![[CAIDA - Cooperative Association for Internet Data Analysis logo]](/images/caida_globe_faded.png)
![[CAIDA]](/images/caida_whitewords.png "Go to CAIDA home page"){kind=small}
A network telescope is a portion of routed IP address space on which little or no legitimate traffic exists. Monitoring unexpected traffic arriving at a network telescope yields a view of certain remote network events. Among the visible events are various forms of flooding DoS attacks, infection of hosts by Internet worms, and network scanning.
This work would not be possible without the
cooperation of UCSD Network Operations and support from DARPA, NSF,
Cisco Systems and Caida members.
Network Telescope Data
Many privacy and security concerns are associated with Network Telescope datasets. Because some viruses and worms involve the installation of backdoors that provide unfettered access to infected computers, telescope data may contain features that advertise these vulnerable machines. Also, while the source of some types of telescope traffic, including denial-of-service attacks and worms, is readily apparent, a significant volume of traffic is of unknown origin. Without identifying the traffic, we cannot assess the security and privacy impact of releasing the data.
CAIDA makes available a number of datasets for researchers who wish to study data collected at the UCSD Network Telescope. These datasets represent the major sources of telescope traffic. A list of available network telescope datasets is listed in the Passive Data Sources page.
Security Presentations
| Year | Month | Presenter(s) | Title | Venue | Topic(s) |
|
2010
|
Jul | DHS PREDICT project: CAIDA update | PREDICT PI |
- data
- measurement methodology
- overview
- policy
- security
|
|
|
2010
|
May | Inferring Geolocation Ownership of Internet Identifiers | Sprint Electronic Crimes Task Force (ECTF) |
- overview
- routing
- security
- topology
|
|
|
2010
|
Apr | Understanding and Preparing for DNS Evolution | Traffic Monitoring and Analysis |
- dns
- passive data analysis
- security
- trends
|
|
|
2010
|
Mar | Leveraging the Science and Technology of Internet Mapping for Homeland Security | DHS Cybersecurity PI Meeting |
- active data analysis
- visualization
- measurement methodology
- security
- topology
|
|
|
2010
|
Feb | DHS PREDICT project: CAIDA update | PREDICT PI |
- data
- measurement methodology
- overview
- policy
- security
|
|
|
2009
|
Sep | Leveraging the Science and Technology of Internet Mapping for Homeland Security | DHS Cybersecurity PI Meeting |
- active data analysis
- data
- measurement methodology
- policy
- security
- topology
|
|
|
2009
|
Aug | CAIDA participation in PREDICT | PREDICT PI |
- data
- measurement methodology
- overview
- policy
- security
|
|
|
2009
|
Jan | Conficker | ISOI |
- security
- passive data analysis
|
|
|
2008
|
May | CAIDA participation in PREDICT | PREDICT PI |
- data
- measurement methodology
- overview
- policy
- security
|
|
|
2007
|
May | Current Network Security Threats: DoS, Viruses, Worms, Botnets | TERENA Networking Conference |
- security
|
|
|
2007
|
Jan | Moore, D. |
Blackworm: Analyzing the Spread of a Worm from Poisoned IP Data | ISOI |
- security
|
|
2006
|
Nov | Internet Measurement Data Catalog and Security Research Overview | WIDE |
- data
- software/tools
- security
|
|
|
2006
|
Oct | Whats Wrong With The DNS | RIPE |
- dns
- data
- overview
- security
|
|
|
2006
|
Oct | Anomaly Sampling (bringing diversity to network security) | Flocon |
- security
- measurement methodology
|
|
|
2006
|
Jul | Anomaly Sampling (bringing diversity to network security) | Intimate Workshop |
- security
- measurement methodology
|
|
|
2006
|
Feb | DNS Cache Poisoners Lazy, Stupid, or Evil? | NANOG |
- dns
- security
|
|
|
2005
|
Jul | Searching for DNS Cache Poisoners | OARC |
- dns
- security
|
|
|
2005
|
Mar | Case Studies of Root Server Abuse | WIDE |
- security
- dns
|
|
|
2005
|
Mar | Detecting Internet Worms | UCSD Research Exam |
- security
- measurement methodology
- passive data analysis
|
|
|
2005
|
Mar | Measuring a Malicious Internet | UCSD Thesis Proposal |
- security
- measurement methodology
- passive data analysis
|
|
|
2004
|
Nov | The UCSD Network Telescope | CCIED |
- security
- measurement methodology
|
|
|
2004
|
Sep | The UCSD Network Telescope | BBN |
- security
- measurement methodology
|
|
|
2004
|
Sep | The UCSD Network Telescope | Equinix |
- security
- measurement methodology
|
|
|
2004
|
Sep | The UCSD Network Telescope | Lincoln Labs |
- security
- measurement methodology
|
|
|
2004
|
Jul | The Spread of the Witty Worm | LISA |
- security
|
|
|
2004
|
Jun | The Spread of the Witty Worm | SDRIW |
- security
|
|
|
2004
|
Apr | Security Data Collection at CAIDA | WIDE |
- data
- security
|
|
|
2004
|
Feb | Analysis of the December DDoS Attack Against SCO | NANOG |
- security
|
|
|
2004
|
Jan | Network Telescopes: Remote Monitoring of Internet Worms and Denial-of-Service Attacks | Intel |
- security
- measurement methodology
|
|
|
2004
|
Jan | Network Telescopes: Remote Monitoring of Internet Worms and Denial-of-Service Attacks | ATT Labs |
- security
- measurement methodology
|
|
|
2004
|
Jan | Network Telescopes: Remote Monitoring of Internet Worms and Denial-of-Service Attacks | Boston University |
- security
- measurement methodology
|
|
|
2003
|
Oct | Network Telescopes Overview: What is a Network Telescope? | LISA |
- security
- measurement methodology
- passive data analysis
|
|
|
2003
|
Sep | Network Telescopes | DIMACS |
- security
- measurement methodology
- passive data analysis
|
|
|
2003
|
Jul | Moore, D. |
Internet Worms: Current Capabilities in Awareness, Detection, Response | Cisco |
- security
|
|
2003
|
Apr | Internet Quarantine: Requirements for Containing Self-Propagating Code | INFOCOM |
- security
|
|
|
2003
|
Feb | Understanding Global Internet Health | UC Regents |
- security
- overview
|
|
|
2003
|
Jan | Understanding Global Internet Health | CAIDA |
- security
- overview
|
|
|
2002
|
Aug | Network Telescopes: Observing Small or Distant Security Events | USENIX |
- security
- measurement methodology
- passive data analysis
|
|
|
2002
|
Mar | Fundamental Limits on Blocking Self-Propagating Code | CSTB |
- security
|
|
|
2001
|
Oct | Recent Internet Worms: Who are the Victims and How Good are We at Getting the Word Out? | NANOG |
- security
|
|
|
2001
|
Aug | Code Red the second coming - from whence diurnal cycles | USENIX |
- security
|
|
|
2001
|
Aug | Worldwide Detection of Denial of Service DoS Attacks | USENIX |
- security
|
|
|
1999
|
Dec | traffic observation in a stateless data networking environment | CRISP Cybercrime Workshop |
- security
|
Security Papers
| Year | Author(s) | Title | Publication | Topic(s) |
|
2009
|
Berger, A. Hyun, Y. claffy, k. |
Understanding the Efficacy of Deployed Internet Source Address Validation Filtering | Internet Measurement Conference (IMC) |
- security
- measurement methodology
- policy
- routing
- topology
- trends
|
|
2006
|
Shang, H. Fomenkov, M. Hyun, Y. claffy, k. |
The Windows of Private DNS Updates | ACM SIGCOMM Computer Communication Review (CCR) |
- dns
- security
- policy
|
|
2006
|
Shannon, C. Brown, D. Voelker, G. Savage, S. |
Inferring Internet Denial-of-Service Activity | ACM Transactions on Computer Systems |
- security
|
|
2005
|
Ma, J. Chen, J. Moore, D. Vandekieft, E. Snoeren, A. Voelker, G. Savage, S. |
Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm | ACM Symposium on Operating System Principles (SOSP) |
- security
|
|
2005
|
Broido, A. claffy, k. |
Remote physical device fingerprinting | IEEE Transactions on Dependable and Secure Computing |
- security
- measurement methodology
|
|
2004
|
Moore, D. Paxson, V. Weaver, N. |
The Top Speed of Flash Worms | ACM Workshop on Rapid Malcode (WORM) |
- security
|
|
2004
|
Moore, D. |
The Spread of the Witty Worm | IEEE Security and Privacy |
- security
|
|
2004
|
Shannon, C. Voelker, G. Savage, S. |
Network Telescopes: Technical Report | Cooperative Association for Internet Data Analysis (CAIDA) |
- security
- measurement methodology
|
|
2004
|
Bohacek, S. Broido, A. |
Feasibility of Detecting TCP-SYN Scanning at a Backbone router | IEEE American Control Conference |
- security
|
|
2003
|
Paxson, V. Savage, S. Shannon, C. Staniford, S. Weaver, N. |
Inside the Slammer Worm | IEEE Security and Privacy |
- security
|
|
2003
|
Shannon, C. Voelker, G. Savage, S. |
Internet Quarantine: Requirements for Containing Self-Propagating Code | IEEE Conference on Computer Communications (INFOCOM) |
- security
|
|
2003
|
Paxson, V. Savage, S. Shannon, C. Staniford, S. Weaver, N. |
The Spread of the Sapphire/Slammer Worm | CAIDA, ICSI, Silicon Defense, UC Berkeley EECS and UC San Diego CSE |
- security
- passive data analysis
|
|
2002
|
Shannon, C. Brown, J. |
Code-Red: a case study on the spread and victims of an Internet worm | Internet Measurement Workshop (IMW) |
- security
- passive data analysis
|
|
2001
|
Voelker, G. Savage, S. |
Inferring Internet Denial-of-Service Activity | Usenix Security Symposium |
- security
|
|
1995
|
Gross, A Braun, H.-W. |
Measured interference of security mechanisms with network performance | International Networking Conference (INET) |
- security
|
Network Telescope Sponsors
 |
 |
 |
 |
 |