10

I would like to setup a IPv6 Darknet/Network Telescope. It is unused address space a network that is completely passive and sends no outbound traffic. This talk gives more details.

Most residential IPv6 internet connections get a /64 subnet. Considering with IPv6 there is not NAT in the way it seems like it would be a great opportunity to setup a darket/network telescope.

I have searched online but I have not found any resources to setup an IPv6 darknet/network telescope on Linux.

WoJ
  • 8,957
  • 2
  • 32
  • 51
John Thomson
  • 101
  • 3

1 Answers1

1

I have developed such "telescopes" as part of passive network monitoring (company work, not available publicly). I did not find anything readily available but then I had some specific needs as well.

You can start with running a tcpdump on that address, getting rid of the predictable noise and the listen for what is addressed specifically to your address.

WoJ
  • 8,957
  • 2
  • 32
  • 51
  • How do I use tcpdump to monitor a whole /64 subnet? – John Thomson Aug 13 '17 at 00:59
  • @JohnThomson: you won't - I was mentioning a solution which does not require BGP announcements. The problem with these announcements is that you need cooperation from border servers, otherwise your announcement will be rejected. In my case I had access to very dispersed LANs and many Internet PoP so having one IP in each of these places listening was fine. – WoJ Aug 13 '17 at 07:40
  • @JohnThomson: and BTW the video is very interesting, particularly the historical aspects. – WoJ Aug 13 '17 at 07:40