A New Approach to Building a Disguised Server Using the Honey Port Against General Scanning Attacks

  • Hyun Soo Park
  • Young Bae Jeon
  • Ji Won YoonEmail author
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 2)


The port scan is a well-known technique which malicious people often use before attacking a server. The attackers obtain the fingerprint of the target server by scanning ports and then make an attack scenario. Several approaches including the ‘port knocking’ and ‘Single Packet Authorization’ (SPA) have been developed to defense port scanning attack and allow only authenticated users to access ports. However, the approaches have a disadvantage that the attacker can obtain the information about the ports by applying inference techniques given observed patterns. If a router, connecting the server to the outside, is cracked by the attacker, he or she could infer particular ports which authenticated users consistently use to communicate with the server. In this paper, we propose a new defense method, Honeyport, which can prevent the attackers from obtaining the information about ports and make them demotivated by disguising the server as peripherals. Furthermore, by adopting packet encryption as in IPSec, the attacker cannot obtain the critical information via packet sniffing in our proposed model.


Transmission Control Protocol Advance Encryption Standard User Datagram Protocol Destination Port Victim Server 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    De Vivo, Marco, et al. ”A review of port scanning techniques.” ACM SIGCOMM Computer Communication Review 29.2 (1999): 41-48Google Scholar
  2. 2.
    Lyon, Gordon Fyodor. Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure, 2009.Google Scholar
  3. 3.
    Ali, Fakariah Hani Mohd, Rozita Yunos, and Mohd Azuan Mohamad Alias. ”Simple port knocking method: Against TCP replay attack and port scanning.”Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on. IEEE, 2012.Google Scholar
  4. 4.
    Rash, Michael. ”Single packet authorization with fwknop.” login: The USENIX Magazine 31.1 (2006): 63-69.Google Scholar
  5. 5.
    Michael Rash (March, 2014) Single Packet Authorization with Fwknop Cipherdyn. Retrieved from
  6. 6.
    Doraswamy, Naganand, and Dan Harkins. IPSec: the new security standard for the Internet, intranets, and virtual private networks. Prentice Hall Professional, 2003.Google Scholar
  7. 7.
    Davis, Carlton R. IPSec: Securing VPNs. McGraw-Hill Professional, 2001. Ferguson, Niels, and Bruce Schneier. ”A cryptographic evaluation of IPsec.”Counterpane Internet Security, Inc 3031 (2000).Google Scholar
  8. 8.
    Provos, Niels. ”A Virtual Honeypot Framework.” USENIX Security Symposium. Vol. 173. 2004.Google Scholar
  9. 9.
    Krawetz, Neal. ”Anti-honeypot technology.” Security & Privacy, IEEE 2.1 (2004): 76-79Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Center for Information Security Technologies (CIST)Korea UniversitySeoulRepublic of Korea

Personalised recommendations