A New Approach to Building a Disguised Server Using the Honey Port Against General Scanning Attacks
The port scan is a well-known technique which malicious people often use before attacking a server. The attackers obtain the fingerprint of the target server by scanning ports and then make an attack scenario. Several approaches including the ‘port knocking’ and ‘Single Packet Authorization’ (SPA) have been developed to defense port scanning attack and allow only authenticated users to access ports. However, the approaches have a disadvantage that the attacker can obtain the information about the ports by applying inference techniques given observed patterns. If a router, connecting the server to the outside, is cracked by the attacker, he or she could infer particular ports which authenticated users consistently use to communicate with the server. In this paper, we propose a new defense method, Honeyport, which can prevent the attackers from obtaining the information about ports and make them demotivated by disguising the server as peripherals. Furthermore, by adopting packet encryption as in IPSec, the attacker cannot obtain the critical information via packet sniffing in our proposed model.
KeywordsTransmission Control Protocol Advance Encryption Standard User Datagram Protocol Destination Port Victim Server
Unable to display preview. Download preview PDF.
- 1.De Vivo, Marco, et al. ”A review of port scanning techniques.” ACM SIGCOMM Computer Communication Review 29.2 (1999): 41-48Google Scholar
- 2.Lyon, Gordon Fyodor. Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure, 2009.Google Scholar
- 3.Ali, Fakariah Hani Mohd, Rozita Yunos, and Mohd Azuan Mohamad Alias. ”Simple port knocking method: Against TCP replay attack and port scanning.”Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on. IEEE, 2012.Google Scholar
- 4.Rash, Michael. ”Single packet authorization with fwknop.” login: The USENIX Magazine 31.1 (2006): 63-69.Google Scholar
- 5.Michael Rash (March, 2014) Single Packet Authorization with Fwknop Cipherdyn. Retrieved from http://www.cipherdyne.org/fwknop/docs/SPA.html
- 6.Doraswamy, Naganand, and Dan Harkins. IPSec: the new security standard for the Internet, intranets, and virtual private networks. Prentice Hall Professional, 2003.Google Scholar
- 7.Davis, Carlton R. IPSec: Securing VPNs. McGraw-Hill Professional, 2001. Ferguson, Niels, and Bruce Schneier. ”A cryptographic evaluation of IPsec.”Counterpane Internet Security, Inc 3031 (2000).Google Scholar
- 8.Provos, Niels. ”A Virtual Honeypot Framework.” USENIX Security Symposium. Vol. 173. 2004.Google Scholar
- 9.Krawetz, Neal. ”Anti-honeypot technology.” Security & Privacy, IEEE 2.1 (2004): 76-79Google Scholar