Addressless: A New Internet Server Model to Prevent Network Scanning

by   Shanshan Hao, et al.

Eliminating unnecessary exposure is a principle of server security. The huge IPv6 address space enhances security by making scanning infeasible, however, with recent advances of IPv6 scanning technologies, network scanning is again threatening server security. In this paper, we propose a new model named addressless server, which separates the server into an entrance module and a main service module, and assigns an IPv6 prefix instead of an IPv6 address to the main service module. The entrance module generates a legitimate IPv6 address under this prefix by encrypting the client address, so that the client can access the main server on a destination address that is different in each connection. In this way, the model provides isolation to the main server, prevents network scanning, and minimizes exposure. Moreover it provides a novel framework that supports flexible load balancing, high-availability, and other desirable features. The model is simple and does not require any modification to the client or the network. We implement a prototype and experiments show that our model can prevent the main server from being scanned at a slight performance cost.



page 1

page 2

page 3

page 4


Network Reconnaissance in IPv6-based Residential Broadband Networks

Network scanning has been a widely used technique to gather information ...

UnSplit: Data-Oblivious Model Inversion, Model Stealing, and Label Inference Attacks Against Split Learning

Training deep neural networks requires large scale data, which often for...

The Architectural Dynamics of Encapsulated Botnet Detection (EDM)

Botnet is one of the numerous attacks ravaging the networking environmen...

Secure Decision Forest Evaluation

Decision forests are classical models to efficiently make decision on co...

Network Scanning and Mapping for IIoT Edge Node Device Security

The amount of connected devices in the industrial environment is growing...

Anonymizing Masses: Practical Light-weight Anonymity at the Network Level

In an era of pervasive online surveillance, Internet users are in need o...

Consistent Dynamic Server Assignment in Content Delivery Network

Server assignment is an essential part in Content Delivery Network (CDN)...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.