1. Executive Summary
The Sayor.net Network Telescope, operated by researcher sbk97, is a high-impact cybersecurity initiative dedicated to the passive monitoring of "Internet Background Radiation" (IBR). By utilizing a block of routed but unused IP addresses, the project captures unsolicited traffic, providing highly accurate threat intelligence to the global community through platforms like AbuseIPDB.
2. Project Overview & Methodology
The core of Sayor.net is its Network Telescope (or "Darknet"). Unlike a honeypot, which interacts with attackers, this project is purely passive:
- Infrastructure: Monitoring unused IP space where no legitimate traffic should exist.
- Data Collection: Any packet arriving at these addresses is categorized as suspicious, eliminating the "noise" of legitimate user traffic.
- Reporting Pipeline: Malicious activity is automatically logged and reported to the community to help secure thousands of independent servers.
3. Key Findings & Statistics
As of April 2026, sbk97 remains a pivotal contributor to the internet's "neighborhood watch."
| Metric | Detail |
|---|---|
| User Status | Verified Webmaster & Supporter |
| Total IP Reports | 17,000+ (historical total) |
| Data Integrity | High confidence (Passive telescope data has nearly zero false positives) |
| Active Since | June 2023 |
| Main Target Areas | Global (Automated scanners from over 100+ countries) |
4. Primary Threat Categories
The project systematically identifies and reports four main types of internet-scale abuse:
- SSH Brute-Forcing: Bots attempting to crack server credentials via port 22.
- Web App Probing: Scanners looking for vulnerable files like
/phpmyadminor.env. - DDoS Backscatter: Identifying third-party victims of spoofed Denial-of-Service attacks.
- Mass Reconnaissance: General port sweeps (ZMap/Masscan) searching for open databases (MySQL, RDP).
5. Final Verdict
The sbk97/Sayor.net project is a critical pillar for community-driven defense.
- Reliability: The use of telescope architecture makes its reports far more reliable than standard firewall logs.
- Global Impact: By feeding data into the AbuseIPDB API, this project empowers sysadmins worldwide to block attackers before they ever reach a production environment.
- Recommendation: System administrators should prioritize reports from verified supporters like sbk97 when configuring automated blocklists (e.g., Fail2Ban or CrowdSec).
6. Conclusion
The Sayor.net Network Telescope proves that passive monitoring remains one of the most effective ways to map the "dark side" of the internet. Through the dedicated efforts of sbk97, the project continues to turn unsolicited traffic into actionable intelligence that protects the global network infrastructure.