0:02

You're listening to the CyberWire Network, powered

0:04

by N2K. This

0:13

September 18th and 19th in Denver,

0:15

a tight community of leading experts

0:17

is gathering to tackle the toughest

0:20

cybersecurity challenges we face. It's

0:22

happening at MY's, the unique

0:25

conference built by practitioners for

0:27

practitioners. Developed by

0:29

Mandiant, now part of Google

0:31

Cloud, MY's features one-to-one access

0:33

with industry experts and fresh

0:35

insights into the topics that

0:37

matter most right now to

0:39

frontline practitioners. Register

0:41

early and save at

0:44

MY's.io/CyberWire. That's

0:48

MY's.io/CyberWire. The

0:59

word is network telescope.

1:06

Spelled network for a system

1:08

of electronic endpoints interconnected

1:11

by telecommunications equipment in order

1:13

to transmit or receive information

1:16

and telescope for an instrument

1:19

designed to make distant objects

1:21

appear nearer. Definition.

1:30

Network observation systems designed to monitor

1:32

globally unreachable but unused internet address

1:34

space or the deep web in

1:37

order to study a wide range

1:39

of interesting internet phenomena. Example

1:47

sentence. Monitoring unexpected traffic

1:49

arriving at a network telescope

1:51

might provide early warning for

1:54

serious network security events. Origin

2:02

and Context Network

2:04

telescopes are also known as

2:07

Internet Background Radiation Monitors and

2:09

packet telescopes. And according to a

2:11

2010 research paper,

2:13

Internet Background Radiation Revisited,

2:16

because there are no legitimate hosts in

2:18

these unused IP blocks, packets

2:20

arriving must be the result of

2:22

warm propagation, DDoS attacks,

2:25

network misconfiguration, or other annoying

2:27

or nefarious activity that's usually

2:29

hidden in the noise of

2:31

normal Internet traffic. Bill

2:34

Czewiec and Steve Bellaman originally conceived the

2:36

idea in 1998. Since

2:39

then, various researchers have sought to extend

2:41

the idea. The most prolific

2:44

is probably the Center for Applied Internet

2:46

Data Analysis, or CADA. Nerd

2:54

Reference Bill Czewiec and Steve

2:56

Bellaman are famous and old guy cyber

2:58

security circles for writing one of the

3:00

first cyber security books, Firewalls

3:03

and Internet Security, repelling the

3:05

Wiley Hacker. I had

3:07

a dog-eared copy on my desk back in the day

3:09

when I was a young UNIX system administrator. At

3:11

the vintage Computer Federation East 9.1 conference in

3:14

2015, Czewiec described how he

3:18

and Bellaman created the first network telescope.

3:20

We built the first packet telescope, which

3:22

basically meant, we said, hey world, network

3:24

12 is here. Network

3:27

12 is AT&T's Internet address. We

3:30

got it back in 1998 by asking for it. We

3:34

said, can we have this class A address? Class

3:36

A address probably has a market value of a billion

3:38

dollars now, something like that. We said, we need it.

3:40

They said, oh, you're a big company. You get one.

3:43

Sure, we're giving them out to every big company.

3:45

And so net 12 came to us, and we

3:47

couldn't use it. It was too

3:50

big. So we had

3:52

this big useless address, and I said, let's gather

3:55

all the traffic that comes to this

3:57

big unused network and watch

3:59

it and see what it is. It's a packet telescope

4:02

and Steve Bellivan put up some monitoring and so

4:04

on and we got about 25 megabytes

4:06

a day of random packets which

4:10

basically were the death screams of various

4:12

machines around the internet that were shouting

4:15

packets at that network. The

4:35

IT world used to be simpler. You

4:37

only had to secure and manage environments

4:39

that you controlled. Then came

4:42

new technologies and new ways to

4:44

work. Now employees, apps and networks

4:46

are everywhere. This means

4:48

poor visibility, security gaps and added

4:51

risk. That's why Cloudflare

4:53

created the first ever connectivity

4:55

cloud. Visit cloudflare.com to

4:58

protect your business everywhere you

5:00

do business.