A new approach to building a disguised server using the honey port against general scanning attacks

Hyun Soo Park; Young Bae Jeon; Ji Won Yoon

doi:10.1007/978-3-319-49106-6_44

A new approach to building a disguised server using the honey port against general scanning attacks

Hyun Soo Park, Young Bae Jeon, Ji Won Yoon

Research output: Chapter in Book/Report/Conference proceeding › Chapter

3 Citations (Scopus)

Abstract

The port scan is a well-known technique which malicious people often use before attacking a server. The attackers obtain the fingerprint of the target server by scanning ports and then make an attack scenario. Several approaches including the ‘port knocking’ and ‘Single Packet Authorization’ (SPA) have been developed to defense port scanning attack and allow only authenticated users to access ports. However, the approaches have a disadvantage that the attacker can obtain the information about the ports by applying inference techniques given observed patterns. If a router, connecting the server to the outside, is cracked by the attacker, he or she could infer particular ports which authenticated users consistently use to communicate with the server. In this paper, we propose a new defense method, Honeyport, which can prevent the attackers from obtaining the information about ports and make them demotivated by disguising the server as peripherals. Furthermore, by adopting packet encryption as in IPSec, the attacker cannot obtain the critical information via packet sniffing in our proposed model.

Original language	English
Title of host publication	Lecture Notes on Data Engineering and Communications Technologies
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	453-465
Number of pages	13
DOIs	https://doi.org/10.1007/978-3-319-49106-6_44
Publication status	Published - 2017

Publication series

Name	Lecture Notes on Data Engineering and Communications Technologies
Volume	2
ISSN (Print)	2367-4512
ISSN (Electronic)	2367-4520

Bibliographical note

Publisher Copyright:
© Springer International Publishing AG 2017.

Copyright:
Copyright 2021 Elsevier B.V., All rights reserved.

Keywords

Advance Encryption Standard
Destination Port
Transmission Control Protocol
User Datagram Protocol
Victim Server

ASJC Scopus subject areas

Media Technology
Electrical and Electronic Engineering
Computer Science Applications
Computer Networks and Communications
Information Systems

Access to Document

10.1007/978-3-319-49106-6_44

Cite this

Park, H. S., Jeon, Y. B., & Yoon, J. W. (2017). A new approach to building a disguised server using the honey port against general scanning attacks. In Lecture Notes on Data Engineering and Communications Technologies (pp. 453-465). (Lecture Notes on Data Engineering and Communications Technologies; Vol. 2). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-319-49106-6_44

A new approach to building a disguised server using the honey port against general scanning attacks. / Park, Hyun Soo; Jeon, Young Bae; Yoon, Ji Won.
Lecture Notes on Data Engineering and Communications Technologies. Springer Science and Business Media Deutschland GmbH, 2017. p. 453-465 (Lecture Notes on Data Engineering and Communications Technologies; Vol. 2).

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Park, HS, Jeon, YB & Yoon, JW 2017, A new approach to building a disguised server using the honey port against general scanning attacks. in Lecture Notes on Data Engineering and Communications Technologies. Lecture Notes on Data Engineering and Communications Technologies, vol. 2, Springer Science and Business Media Deutschland GmbH, pp. 453-465. https://doi.org/10.1007/978-3-319-49106-6_44

Park HS, Jeon YB, Yoon JW. A new approach to building a disguised server using the honey port against general scanning attacks. In Lecture Notes on Data Engineering and Communications Technologies. Springer Science and Business Media Deutschland GmbH. 2017. p. 453-465. (Lecture Notes on Data Engineering and Communications Technologies). doi: 10.1007/978-3-319-49106-6_44

@inbook{b2580a453a3e439bbd9ac444f5acefab,

title = "A new approach to building a disguised server using the honey port against general scanning attacks",

abstract = "The port scan is a well-known technique which malicious people often use before attacking a server. The attackers obtain the fingerprint of the target server by scanning ports and then make an attack scenario. Several approaches including the {\textquoteleft}port knocking{\textquoteright} and {\textquoteleft}Single Packet Authorization{\textquoteright} (SPA) have been developed to defense port scanning attack and allow only authenticated users to access ports. However, the approaches have a disadvantage that the attacker can obtain the information about the ports by applying inference techniques given observed patterns. If a router, connecting the server to the outside, is cracked by the attacker, he or she could infer particular ports which authenticated users consistently use to communicate with the server. In this paper, we propose a new defense method, Honeyport, which can prevent the attackers from obtaining the information about ports and make them demotivated by disguising the server as peripherals. Furthermore, by adopting packet encryption as in IPSec, the attacker cannot obtain the critical information via packet sniffing in our proposed model.",

keywords = "Advance Encryption Standard, Destination Port, Transmission Control Protocol, User Datagram Protocol, Victim Server",

author = "Park, {Hyun Soo} and Jeon, {Young Bae} and Yoon, {Ji Won}",

year = "2017",

doi = "10.1007/978-3-319-49106-6_44",

language = "English",

series = "Lecture Notes on Data Engineering and Communications Technologies",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "453--465",

booktitle = "Lecture Notes on Data Engineering and Communications Technologies",

address = "Germany",

}

TY - CHAP

T1 - A new approach to building a disguised server using the honey port against general scanning attacks

AU - Park, Hyun Soo

AU - Jeon, Young Bae

AU - Yoon, Ji Won

PY - 2017

Y1 - 2017

N2 - The port scan is a well-known technique which malicious people often use before attacking a server. The attackers obtain the fingerprint of the target server by scanning ports and then make an attack scenario. Several approaches including the ‘port knocking’ and ‘Single Packet Authorization’ (SPA) have been developed to defense port scanning attack and allow only authenticated users to access ports. However, the approaches have a disadvantage that the attacker can obtain the information about the ports by applying inference techniques given observed patterns. If a router, connecting the server to the outside, is cracked by the attacker, he or she could infer particular ports which authenticated users consistently use to communicate with the server. In this paper, we propose a new defense method, Honeyport, which can prevent the attackers from obtaining the information about ports and make them demotivated by disguising the server as peripherals. Furthermore, by adopting packet encryption as in IPSec, the attacker cannot obtain the critical information via packet sniffing in our proposed model.

AB - The port scan is a well-known technique which malicious people often use before attacking a server. The attackers obtain the fingerprint of the target server by scanning ports and then make an attack scenario. Several approaches including the ‘port knocking’ and ‘Single Packet Authorization’ (SPA) have been developed to defense port scanning attack and allow only authenticated users to access ports. However, the approaches have a disadvantage that the attacker can obtain the information about the ports by applying inference techniques given observed patterns. If a router, connecting the server to the outside, is cracked by the attacker, he or she could infer particular ports which authenticated users consistently use to communicate with the server. In this paper, we propose a new defense method, Honeyport, which can prevent the attackers from obtaining the information about ports and make them demotivated by disguising the server as peripherals. Furthermore, by adopting packet encryption as in IPSec, the attacker cannot obtain the critical information via packet sniffing in our proposed model.

KW - Advance Encryption Standard

KW - Destination Port

KW - Transmission Control Protocol

KW - User Datagram Protocol

KW - Victim Server

UR - http://www.scopus.com/inward/record.url?scp=85090371235&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85090371235&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-49106-6_44

DO - 10.1007/978-3-319-49106-6_44

M3 - Chapter

AN - SCOPUS:85090371235

T3 - Lecture Notes on Data Engineering and Communications Technologies

SP - 453

EP - 465

BT - Lecture Notes on Data Engineering and Communications Technologies

PB - Springer Science and Business Media Deutschland GmbH

ER -

A new approach to building a disguised server using the honey port against general scanning attacks

Abstract

Publication series

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this