Paper Info
Title
An internet-wide view of internet-wide scanning
Abstract
While it is widely known that port scanning is widespread, neither the scanning landscape nor the defensive reactions of network operators have been measured at Internet scale. In this work, we analyze data from a large network telescope to study scanning activity from the past year, uncovering large horizontal scan operations and identifying broad patterns in scanning behavior. We present an analysis of who is scanning, what services are being targeted, and the impact of new scanners on the overall landscape. We also analyze the scanning behavior triggered by recent vulnerabilities in Linksys routers, OpenSSL, and NTP. We empirically analyze the defensive behaviors that organizations employ against scanning, shedding light on who detects scanning behavior, which networks blacklist scanning, and how scan recipients respond to scans conducted by researchers. We conclude with recommendations for institutions performing scans and with implications of recent changes in scanning behavior for researchers and network operators.
Year
Venue
Field
2014
USENIX Security
Network telescope,Linksys routers,Computer science,Computer security,Blacklist,Vulnerability,The Internet
DocType
Citations 
PageRank 
Conference
28
1.55
References 
Authors
21
3
Name
Order
Citations
PageRank
Zakir Durumeric193548.86
Michael Bailey2133578.22
J. Alex Halderman32301149.67