'Dark web space' hides net nasties

Study backs up warning that routers are the next target for hackers

Written by James Middleton

Results of a three-year study on internet 'reachability' have confirmed that the web is partitioned and littered with pockets of 'dark web space' which are home to some of the internet's nasties.

The existence of dark web space runs contrary to the common belief that the internet is one fully connected graph. The research suggests that the web is partitioned and some prefixes are available for some providers, and not others.


But more worryingly, the study found that this dark space is often used as a launch pad for fleeting internet attacks or as a spamming platform.

A report released by Arbor Networks has revealed that as much as five per cent of the internet could exist in dark web space, a figure representing tens of millions of possible end hosts.

Arbor found that these short-lived routing activities, like spamming, indicated a misuse of the routing infrastructure.

The findings backed up last month's warning from the Computer Emergency Response Team that hackers may increasingly be targeting routing infrastructures as a platform for denial of service attacks.

These murky parts of the internet could also be used to intentionally 'black hole' a target network's traffic.

Arbor also found a large number of SMTP servers, including over 40,000 unique mail sources, a number of which were associated closely with known spamming incidents. These net nasties work by exploiting inherent weaknesses in the web's routing infrastructure.

If a router can stake a claim on a block of address space, the rest of the net's infrastructure will simply accept it and route all traffic for that block.

Because routers aren't set up to log such incidents, these dark corners of the web represent pockets of malicious or sinister activity and "intentional misuse and co-option of the internet routing infrastructure", said Arbor.

The research found that over 70 per cent of the discovered disenfranchised hosts responded to 'reachability' tests identifying them as cable or ISDN pools, as well as US military networks.

Strangely, a further 24 per cent of hosts responded to active availability tests, but had neither addressing nor routing information available. Arbor is now researching further into this area.


Related articles

Related whitepapers

Related jobs

Do you agree?


Search vnunet IThound

Top categories

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search



Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences


Shaun Nichols and Iain Thomson

16 Jan 2009

5.85 MBPodcast Special: Views from the Valley More...

Shaun Nichols and Iain Thomson

12 Jan 2009

4.99 MBPodcast Special: CES Round-Up More...

Shaun Nichols

19 Dec 2008

2.93 MBPodcast Special: Views from the Valley More...


Apple Mac at 25

Apple Mac at 25

What has been your favourite Mac of the past 25 years?

Previous poll results


Houses of Parliament

Government still failing on data protection

Only two departments conduct independent DPA audits, says research   More...

Diskeeper 2009

Review: Diskeeper 2009 Pro Premier with Hyperfast

Hyperfast helps get the most out of solid state drives   More...


Intel to shut down five plants

Job cuts on the way as chip giant undertakes restructuring   More...

Mobile devices

CSR ships combined GPS/Bluetooth chip

BlueCore BC7830 could see GPS become standard on more phones   More...

Primary Navigation