Abstract | ||
---|---|---|
While it is widely known that port scanning is widespread, neither the scanning landscape nor the defensive reactions of network operators have been measured at Internet scale. In this work, we analyze data from a large network telescope to study scanning activity from the past year, uncovering large horizontal scan operations and identifying broad patterns in scanning behavior. We present an analysis of who is scanning, what services are being targeted, and the impact of new scanners on the overall landscape. We also analyze the scanning behavior triggered by recent vulnerabilities in Linksys routers, OpenSSL, and NTP. We empirically analyze the defensive behaviors that organizations employ against scanning, shedding light on who detects scanning behavior, which networks blacklist scanning, and how scan recipients respond to scans conducted by researchers. We conclude with recommendations for institutions performing scans and with implications of recent changes in scanning behavior for researchers and network operators. |
Year | Venue | Field |
---|---|---|
2014 | USENIX Security | Network telescope,Linksys routers,Computer science,Computer security,Blacklist,Vulnerability,The Internet |
DocType | Citations | PageRank |
Conference | 28 | 1.55 |
References | Authors | |
21 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Zakir Durumeric | 1 | 935 | 48.86 |
Michael Bailey | 2 | 1335 | 78.22 |
J. Alex Halderman | 3 | 2301 | 149.67 |