Monitoring {\em unused} or {\em dark} IP addresses offers
opportunities to significantly improve and expand knowledge of abuse
activity without many of the problems associated with typical network
intrusion detection and firewall systems.  In this paper, we address
the problem of designing and deploying a system for monitoring large
unused address spaces such as class A telescopes with 16M IP
addresses.  We describe the architecture and implementation of the
Internet Sink (iSink) system which measures packet traffic on unused
IP addresses in an efficient, extensible and scalable fashion.  In
contrast to traditional intrusion detection systems or firewalls,
iSink includes an {\em active} component that generates response
packets to incoming traffic.  This gives the iSink an important
advantage in discriminating between different types of attacks
(through examination of the response payloads).  The key feature of
iSink's design that distinguishes it from other unused address space
monitors is that its active response component is {\em stateless} and
thus highly scalable. We report performance results of our iSink
implementation in both controlled laboratory experiments and from a
case study of a live deployment.  Our results demonstrate the
efficiency and scalability of our implementation as well as the
important perspective on abuse activity that is afforded by its use.