TY - GEN
T1 - Analysis of local address scanning by puppetnets
AU - Nicol, David M.
N1 - Copyright:
Copyright 2009 Elsevier B.V., All rights reserved.
PY - 2007
Y1 - 2007
N2 - Puppetnets are created when a web server hosts a page that when loaded simultaneously by many users causes malicious behavior; there are a wide variety of means by which puppetnets can cause mischief. This paper analyzes the behavior and effectiveness of puppetnets for Internet reconnaissance-methodical means of discovering live IP addresses-as a prelude to another attack. We consider local reconnaissance, in which the client reconnoiters addresses in its local IP neighborhood. We focus on modeling critical facets that impact coverage - the fraction of addresses analyzed - as a function of time. We prove that certain scanning strategies are superior to others, and develop formulae that describe the inefficiencies due to lack of coordination. Finally we use the model to estimate how global Internet coverage grows as a function of time, under generous assumptions about the size of puppetnet and length of script execution. We see that even a strategy that focuses on exploring blocks of adjacent live addresses may take days to map a significant fraction of the Internet address space.
AB - Puppetnets are created when a web server hosts a page that when loaded simultaneously by many users causes malicious behavior; there are a wide variety of means by which puppetnets can cause mischief. This paper analyzes the behavior and effectiveness of puppetnets for Internet reconnaissance-methodical means of discovering live IP addresses-as a prelude to another attack. We consider local reconnaissance, in which the client reconnoiters addresses in its local IP neighborhood. We focus on modeling critical facets that impact coverage - the fraction of addresses analyzed - as a function of time. We prove that certain scanning strategies are superior to others, and develop formulae that describe the inefficiencies due to lack of coordination. Finally we use the model to estimate how global Internet coverage grows as a function of time, under generous assumptions about the size of puppetnet and length of script execution. We see that even a strategy that focuses on exploring blocks of adjacent live addresses may take days to map a significant fraction of the Internet address space.
UR - http://www.scopus.com/inward/record.url?scp=47949120005&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=47949120005&partnerID=8YFLogxK
U2 - 10.1109/QEST.2007.7
DO - 10.1109/QEST.2007.7
M3 - Conference contribution
AN - SCOPUS:47949120005
SN - 076952883X
SN - 9780769528830
T3 - Proceedings - 4th International Conference on the Quantitative Evaluation of Systems, QEST 2007
SP - 259
EP - 268
BT - Proceedings - 4th International Conference on the Quantitative Evaluation of Systems, QEST 2007
T2 - 4th International Conference on the Quantitative Evaluation of Systems, QEST 2007
Y2 - 17 September 2007 through 19 September 2007
ER -