Identifying and characterizing ZMap scans: a cryptanalytic approach

08/12/2019
by   Johan Mazel, et al.
0

Network scanning tools play a major role in Internet security. They are used by both network security researchers and malicious actors to identify vulnerable machines exposed on the Internet. ZMap is one of the most common probing tools for high-speed Internet-wide scanning. We present novel identification methods based on the IPv4 iteration process of ZMap. These methods can be used to identify ZMap scans with a small number of addresses extracted from the scan. We conduct an experimental evaluation of these detection methods on synthetic, network telescope, and backbone traffic. We manage to identify 28.5 perform an in-depth characterization of these scans regarding, for example, targeted prefix and probing speed.

READ FULL TEXT
research
03/11/2020

Scan Correlation – Revealing distributed scan campaigns

Public networks are exposed to port scans from the Internet. Attackers s...
research
10/19/2022

Illuminating Large-Scale IPv6 Scanning in the Internet

While scans of the IPv4 space are ubiquitous, today little is known abou...
research
07/02/2020

Sorry, Shodan is not Enough! Assessing ICS Security via IXP Network Traffic Analysis

Modern Industrial Control Systems (ICSs) allow remote communication thro...
research
10/11/2021

Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope

Large-scale Internet scans are a common method to identify victims of a ...
research
08/30/2023

QUIC Library Hunter: Identifying Server Libraries Across the Internet

The new QUIC protocol can be implemented in user space, and various impl...
research
10/05/2022

Glowing in the Dark Uncovering IPv6 Address Discovery and Scanning Strategies in the Wild

In this work we identify scanning strategies of IPv6 scanners on the Int...
research
11/03/2019

Calcium Vulnerability Scanner (CVS): A Deeper Look

Traditional vulnerability scanning methods are time-consuming and indeci...

Please sign up or login with your details

Forgot password? Click here to reset