Abstract
Fast IPv4 scanning has enabled researchers to answer a wealth of security and networking questions. Yet, despite widespread use, there has been little validation of the methodology's accuracy, including whether a single scan provides sufficient coverage. In this paper, we analyze how scan origin affects the results of Internet-wide scans by completing three HTTP, HTTPS, and SSH scans from seven geographically and topologically diverse networks. We find that individual origins miss an average 1.6-8.4% of HTTP, 1.5-4.6% of HTTPS, and 8.3-18.2% of SSH hosts. We analyze why origins see different hosts, and show how permanent and temporary blocking, packet loss, geographic biases, and transient outages affect scan results. We discuss the implications for scanning and provide recommendations for future studies.
Original language | English |
---|---|
Title of host publication | IMC '20 |
Subtitle of host publication | Proceedings of the ACM Internet Measurement Conference |
Publisher | ACM SIGCOMM |
Pages | 662-679 |
Number of pages | 18 |
ISBN (Electronic) | 9781450381383 |
ISBN (Print) | 978-1-4503-8138-3 |
DOIs | |
Publication status | Published - Oct 2020 |
Event | ACM Internet Measurement Conference, IMC 2020 - Online Duration: 27 Oct 2020 → 29 Oct 2020 |
Conference
Conference | ACM Internet Measurement Conference, IMC 2020 |
---|---|
Abbreviated title | IMC |
Period | 27/10/20 → 29/10/20 |
Keywords
- Cybersecurity
- 22/3 OA procedure