Collaborative Port Scanning Attacks
نویسندگان
چکیده
Most network attackers perform port scanning individually, without synchronization, to find victim hosts. Such port scanning schemes suffer from two problems: first, there are too many duplicate scannings and too much contention among different port scanners; second, a complete port scanning takes a long time to finish. In this paper, we present a fast DHT-based collaborative port scanning scheme that aims to eliminate duplicate scanning, minimize contention, and significantly increase the scanning speed. In collaborative attacks, attackers communicate and collaborate with each other to launch much more powerful attacks. In the DHT-based collaborative port scanning scheme, attackers collaborate to search the network for ports that could be exposed to attacks. We propose different collaborative scanning strategies and analyze their advantages and disadvantages. We discuss the static, dynamic, and hybrid target selection and allocation schemes. We present the algorithm details and discuss the stop and revisit policy for the collaborative port scanners. We conduct experiments to evaluate the performance and overhead of the collaborative port scanning strategies. Experimental results suggest that the proposed collaborative port scanning system significantly increases the efficiency of port scanning and provide insights into many design and implementation issues.
منابع مشابه
A Rule-based Approach for Port Scanning Detection
Intrusion detection has been performed at network and host level for detecting various attacks. Port scanning could be classified as one of the network intrusions. This paper presents a method for detecting port scanning attacks using rule-based state diagram techniques. A set of rules corresponding with the appropriate thresholds was designed for intrusion decision. Experiment results under re...
متن کاملEvaluating the Potential of Collaborative Anomaly Detection
Unwanted traffic is a serious problem for users and operators of networks. Collaboration amongst victim machines or networks, for example by exchanging lists of suspected attackers, has been proposed to mitigate this problem. However, the performance of such techniques on real Internet traffic is not well understood. Here, we improve upon this understanding by correlating several large spam cor...
متن کاملUpdating snort with a customized controller to thwart port scanning
Wired and wireless networks are being attacked and hacked on continuous basis. One of the critical pieces of information the attacker needs to know is the open ports on the victim’s machine, thus the attacker does what is called port scanning. Port scanning is considered one of the dangerous attacks that intrusion detection tries to detect. Snort, a famous network intrusion detection system (NI...
متن کاملCollaborative Detection of Coordinated Port Scans
In this paper we analyze the coordinated port scan attack where a single adversary coordinates a Group of Attackers (GoA) in order to obtain information on a set of target networks. Such orchestration aims at avoiding Local Intrusion Detection Systems checks allowing each host of the GoA to send a very few number of probes to hosts of the target network. In order to detect this complex attack w...
متن کاملA Collaborative Event Processing System for Protection of Critical Infrastructures from Cyber Attacks
We describe an Internet-based collaborative environment that protects geographically dispersed organizations of a critical infrastructure (e.g., financial institutions, telco providers) from coordinated cyber attacks. A specific instance of a collaborative environment for detecting malicious inter-domain port scans is introduced. This instance uses the open source Complex Event Processing (CEP)...
متن کامل