Abstract
The port scan is a well-known technique which malicious people often use before attacking a server. The attackers obtain the fingerprint of the target server by scanning ports and then make an attack scenario. Several approaches including the ‘port knocking’ and ‘Single Packet Authorization’ (SPA) have been developed to defense port scanning attack and allow only authenticated users to access ports. However, the approaches have a disadvantage that the attacker can obtain the information about the ports by applying inference techniques given observed patterns. If a router, connecting the server to the outside, is cracked by the attacker, he or she could infer particular ports which authenticated users consistently use to communicate with the server. In this paper, we propose a new defense method, Honeyport, which can prevent the attackers from obtaining the information about ports and make them demotivated by disguising the server as peripherals. Furthermore, by adopting packet encryption as in IPSec, the attacker cannot obtain the critical information via packet sniffing in our proposed model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
De Vivo, Marco, et al. ”A review of port scanning techniques.” ACM SIGCOMM Computer Communication Review 29.2 (1999): 41-48
Lyon, Gordon Fyodor. Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure, 2009.
Ali, Fakariah Hani Mohd, Rozita Yunos, and Mohd Azuan Mohamad Alias. ”Simple port knocking method: Against TCP replay attack and port scanning.”Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on. IEEE, 2012.
Rash, Michael. ”Single packet authorization with fwknop.” login: The USENIX Magazine 31.1 (2006): 63-69.
Michael Rash (March, 2014) Single Packet Authorization with Fwknop Cipherdyn. Retrieved from http://www.cipherdyne.org/fwknop/docs/SPA.html
Doraswamy, Naganand, and Dan Harkins. IPSec: the new security standard for the Internet, intranets, and virtual private networks. Prentice Hall Professional, 2003.
Davis, Carlton R. IPSec: Securing VPNs. McGraw-Hill Professional, 2001. Ferguson, Niels, and Bruce Schneier. ”A cryptographic evaluation of IPsec.”Counterpane Internet Security, Inc 3031 (2000).
Provos, Niels. ”A Virtual Honeypot Framework.” USENIX Security Symposium. Vol. 173. 2004.
Krawetz, Neal. ”Anti-honeypot technology.” Security & Privacy, IEEE 2.1 (2004): 76-79
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Park, H.S., Jeon, Y.B., Yoon, J.W. (2017). A New Approach to Building a Disguised Server Using the Honey Port Against General Scanning Attacks. In: Barolli, L., Xhafa, F., Yim, K. (eds) Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2016. Lecture Notes on Data Engineering and Communications Technologies, vol 2. Springer, Cham. https://doi.org/10.1007/978-3-319-49106-6_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-49106-6_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49105-9
Online ISBN: 978-3-319-49106-6
eBook Packages: EngineeringEngineering (R0)