 2025 | Publisher: | Association for Computing Machinery | Book title: | Proceedings of the ACM SIGCOMM 2025 Conference | Part of Series: | ACM Conferences | Startpage: | 826 | Endpage: | 841 | Conference: | ACM SIGCOMM Conference 2025 | Abstract: | Network telescopes (aka darknets) collect unsolicited Internet traffic (aka Internet background radiation or IBR), which includes benign and malicious scanning as well as artifacts of spoofed denial-of-service attacks and misconfigured software and hosts. Analysis of this traffic has revealed macroscopic insights into security-related events and global network dynamics such as outages. Operating a large-scale network telescope is challenging but often taken for granted, more so than in more mature scientific disciplines. We offer the first study documenting our experiences operating the UCSD Network Telescope, the largest and longest-operating network telescope supporting scientific research. We provide background on the history of the telescope, and focus on increasing operational challenges as the underlying network evolves. We develop and apply techniques to leverage third-party scanning activity to validate the integrity of the data, and to discover misconfigurations in the instrumentation. These insights are crucial for understanding measurement results, which we illustrate using concrete examples. We discuss how our findings generalize to support the expanding ecosystem of other passive techniques, such as honeypots, to track security phenomena. |
URI: | https://hdl.handle.net/20.500.12738/19516 | ISBN: | 979-8-4007-1524-2 | Review status: | This version was peer reviewed (peer review) | Institute: | Fakultät Technik und Informatik (ehemalig, aufgelöst 10.2025) Department Informatik (ehemalig, aufgelöst 10.2025) |
Type: | Chapter/Article (Proceedings) |
| Appears in Collections: | Publications without full text |
Show full item record
Add Files to Item
Note about this record
Export
This item is licensed under a Creative Commons License