1

I am planning to implement a darknet in an organizational network to work alongside Snort to detect malicious scanning activities in the network like the CAIDA network telescope/Internet Motion Sensor. I am a little confused with the darknets like Tor and Freenet which are in the internet and the concept which I want to implement. I know that there is a difference between them in terms of functionality and implementation, but will it be wrong to categorize both of them as darknet? I couldn't find a proper distinction between them anywhere.

schroeder
  • 123,438
  • 55
  • 284
  • 319
rajumon
  • 11
  • 1
  • Tor is "a circuit-based low-latency anonymous communication service" which operates using a protocol known as "onion routing". I2P is similar and variation known as "garlic routing". In essence both systems work by setting up a number of nested encrypted tunnels between the host, participating servers and an exit node. See http://www.onion-router.net/Publications/tor-design.pdf –  May 12 '15 at 22:03

1 Answers1

2

TLDR: - The two are distinct concepts (as you noted) - The use of "darknet" in both cases is coincidental - As of 2015, "darknet" would be much more likely to refer to a private overlay network

In full:

In their paper about operating the Internet Motion Sensor (Bailey et al, "Practical Darknet Measurement") refer to the unallocated IP range as a portion of "darknet" and cite the website for a similar malware distribution monitoring system "The Darknet Project" (http://www.team-cymru.org/darknet.html) as the source of the name. They in turn cite no source and appear to have coined the term themselves.

In both cases the descriptions are clear about their use of the term as unallocated address space and do not relate it to the other common definition; an overlay network that is not directly accessible by standard protocols and applications as used to browse the rest of the WWW.

This appears to be simply a matter of the same name appearing independently in two contexts. The paper by Bailey et al, for instance, was written in 2006. At that point the word "darknet" was still largely up-for-grabs (the concept of Tor had been presented in 2004 and was not yet as well-known as it is now). That is no longer the case as the use of the word to describe an overlay network overwhelmingly dominates public consciousness. In research circles specifically focusing on internet traffic monitoring the use of "darknet" to refer to an unallocated IP range would likely still be understood, but I would personally avoid it in favour of one of the alternative names.

user76361
  • 21
  • 1