Open Access
Subscription Access
Connection Failure Message-based Approach for Detecting Sequential and Random Tcp Scanning
Network scanning is considered the first step for attackers to gain access to a targeted network. Attackers will blindly scan the network without any prior knowledge about the active service or host in the target network. Such blind scan will generate a high ratio of connection failure messages that come in the form of Internet Common Message Protocol type3 code1 (host unreachable) and TCP-RST packets. This paper proposes an approach for TCP random and sequential scanning detection on the basis of connection failure messages.
Keywords
Connection Failure, Network Scanning, TCP Random Scanning, TCP Sequential Scanning
User
Information
Abstract Views: 200
PDF Views: 0