Darknets are increasingly being proposed as a means by which network administrators can monitor for anomalous, externally sourced traffic. Current darknet designs require large, contiguous blocks of unused IP addresses - not always feasible for enterprise network operators. In this paper we introduce, define and evaluate the concept of a Greynet - a region of IP address space that is sparsely populated with 'darknet' addresses interspersed with active (or 'lit') IP addresses. We use raw traffic traces collected within a university network to evaluate how sparseness affects a greynet's effectiveness and hence show that enterprise operators can achieve useful levels of network scan detection, with only small numbers of 'dark' IP addresses making up their greynets.