TY - CHAP
T1 - A new approach to building a disguised server using the honey port against general scanning attacks
AU - Park, Hyun Soo
AU - Jeon, Young Bae
AU - Yoon, Ji Won
N1 - Publisher Copyright:
© Springer International Publishing AG 2017.
Copyright:
Copyright 2021 Elsevier B.V., All rights reserved.
PY - 2017
Y1 - 2017
N2 - The port scan is a well-known technique which malicious people often use before attacking a server. The attackers obtain the fingerprint of the target server by scanning ports and then make an attack scenario. Several approaches including the ‘port knocking’ and ‘Single Packet Authorization’ (SPA) have been developed to defense port scanning attack and allow only authenticated users to access ports. However, the approaches have a disadvantage that the attacker can obtain the information about the ports by applying inference techniques given observed patterns. If a router, connecting the server to the outside, is cracked by the attacker, he or she could infer particular ports which authenticated users consistently use to communicate with the server. In this paper, we propose a new defense method, Honeyport, which can prevent the attackers from obtaining the information about ports and make them demotivated by disguising the server as peripherals. Furthermore, by adopting packet encryption as in IPSec, the attacker cannot obtain the critical information via packet sniffing in our proposed model.
AB - The port scan is a well-known technique which malicious people often use before attacking a server. The attackers obtain the fingerprint of the target server by scanning ports and then make an attack scenario. Several approaches including the ‘port knocking’ and ‘Single Packet Authorization’ (SPA) have been developed to defense port scanning attack and allow only authenticated users to access ports. However, the approaches have a disadvantage that the attacker can obtain the information about the ports by applying inference techniques given observed patterns. If a router, connecting the server to the outside, is cracked by the attacker, he or she could infer particular ports which authenticated users consistently use to communicate with the server. In this paper, we propose a new defense method, Honeyport, which can prevent the attackers from obtaining the information about ports and make them demotivated by disguising the server as peripherals. Furthermore, by adopting packet encryption as in IPSec, the attacker cannot obtain the critical information via packet sniffing in our proposed model.
KW - Advance Encryption Standard
KW - Destination Port
KW - Transmission Control Protocol
KW - User Datagram Protocol
KW - Victim Server
UR - http://www.scopus.com/inward/record.url?scp=85090371235&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85090371235&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-49106-6_44
DO - 10.1007/978-3-319-49106-6_44
M3 - Chapter
AN - SCOPUS:85090371235
T3 - Lecture Notes on Data Engineering and Communications Technologies
SP - 453
EP - 465
BT - Lecture Notes on Data Engineering and Communications Technologies
PB - Springer Science and Business Media Deutschland GmbH
ER -