University of Twente Student Theses

Login

Should network operators hop on the data plane?

Resing, M. (2021) Should network operators hop on the data plane?

[img] PDF
328kB
Abstract:Services on the internet are continuously targeted by scanners that try to automatically break into a system. To increase their success rate, scanners target specific IP address ranges in which they expect vulnerable hosts. Those scanners can be observed with the help of network telescopes and honeypots. Monitoring the malicious activity reveals the originating IP addresses of a scanning host. Some service providers have developed systems that automate the task of monitoring the Internet and identifying the origins of malicious scanning activity. Those findings are automatically evaluated to publish blocklists in so called data feeds periodically. Those systems are mostly cloud-based which raises the question if their feeds also find those scanners which do not target networks of cloud infrastructure. In this paper, we assess a specific data feed provider by setting up honeypots not only in cloud-based environments but also in residential areas and campus networks. The resulting data set provides valuable insights in scanning activity aiming at different kinds of networks. A geographical and temporal analysis delivers indicators that different scanners target different protocols. Further, the analysis shows that certain scanners target specific networks exclusively. Particularly scanners of residential areas are hard to discover with cloud-only sensing infrastructure. Ultimately, the research supports network operators to estimate the limitations of the data feeds.
Item Type:Essay (Bachelor)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science BSc (56964)
Awards:Best Paper Award
Link to this item:https://purl.utwente.nl/essays/86889
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page