A New Approach to Building a Disguised Server Using the Honey Port Against General Scanning Attacks
- 주제(키워드) Network
- 발행기관 고려대학교 정보보호대학원
- 지도교수 윤지원
- 발행년도 2017
- 학위수여년월 2017. 8
- 학위구분 석사
- 학과 정보보호대학원 정보보호학과
- 원문페이지 35 p
- 실제URI http://www.dcollection.net/handler/korea/000000077061
- 본문언어 영어
- 제출원본 000045915508
초록/요약
The port scan is a well-known technique which malicious people often use before attacking a server. The attackers obtain the fingerprint of the target server by scanning ports and then make an attack scenario. Several approaches including the ‘port knocking’ and ‘Single Packet Authorization’ (SPA) have been developed to defense port scanning attack and allow only authenticated users to access ports. However, the approaches have a disadvantage that the attacker can obtain the information about the ports by applying inference techniques given observed patterns. If a router, connecting the server to the outside, is cracked by the attacker, he or she could infer particular ports which authenticated users consistently use to communicate with the server. In this paper, we propose a new defense method, Honeyport, which can prevent the attackers from obtaining the information about ports and make them demotivated by disguising the server as peripherals. Furthermore, by adopting packet encryption as in IPSec, the attacker cannot obtain the critical information via packet sniffing in our proposed model.
more목차
Contents
1 Introduction 1
2 Background 3
2.1 Port Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2 Port Knocking . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3 Single Packet Authorization . . . . . . . . . . . . . . . . . . . 6
3 Proposal Algorithm 7
3.1 Listener . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 Sender . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.3 Spoofer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4 Result 20
5 Conclusion 24
