UNAM Security Telescope

UNAM Security Telescope (Archive)

image info

Back in 2009-2010, the Intrusion Detection department of UNAM-CERT designed and developed the UNAM Security Telescope, a hybrid of a network telescope and a large-scale honeypot/sinkhole darknet. It featured dynamic public IP assignment, managing approximately 45,000 to 50,000 public IP addresses via NOC routing.

This Security Telescope enabled the collection of valuable data that was transformed into actionable security intelligence used for incident response, monitoring, detection logic development, and malware analysis.

The UNAM Security Telescope was refined over subsequent years. It was partially the result of a bachelor’s thesis and graduation project from the Faculty of Engineering at UNAM. The design was documented in the thesis by Javier Santillan, 2011:

Darknet, motor de detección de tráfico malicioso para el telescopio de seguridad de la UNAM (Local Mirror)

The first version of the UNAM-Darknet was designed in 2009 and implemented at large-scale between 2009-2011. It later served as a reference for data analysis and information exchange within the UNAM network and with external cybersecurity organizations, academic institutions, and The Honeynet Project.

The high-level design of the UNAM Security Telescope and UNAM-Darknet is shown below.

UNAM-Darknet

References and Resources

Presentation of UNAM Security Telescope during the UNAM DISC (International Day of Computer Security) 2009 :Local-Mirror]

Presentation of UNAM Security Telescope during the UNAM Computer Security Conference 2010: [Source] [Local-Mirror]