skip to main content
10.1145/1298306.1298316acmconferencesArticle/Chapter ViewAbstractPublication PagesimcConference Proceedingsconference-collections
Article

A brief history of scanning

Authors Info & Claims
Published:24 October 2007Publication History

ABSTRACT

Incessant scanning of hosts by attackers looking for vulnerable servers has become a fact of Internet life. In this paper we present an initial study of the scanning activity observed at one site over the past 12.5 years. We study the onset of scanning in the late 1990s and its evolution in terms of characteristics such as the number of scanners, targets and probing patterns. While our study is preliminary in many ways, it provides the first longitudinal examination of a now ubiquitous Internet phenomenon.

References

  1. Internet storm center. http://www.dshield.org.Google ScholarGoogle Scholar
  2. M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson. The Internet motion sensor: A distributed blackhole monitoring system. In Proc. NDSS, 2005.Google ScholarGoogle Scholar
  3. E. Cooke, M. Bailey, Z. M. Mao, D. Watson, F. Jahanian, and D. McPherson. Toward understanding distributed blackhole placement. In Proc. ACM CCS Workshop on Rapid Malcode (WORM), Oct. 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast Portscan Detection Using Sequential Hypothesis Testing. In IEEE Symposium on Security and Privacy, 2004.Google ScholarGoogle Scholar
  5. M. G. Kang, J. Caballero, and D. Song. Distributed Evasive Scan Techniques and Countermeasures. In Proc. of Intl. Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), June 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. C. Leckie and R. Kotagiri. A probabilistic approach to detecting network scans. In Proc. 8th IEEE Network Operations and Management Symposium, Apr. 2002.Google ScholarGoogle ScholarCross RefCross Ref
  7. D. Moore, C. Shannon, and k. claffy. Code-Red: a Case Study on the Spread and Victims of an Internet Worm. In Proc. ACM Internet Measurement Workshop, November 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. Moore, C. Shannon, G. Voelker, and S. Savage. Network telescopes. Technical report, Cooperative Association for Internet Data Analysis (CAIDA), July 2004.Google ScholarGoogle Scholar
  9. D. Moore, G. Voelker, and S. Savage. Interring Internet Denial-of-Service Activity. In Proceedings of the 10th USENIX Security Symposium. USENIX, August 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. R. Pang, V. Yegneswaran, P. Barford, V. Paxson, and L. Peterson. Characteristics of Internet Background Radiation. In Internet Measurement Conference, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. V. Paxson. Bro: A System for Detecting Network Intruders in Real-Time. In Proceedings of the 7th USENIX Security Symposium, Jan. 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. V. Yegneswaran, P. Barford, and J. Ullrich. Internet intrusions: Global characteristics and prevalence. In Proceedings of ACM SIGMETRICS, June 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. A brief history of scanning

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in
          • Published in

            cover image ACM Conferences
            IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
            October 2007
            390 pages
            ISBN:9781595939081
            DOI:10.1145/1298306

            Copyright © 2007 ACM

            Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 24 October 2007

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • Article

            Acceptance Rates

            Overall Acceptance Rate277of1,083submissions,26%

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader