A review of port scanning techniques
ACM SIGCOMM Computer Communication Review
Practical automated detection of stealthy portscans
Journal of Computer Security
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
IEEE Security and Privacy
InetVis, a visual tool for network telescope traffic analysis
AFRIGRAPH '06 Proceedings of the 4th international conference on Computer graphics, virtual reality, visualisation and interaction in Africa
Defeating TCP/IP stack fingerprinting
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Toward undetected operating system fingerprinting
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Hi-index | 0.01 |
Reconnaissance, if successful, provides a definite tactical advantage in a battle and, as such, unsolicited computer network scans are often the precursors to more significant attacks against computer assets. In this paper, we introduce an original system whose purpose is to mitigate the benefits an attacker can expect from scanning a targeted network. In contrast to more traditional approaches, we propose to act a priori against scanning activity by continuously obfuscating the appearance of the targeted network through the combination of various simple mechanisms (i.e. random connection dropping and traffic forging). Moreover, we propose a method to immediately penalize hosts sending seemingly suspicious traffic to the targeted network while maintaining decent connectivity to cope with "false positives".