Article

A brief history of scanning

Authors:

Mark Allman,

Vern Paxson,

Jeff TerrellAuthors Info & Claims

IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement

Pages 77 - 82

https://doi.org/10.1145/1298306.1298316

Published: 24 October 2007 Publication History

Get Access

Abstract

Incessant scanning of hosts by attackers looking for vulnerable servers has become a fact of Internet life. In this paper we present an initial study of the scanning activity observed at one site over the past 12.5 years. We study the onset of scanning in the late 1990s and its evolution in terms of characteristics such as the number of scanners, targets and probing patterns. While our study is preliminary in many ways, it provides the first longitudinal examination of a now ubiquitous Internet phenomenon.

References

[1]

Internet storm center. http://www.dshield.org.

Google Scholar

[2]

M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson. The Internet motion sensor: A distributed blackhole monitoring system. In Proc. NDSS, 2005.

Google Scholar

[3]

E. Cooke, M. Bailey, Z. M. Mao, D. Watson, F. Jahanian, and D. McPherson. Toward understanding distributed blackhole placement. In Proc. ACM CCS Workshop on Rapid Malcode (WORM), Oct. 2004.

Digital Library

Google Scholar

[4]

J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast Portscan Detection Using Sequential Hypothesis Testing. In IEEE Symposium on Security and Privacy, 2004.

Google Scholar

[5]

M. G. Kang, J. Caballero, and D. Song. Distributed Evasive Scan Techniques and Countermeasures. In Proc. of Intl. Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), June 2007.

Digital Library

Google Scholar

[6]

C. Leckie and R. Kotagiri. A probabilistic approach to detecting network scans. In Proc. 8th IEEE Network Operations and Management Symposium, Apr. 2002.

Crossref

Google Scholar

[7]

D. Moore, C. Shannon, and k. claffy. Code-Red: a Case Study on the Spread and Victims of an Internet Worm. In Proc. ACM Internet Measurement Workshop, November 2002.

Digital Library

Google Scholar

[8]

D. Moore, C. Shannon, G. Voelker, and S. Savage. Network telescopes. Technical report, Cooperative Association for Internet Data Analysis (CAIDA), July 2004.

Google Scholar

[9]

D. Moore, G. Voelker, and S. Savage. Interring Internet Denial-of-Service Activity. In Proceedings of the 10th USENIX Security Symposium. USENIX, August 2001.

Digital Library

Google Scholar

[10]

R. Pang, V. Yegneswaran, P. Barford, V. Paxson, and L. Peterson. Characteristics of Internet Background Radiation. In Internet Measurement Conference, 2004.

Digital Library

Google Scholar

[11]

V. Paxson. Bro: A System for Detecting Network Intruders in Real-Time. In Proceedings of the 7th USENIX Security Symposium, Jan. 1998.

Digital Library

Google Scholar

[12]

V. Yegneswaran, P. Barford, and J. Ullrich. Internet intrusions: Global characteristics and prevalence. In Proceedings of ACM SIGMETRICS, June 2003.

Digital Library

Google Scholar

Cited By

View all

Hrle TMilad MLi JWoods D(2024)"Just a tool, until you stab someone with it": Exploring Reddit Users' Questions and Advice on the Legality of Port ScansProceedings of the 2024 European Symposium on Usable Security10.1145/3688459.3688469(322-336)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3688459.3688469
Griffioen HKoursiounis GSmaragdakis GDoerr CVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Have you SYN me? Characterizing Ten Years of Internet ScanningProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3688409(149-164)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3688409
Nguyen HSubramani KAcharya BPerdisci RVadrevu P(2024)C-Frame: Characterizing and measuring in-the-wild CAPTCHA attacks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00200(277-295)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00200
Show More Cited By

Index Terms

A brief history of scanning
1. Hardware
  1. Communication hardware, interfaces and storage
2. Networks

Recommendations

Policy-based scanning with QoS support for seamless handovers in wireless networks

Supporting seamless handovers between different wireless networks is a challenging issue. One of the most important aspects of a seamless handover is finding a target network and point of attachment (PoA). This is achieved by performing a so-called ...
Identifying Scanning Activities in Honeynet Data Using Data Mining
CICSYN '11: Proceedings of the 2011 Third International Conference on Computational Intelligence, Communication Systems and Networks

Businesses attract different types of attacks mostly due to the financial benefits associated with gaining unauthorized access. As a first step to launching attacks, attackers scan production networks looking for open services and vulnerable software. ...
A Scanning Micro-Mirror with an Adjustable Focal Length for Endoscope Applications
ISOT '14: Proceedings of the 2014 International Symposium on Optomechatronic Technologies

In this work, we report design, fabrication and characterization of a 3-D scanning micro-mirror device that combines 2-D beam scanning with focus control in the same device using micro-electro-mechanical-systems (MEMS) technology. The micro-mirror ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement

October 2007

390 pages

ISBN:9781595939081

DOI:10.1145/1298306

Program Chairs:
Constantine Dovrolis
Georgia Institute of Technology
,
Matthew Roughan
University of Adelaide, Australia

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

IMC07

Sponsor:

IMC07: Internet Measurement Conference

October 24 - 26, 2007

California, San Diego, USA

Acceptance Rates

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

96
Total Citations
View Citations
712
Total Downloads

Downloads (Last 12 months)36
Downloads (Last 6 weeks)8

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hrle TMilad MLi JWoods D(2024)"Just a tool, until you stab someone with it": Exploring Reddit Users' Questions and Advice on the Legality of Port ScansProceedings of the 2024 European Symposium on Usable Security10.1145/3688459.3688469(322-336)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3688459.3688469
Griffioen HKoursiounis GSmaragdakis GDoerr CVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Have you SYN me? Characterizing Ten Years of Internet ScanningProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3688409(149-164)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3688409
Nguyen HSubramani KAcharya BPerdisci RVadrevu P(2024)C-Frame: Characterizing and measuring in-the-wild CAPTCHA attacks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00200(277-295)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00200
García-Peñas RRodríguez-Gómez RMaciá-Fernández G(2024)HoDiNTComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110570250:COnline publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1016/j.comnet.2024.110570
Liu YZhu WMa CHuang C(2024)Active Detection Based NTP Device Attribute DetectionWireless Artificial Intelligent Computing Systems and Applications10.1007/978-3-031-71464-1_15(173-183)Online publication date: 13-Nov-2024
https://doi.org/10.1007/978-3-031-71464-1_15
Akon MYang TDong YHussain SMeng WJensen CCremers CKirda E(2023)Formal Analysis of Access Control Mechanism of 5G Core NetworkProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623113(666-680)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623113
Ibrahim JGajin S(2022)Entropy-based network traffic anomaly classification method resilient to deceptionComputer Science and Information Systems10.2298/CSIS201229045I19:1(87-116)Online publication date: 2022
https://doi.org/10.2298/CSIS201229045I
Piraux MBarbette TRybowski NNavarre LAlfroy TPelsser CMichel FBonaventure O(2022)The multiple roles that IPv6 addresses can play in today's internetACM SIGCOMM Computer Communication Review10.1145/3561954.356195752:3(10-18)Online publication date: 6-Sep-2022
https://dl.acm.org/doi/10.1145/3561954.3561957
Li XAzad BRahmati ANikiforakis N(2021)Good Bot, Bad Bot: Characterizing Automated Browsing Activity2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00079(1589-1605)Online publication date: May-2021
https://doi.org/10.1109/SP40001.2021.00079
Gong QGu C(2021)A Baseline Modeling Algorithm for Internet Port Scanning Radiation Flows2021 IEEE 6th International Conference on Signal and Image Processing (ICSIP)10.1109/ICSIP52628.2021.9688791(1255-1259)Online publication date: 22-Oct-2021
https://doi.org/10.1109/ICSIP52628.2021.9688791
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Policy-based scanning with QoS support for seamless handovers in wireless networks

Identifying Scanning Activities in Honeynet Data Using Data Mining

A Scanning Micro-Mirror with an Adjustable Focal Length for Endoscope Applications