SL
Stellar Labs
Private TCP/UDP collection
Operating memo Collection policy
Passive only · Aggregated & anonymized statistics

We run private research nodes for TCP and UDP services on the open internet.

Nodes accept whatever arrives—tunnels, mail, commodity services, and background noise. We only talk back when protocol completion requires it (e.g., P2P tracker replies, mail handshakes). Intake is stored and reported as aggregated, anonymized data for research and defensive analysis.

View surfaces Collection policy

What this is

Controlled endpoints that quietly collect unsolicited traffic for protocol research and abuse mapping. No active scanning, probing, or outbound sequencing is performed from these nodes.

Surfaces we expose

Static services with predictable, boring behavior.

Passive intake

TCP Services

Standard endpoints

  • Predictable, banner-mimic responses for common TCP traffic.
  • Session timing captured; payloads retained privately.
  • Only protocol-correct talk-back; no scans or outreach.

UDP Services

Lightweight endpoints

  • Minimal responders focused on query logging and timing.
  • Malformed packets preserved for offline review.
  • No amplification behaviors enabled.

Mail & Tunneling

Message sinks & tunnels

  • Mail/messages accepted and acked to sink; no third-party delivery.
  • Tunnels constrained to packet capture only.
  • Descriptors issued upon clearance if required.

Collection policy

Aggregation

Anonymized statistics only

Outputs are rolled-up counts, timings, and protocol summaries. Raw captures remain internal.

Posture

Passive and non-persistent

Nodes accept inbound traffic and respond minimally for protocol completion. No scanning, seeding, or outbound probing.

Access

By request, with scope

Provide ASN/use case and desired surfaces. Approved requests receive a static summary drop.

Operating memo

These nodes are maintained for protocol research, threat intelligence enrichment, and defender training. Services emulate ordinary endpoints to avoid undue attention while preserving inbound artifacts for later analysis. Data is never used to initiate new communication back to origin sources beyond required protocol completion.