Darknets, honeynets: When do you use one or the other? A darknet, allocated but unused IP address space that ISPs and large enterprises have in reserve, is increasingly becoming a useful tool for catching attacks early. “With a darknet, you listen for attack and connection attempts,” says Adam O’Donnell, senior research scientist with Cloudmark Inc. “There are lower maintenance requirements [than with a honeyet] because you don’t have to maintain a real piece of server hardware or virtual hardware.” “Darknets are there to collect large network captures. They can deduce DDOS, DOS, and botnet threats a lot faster and more completely because a honeynet in theory is just one POP [point of presence],” says Ralph Logan, partner with the Logan Group and vice president of The Honeynet Project.