ABSTRACT
Incessant scanning of hosts by attackers looking for vulnerable servers has become a fact of Internet life. In this paper we present an initial study of the scanning activity observed at one site over the past 12.5 years. We study the onset of scanning in the late 1990s and its evolution in terms of characteristics such as the number of scanners, targets and probing patterns. While our study is preliminary in many ways, it provides the first longitudinal examination of a now ubiquitous Internet phenomenon.
- Internet storm center. http://www.dshield.org.Google Scholar
- M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson. The Internet motion sensor: A distributed blackhole monitoring system. In Proc. NDSS, 2005.Google Scholar
- E. Cooke, M. Bailey, Z. M. Mao, D. Watson, F. Jahanian, and D. McPherson. Toward understanding distributed blackhole placement. In Proc. ACM CCS Workshop on Rapid Malcode (WORM), Oct. 2004. Google ScholarDigital Library
- J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast Portscan Detection Using Sequential Hypothesis Testing. In IEEE Symposium on Security and Privacy, 2004.Google Scholar
- M. G. Kang, J. Caballero, and D. Song. Distributed Evasive Scan Techniques and Countermeasures. In Proc. of Intl. Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), June 2007. Google ScholarDigital Library
- C. Leckie and R. Kotagiri. A probabilistic approach to detecting network scans. In Proc. 8th IEEE Network Operations and Management Symposium, Apr. 2002.Google ScholarCross Ref
- D. Moore, C. Shannon, and k. claffy. Code-Red: a Case Study on the Spread and Victims of an Internet Worm. In Proc. ACM Internet Measurement Workshop, November 2002. Google ScholarDigital Library
- D. Moore, C. Shannon, G. Voelker, and S. Savage. Network telescopes. Technical report, Cooperative Association for Internet Data Analysis (CAIDA), July 2004.Google Scholar
- D. Moore, G. Voelker, and S. Savage. Interring Internet Denial-of-Service Activity. In Proceedings of the 10th USENIX Security Symposium. USENIX, August 2001. Google ScholarDigital Library
- R. Pang, V. Yegneswaran, P. Barford, V. Paxson, and L. Peterson. Characteristics of Internet Background Radiation. In Internet Measurement Conference, 2004. Google ScholarDigital Library
- V. Paxson. Bro: A System for Detecting Network Intruders in Real-Time. In Proceedings of the 7th USENIX Security Symposium, Jan. 1998. Google ScholarDigital Library
- V. Yegneswaran, P. Barford, and J. Ullrich. Internet intrusions: Global characteristics and prevalence. In Proceedings of ACM SIGMETRICS, June 2003. Google ScholarDigital Library
Index Terms
A brief history of scanning
Recommendations
Policy-based scanning with QoS support for seamless handovers in wireless networks
Supporting seamless handovers between different wireless networks is a challenging issue. One of the most important aspects of a seamless handover is finding a target network and point of attachment (PoA). This is achieved by performing a so-called ...
Identifying Scanning Activities in Honeynet Data Using Data Mining
CICSYN '11: Proceedings of the 2011 Third International Conference on Computational Intelligence, Communication Systems and NetworksBusinesses attract different types of attacks mostly due to the financial benefits associated with gaining unauthorized access. As a first step to launching attacks, attackers scan production networks looking for open services and vulnerable software. ...
A Scanning Micro-Mirror with an Adjustable Focal Length for Endoscope Applications
ISOT '14: Proceedings of the 2014 International Symposium on Optomechatronic TechnologiesIn this work, we report design, fabrication and characterization of a 3-D scanning micro-mirror device that combines 2-D beam scanning with focus control in the same device using micro-electro-mechanical-systems (MEMS) technology. The micro-mirror ...
Comments