ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A brief history of scanning
Full text PdfPdf (238 KB)
Source
Internet Measurement Conference archive
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement table of contents
San Diego, California, USA
SESSION: Measurements table of contents
Pages: 77 - 82  
Year of Publication: 2007
ISBN:978-1-59593-908-1
Authors
Mark Allman  International Computer Science Institute, Berkeley, CA
Vern Paxson  International Computer Science Institute, Berkeley, CA
Jeff Terrell  University of North Carolina Chapel Hill, Chapel Hill, NC
Sponsors
SIGCOMM: ACM Special Interest Group on Data Communication
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 79,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1298306.1298316
What is a DOI?

ABSTRACT

Incessant scanning of hosts by attackers looking for vulnerable servers has become a fact of Internet life. In this paper we present an initial study of the scanning activity observed at one site over the past 12.5 years. We study the onset of scanning in the late 1990s and its evolution in terms of characteristics such as the number of scanners, targets and probing patterns. While our study is preliminary in many ways, it provides the first longitudinal examination of a now ubiquitous Internet phenomenon.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Internet storm center. http://www.dshield.org.
 
2
M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson. The Internet motion sensor: A distributed blackhole monitoring system. In Proc. NDSS, 2005.
3
Evan Cooke , Michael Bailey , Z. Morley Mao , David Watson , Farnam Jahanian , Danny McPherson, Toward understanding distributed blackhole placement, Proceedings of the 2004 ACM workshop on Rapid malcode, October 29-29, 2004, Washington DC, USA  [doi>10.1145/1029618.1029627]
 
4
J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast Portscan Detection Using Sequential Hypothesis Testing. In IEEE Symposium on Security and Privacy, 2004.
 
5
M. G. Kang, J. Caballero, and D. Song. Distributed Evasive Scan Techniques and Countermeasures. In Proc. of Intl. Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), June 2007.
 
6
C. Leckie and R. Kotagiri. A probabilistic approach to detecting network scans. In Proc. 8th IEEE Network Operations and Management Symposium, Apr. 2002.
7
David Moore , Colleen Shannon , k claffy, Code-Red: a case study on the spread and victims of an internet worm, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, November 06-08, 2002, Marseille, France  [doi>10.1145/637201.637244]
 
8
D. Moore, C. Shannon, G. Voelker, and S. Savage. Network telescopes. Technical report, Cooperative Association for Internet Data Analysis (CAIDA), July 2004.
 
9
David Moore , Geoffrey M. Voelker , Stefan Savage, Inferring internet denial-of-service activity, Proceedings of the 10th conference on USENIX Security Symposium, p.2-2, August 13-17, 2001, Washington, D.C.
10
Ruoming Pang , Vinod Yegneswaran , Paul Barford , Vern Paxson , Larry Peterson, Characteristics of internet background radiation, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy  [doi>10.1145/1028788.1028794]
 
11
Vern Paxson, Bro: a system for detecting network intruders in real-time, Proceedings of the 7th conference on USENIX Security Symposium, p.3-3, January 26-29, 1998, San Antonio, Texas
12
Vinod Yegneswaran , Paul Barford , Johannes Ullrich, Internet intrusions: global characteristics and prevalence, Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 11-14, 2003, San Diego, CA, USA

CITED BY  3
Richard J Barnett , Barry Irwin, Towards a taxonomy of network scanning techniques, Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology, p.1-7, October 06-08, 2008, Wilderness, South Africa
Changhoon Kim , Matthew Caesar , Jennifer Rexford, Floodless in seattle: a scalable ethernet architecture for large enterprises, ACM SIGCOMM Computer Communication Review, v.38 n.4, October 2008
Hyunchul Kim , KC Claffy , Marina Fomenkov , Dhiman Barman , Michalis Faloutsos , KiYoung Lee, Internet traffic classification demystified: myths, caveats, and the best practices, Proceedings of the 2008 ACM CoNEXT Conference, p.1-12, December 09-12, 2008, Madrid, Spain

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.3 Network Operations
      C.2.6 Internetworking


General Terms:
Measurement, Security


Keywords:
longitudinal, malicious activity, scanning

Collaborative Colleagues:
Mark Allman: colleagues
Vern Paxson: colleagues
Jeff Terrell: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player