Uncovering Network Tarpits with Degreaser

Loading...
Thumbnail Image
Authors
Alt, Lance
Beverly, Robert
Dainotti, Alberto
Subjects
Tarpits
Internet Census
Sticky Honeypot
Deception
Advisors
Date of Issue
2014-12
Date
December 8-12, 2014
Publisher
Language
Abstract
Network tarpits, whereby a single host or appliance can masquerade as many fake hosts on a network and slow network scanners, are a form of defensive cyber-deception. In this work, we develop degreaser, an efficient fingerprinting tool to remotely detect tarpits. In addition to validating our tool in a controlled environment, we use degreaser to perform an Internet-wide scan. We discover tarpits of non-trivial size in the wild (prefixes as large as /16), and characterize their distribution and behavior. We then show how tarpits pollute existing network measurement surveys that are tarpit-na¨ıve, e.g. Internet census data, and how degreaser can improve the accuracy of such surveys. Lastly, our findings suggest several ways in which to advance the realism of current network tarpits, thereby raising the bar on tarpits as an operational security mechanism.
Type
Article
Presentation
Description
The article of record as published may be located at http://dx.doi.org/ 10.1145/2664243.2664285
Includes article and presentation.
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
This work supported in part by the Department of Homeland Security (DHS) under contract N66001-2250-58231 and by U.S. NSF grant CNS-1228994.
Funder
Format
Citation
ACSAC ’14, December 08–12, 2014, New Orleans, LA, USA
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections