BROWSE
Detail
Conference Paper
Who is knocking on the Telnet Port
Cited 17 time in 
Share 
Share
- Authors
- Hwanjo Heo, Seungwon Shin
- Issue Date
- 2018-06
- Citation
- Asia Conference on Computer and Communications Security (ASIA CCS) 2018, pp.625-636
- Publisher
- ACM
- Language
- English
- Type
- Conference Paper
- Abstract
- Network scanning is the primary procedure preceding many network attacks. Until recently, network scanning has been widely studied to report a continued growth in volume and Internet-wide trends including the underpinning of distributed scannings by lingering Internet worms. It is, nevertheless, imperative to keep us informed with the current state of network scanning, for factual and comprehensive understanding of the security threats we are facing, and new trends to serve as the presage of imminent threats. In this paper, we analyze the up-to-date connection-level log data of a large-scale campus network to study the recent scanning trends in breadth. We find, most importantly, the scanning landscape is greatly shifted, predominantly by an unprecedented rise in Telnet service scannings. Furthermore, not only are the scan sources comprehensively identified in terms of targeted services and geographical/network locations, but also their characteristics, such as being responsible in scanning and their connection-level behavior, are studied.
- KSP Keywords
- Campus Network, Current state, Internet worm, Log data, Network Attack, Port network, Security threats, continued growth, large-scale, network scanning