Darknet (network telescope) is an unused space of IP addresses, where normally we should observe no network traffic. However, it occurs that a lot of network packets can be observed, although no services or applications are available at these IP addresses. Origin of this network traffic can be usually divided into three categories: (1) misconfiguration of network devices/applications, (2) scanning activities, (3) backscatter from DoS attacks. According to this, we can observe a lot of interesting activities in this traffic. First of all, it is possible to track DoS victims (spoofed attacks). Secondly, we can observe trends in the scanning activities, thus allowing us to identify new threats and potential victims. We can also track scanning activity related to the amplified DRDoS attacks, which are probably the most destructive DoS attacks. Moreover, we are able to track activity of some botnets and as a result, we are collecting data about the infected devices, botnets' behavior and sometimes about their victims (DoS). I am observing NASK's darknet traffic for several months. Mean number of packets received per hour is is equal to 25 millions. On this basis, I would like to talk about activities seen in darknet, present some statistics concerning this traffic, show some case-studies concerning observed DoS attacks and describe botnet fingerprinting in this traffic.