Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
www.caida.org > publications : papers : 2014 : uncovering_network_tarpits_degreaser
Uncovering Network Tarpits with Degreaser
L. Alt, R. Beverly, and A. Dainotti, "Uncovering Network Tarpits with Degreaser", in Annual Computer Security Applications Conference (ACSAC), Dec 2014.
|   View full paper:    PDF    DOI    |  Citation:    BibTeX   |

Uncovering Network Tarpits with Degreaser

Lance Alt2
Robert Beverly2
Alberto Dainotti1
1

CAIDA, San Diego Supercomputer Center, University of California San Diego

2

Naval Postgraduate School

Network tarpits, whereby a single host or appliance can masquerade as many fake hosts on a network and slow network scanners, are a form of defensive cyber-deception. In this work, we develop degreaser, an efficient fingerprinting tool to remotely detect tarpits. In addition to validating our tool in a controlled environment, we use degreaser to perform an Internet-wide scan. We discover tarpits of non-trivial size in the wild (prefixes as large as /16), and characterize their distribution and behavior. We then show how tarpits pollute existing network measurement surveys that are tarpit-naive, e.g. Internet census data, and how degreaser can improve the accuracy of such surveys. Lastly, our findings suggest several ways in which to advance the realism of current network tarpits, thereby raising the bar on tarpits as an operational security mechanism.

Keywords: active data analysis, internet outages, measurement methodology, security
  Last Modified: Wed Oct-11-2017 17:04:04 PDT
  Page URL: http://www.caida.org/publications/papers/2014/uncovering_network_tarpits_degreaser/index.xml