Predicting IPv4 services across all ports

Abstract: Internet-wide scanning is commonly used to understand the topology and security of the Internet. However, IPv4 Internet scans have been limited to scanning only a subset of services-exhaustively scanning all IPv4 services is too costly and no existing bandwidthsaving frameworks are designed to scan IPv4 addresses across all ports. In this work we introduce GPS, a system that efficiently discovers Internet services across all ports. GPS runs a predictive framework that learns from extremely small sample sizes a… Show more

“…They capture both, backscatter traffic (i.e., replies to spoofed addresses of the telescope) and scan traffic. With the increased deployment of malicious two-phase scanners [10], i.e., attackers that first check whether a TCP service is available before they initiate application requests, reactive telescopes have been proposed [11]. Reactive network telescopes implement the TCP connection handshake to gain additional knowledge about the attacker, since the attacker will proceed with an application layer request.…”

SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots

“…They capture both, backscatter traffic (i.e., replies to spoofed addresses of the telescope) and scan traffic. With the increased deployment of malicious two-phase scanners [10], i.e., attackers that first check whether a TCP service is available before they initiate application requests, reactive telescopes have been proposed [11]. Reactive network telescopes implement the TCP connection handshake to gain additional knowledge about the attacker, since the attacker will proceed with an application layer request.…”

SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots

Characterizing the VPN Ecosystem in the Wild

Which Doors Are Open: Reinforcement Learning-based Internet-wide Port Scanning