'Dark web space' hides net nasties

Results of a three-year study on internet 'reachability' have confirmed that the web is partitioned and littered with pockets of 'dark web space' which are home to some of the internet's nasties.

The existence of dark web space runs contrary to the common belief that the internet is one fully connected graph. The research suggests that the web is partitioned and some prefixes are available for some providers, and not others.

But more worryingly, the study found that this dark space is often used as a launch pad for fleeting internet attacks or as a spamming platform.

A report released by Arbor Networks has revealed that as much as five per cent of the internet could exist in dark web space, a figure representing tens of millions of possible end hosts.

Arbor found that these short-lived routing activities, like spamming, indicated a misuse of the routing infrastructure.

The findings backed up last month's warning from the Computer Emergency Response Team that hackers may increasingly be targeting routing infrastructures as a platform for denial of service attacks.

These murky parts of the internet could also be used to intentionally 'black hole' a target network's traffic.

Arbor also found a large number of SMTP servers, including over 40,000 unique mail sources, a number of which were associated closely with known spamming incidents. These net nasties work by exploiting inherent weaknesses in the web's routing infrastructure.

If a router can stake a claim on a block of address space, the rest of the net's infrastructure will simply accept it and route all traffic for that block.

Because routers aren't set up to log such incidents, these dark corners of the web represent pockets of malicious or sinister activity and "intentional misuse and co-option of the internet routing infrastructure", said Arbor.

The research found that over 70 per cent of the discovered disenfranchised hosts responded to 'reachability' tests identifying them as cable or ISDN pools, as well as US military networks.

Strangely, a further 24 per cent of hosts responded to active availability tests, but had neither addressing nor routing information available. Arbor is now researching further into this area.