On the Origin of Scanning: The Impact of Location on Internet-Wide Scans

Wan, Gerry and Izhikevich, Liz and Adrian, David and Yoshioka, Katsunari and Holz, Ralph and Rossow, Christian and Durumeric, Zakir
(2020) On the Origin of Scanning: The Impact of Location on Internet-Wide Scans.
In: 2020 ACM SIGCOMM Internet Measurement Conference, October 27-29, 2020, Virtual Event.
Conference: IMC Internet Measurement Conference

[img]
Preview
 Text
multiperspectives-imc2020.pdf - Published Version
Download (11MB) | Preview

Abstract

Fast IPv4 scanning has enabled researchers to answer a wealth of security and networking questions. Yet, despite widespread use, there has been little validation of the methodology’s accuracy, including whether a single scan provides sufficient coverage. In this paper, we analyze how scan origin affects the results of Internet-wide scans by completing three HTTP, HTTPS, and SSH scans from seven geographically and topologically diverse networks. We find that individual origins miss an average 1.6–8.4% of HTTP, 1.5–4.6% of HTTPS, and 8.3–18.2% of SSH hosts. We analyze why origins see different hosts, and show how permanent and temporary blocking, packet loss, geographic biases, and transient outages affect scan results. We discuss the implications for scanning and provide recommendations for future studies.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Divisions: Christian Rossow (System Security Group, SysSec)
Conference: IMC Internet Measurement Conference
Depositing User: Christian Rossow
Date Deposited: 15 Feb 2021 11:29
Last Modified: 15 Feb 2021 11:29
Primary Research Area: NRA3: Threat Detection and Defenses
URI: https://publications.cispa.saarland/id/eprint/3362

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.