Quantitative and qualitative evaluation of TCP target ports through active network telescope

Quantitative and qualitative evaluation of TCP target ports through active network telescope

연구 분야: Networking

학회: International Journal of Information Technology

Network Telescopes is emerging as one of the popular tools amongst security researchers world-wide. Internet traffic destined to a routable, yet unused address block is often referred to as Internet Background Radiation (IBR) and characterized as unsolicited. IBR is largely composed of network and port scanning traffic, backscatter from IP address spoofing and misconfigured network devices. This research provides a framework for the utilization of the IBR data collected from a pool of 210 IP addresses belonging to a /24 Active Network Telescope. The size of data set is of the order of 1.1 billion Transmission Control Protocol (TCP) connections collected between 27th March 2022 and 25th February 2023. Using this data and associated analysis tools developed, we address the following (1) distribution of TCP packets from top 5 ports and top 5 countries. (2) Appearance of new TCP ports as a function of week. (3) Nature of the underlying traffic like their country of origin, autonomous system numbers, etc. (4) Geographical distributions of IP addresses, with and without payload. (5) Trend of new targeted ports over a much longer duration using legacy data available from the active network telescope. (6) Distribution of IBR traffic across the monitored IP address range.