A baseline study of potentially malicious activity across five network telescopes
作者: Barry Irwin
DOI:
关键词: Baseline study 、 Network security 、 Computer network 、 Internet Connection Sharing 、 Long period 、 The Internet 、 Microsoft Windows 、 Computer science
摘要: This paper explores the Internet Background Radiation (IBR) observed across five distinct network telescopes over a 15 month period. These consisting of /24 netblock each and are deployed in IP space administered by TENET, tertiary education South Africa covering three numerically distant /8 blocks. The differences similarities traffic explored. Two anecdotal case studies presented relating to MS08-067 MS12-020 vulnerabilities Microsoft Windows platforms. first these is related Conficker worm outbreak 2008, targeting 445/tcp remains one top constituents IBR as on telescopes. interest, long period scanning activity 3389/tcp, used RDP service, was observed, with significant drop release security advisory patch. Other areas interest highlighted, particularly where correlation sensors. concludes some discussion application part cyber-defence solution.
参考文章(14)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
Jan Goebel, Thorsten Holz, Carsten Willems, Measurement and Analysis of Autonomous Spreading Malware in a University Environment Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 109- 128 ,(2007) , 10.1007/978-3-540-73614-1_7
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Vern Paxson, Nicholas Weaver, Abhishek Kumar, Exploiting underlying structure for detailed reconstruction of an internet-scale event internet measurement conference. pp. 33- 33 ,(2005) , 10.5555/1251086.1251119
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
Uli Harder, Matt W. Johnson, Jeremy T. Bradley, William J. Knottenbelt, Observing Internet Worm and Virus Attacks with a Small Network Telescope Electronic Notes in Theoretical Computer Science. ,vol. 151, pp. 47- 59 ,(2006) , 10.1016/J.ENTCS.2006.03.011
Barry Irwin, A network telescope perspective of the Conficker outbreak information security for south africa. pp. 1- 8 ,(2012) , 10.1109/ISSA.2012.6320455
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the Slammer worm ieee symposium on security and privacy. ,vol. 1, pp. 33- 39 ,(2003) , 10.1109/MSECP.2003.1219056
C. Shannon, D. Moore, The spread of the Witty worm ieee symposium on security and privacy. ,vol. 2, pp. 46- 50 ,(2004) , 10.1109/MSP.2004.59
David Moore, Colleen Shannon, k claffy, Code-Red: a case study on the spread and victims of an internet worm acm special interest group on data communication. pp. 273- 284 ,(2002) , 10.1145/637201.637244