Uncovering Network Tarpits with Degreaser
Abstract
Network tarpits, whereby a single host or appliance can masquerade
as many fake hosts on a network and slow network
scanners, are a form of defensive cyber-deception. In this
work, we develop degreaser, an efficient fingerprinting tool
to remotely detect tarpits. In addition to validating our tool
in a controlled environment, we use degreaser to perform an
Internet-wide scan. We discover tarpits of non-trivial size in
the wild (prefixes as large as /16), and characterize their distribution
and behavior. We then show how tarpits pollute
existing network measurement surveys that are tarpit-na¨ıve,
e.g. Internet census data, and how degreaser can improve the
accuracy of such surveys. Lastly, our findings suggest several
ways in which to advance the realism of current network
tarpits, thereby raising the bar on tarpits as an operational
security mechanism.
Description
The article of record as published may be located at http://dx.doi.org/
10.1145/2664243.2664285
Includes article and presentation.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Cyber System Assurance through Improved Network Anomaly Modeling and Detection
Bollmann, Chad A. (Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N039-AThe objectives of this work were to investigate the source of the dual natures of network traffic (i.e., Gaussian and alpha-stable) in order prove the merit of further development, improvement, and application of non-parametric ... -
Cyber System Assurance through Improved Network Anomaly Modeling and Detection
Bollmann, Chad A. (Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N039-AThe objectives of this work were to investigate the source of the dual natures of network traffic (i.e., Gaussian and alpha-stable) in order prove the merit of further development, improvement, and application of non-parametric ... -
An implementation of traffic monitoring for UNIX network performance management.
Fu Chen-Hua (Monterey, California: Naval Postgraduate School, 1993-03);Efficient performance and high throughput are the major goals of the network performance management. How can we achieve these goal? First, it is necessary to know the network traffic situations. This thesis research ...