Analysis of local address scanning by puppetnets

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Puppetnets are created when a web server hosts a page that when loaded simultaneously by many users causes malicious behavior; there are a wide variety of means by which puppetnets can cause mischief. This paper analyzes the behavior and effectiveness of puppetnets for Internet reconnaissance-methodical means of discovering live IP addresses-as a prelude to another attack. We consider local reconnaissance, in which the client reconnoiters addresses in its local IP neighborhood. We focus on modeling critical facets that impact coverage - the fraction of addresses analyzed - as a function of time. We prove that certain scanning strategies are superior to others, and develop formulae that describe the inefficiencies due to lack of coordination. Finally we use the model to estimate how global Internet coverage grows as a function of time, under generous assumptions about the size of puppetnet and length of script execution. We see that even a strategy that focuses on exploring blocks of adjacent live addresses may take days to map a significant fraction of the Internet address space.

Original languageEnglish (US)
Title of host publicationProceedings - 4th International Conference on the Quantitative Evaluation of Systems, QEST 2007
Pages259-268
Number of pages10
DOIs
StatePublished - 2007
Event4th International Conference on the Quantitative Evaluation of Systems, QEST 2007 - Edinburgh, United Kingdom
Duration: Sep 17 2007Sep 19 2007

Publication series

NameProceedings - 4th International Conference on the Quantitative Evaluation of Systems, QEST 2007

Other

Other4th International Conference on the Quantitative Evaluation of Systems, QEST 2007
Country/TerritoryUnited Kingdom
CityEdinburgh
Period9/17/079/19/07

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Statistics, Probability and Uncertainty
  • Control and Systems Engineering

Fingerprint

Dive into the research topics of 'Analysis of local address scanning by puppetnets'. Together they form a unique fingerprint.

Cite this