Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis > publications : papers : 2014 : uncovering_network_tarpits_degreaser
Uncovering Network Tarpits with Degreaser
L. Alt, R. Beverly, and A. Dainotti, "Uncovering Network Tarpits with Degreaser", in Annual Computer Security Applications Conference (ACSAC), Dec 2014.
|   View full paper:    PDF    DOI    |  Citation:    BibTeX    Resource Catalog   |

Uncovering Network Tarpits with Degreaser

Lance Alt2
Robert Beverly2
Alberto Dainotti1

CAIDA, San Diego Supercomputer Center, University of California San Diego


Naval Postgraduate School

Network tarpits, whereby a single host or appliance can masquerade as many fake hosts on a network and slow network scanners, are a form of defensive cyber-deception. In this work, we develop degreaser, an efficient fingerprinting tool to remotely detect tarpits. In addition to validating our tool in a controlled environment, we use degreaser to perform an Internet-wide scan. We discover tarpits of non-trivial size in the wild (prefixes as large as /16), and characterize their distribution and behavior. We then show how tarpits pollute existing network measurement surveys that are tarpit-naive, e.g. Internet census data, and how degreaser can improve the accuracy of such surveys. Lastly, our findings suggest several ways in which to advance the realism of current network tarpits, thereby raising the bar on tarpits as an operational security mechanism.

Keywords: active data analysis, internet outages, measurement methodology, security
  Last Modified: Tue Nov-17-2020 04:47:22 UTC
  Page URL: