Connection Failure Message-based Approach for Detecting Sequential and Random TCP Scanning

Mohammed Anbar; Sureswaran Ramadass; Selvakumar Manickam  and Alhamza Al Wardi

doi:10.17485/ijst/2014/v7i5.8

Article

Connection Failure Message-based Approach for Detecting Sequential and Random TCP Scanning

VIEWS 742
PDF 321

Abstract
Full-Text HTML
Full-Text PDF
How to Cite

Indian Journal of Science and Technology

DOI: 10.17485/ijst/2014/v7i5.8

Year: 2014, Volume: 7, Issue: 5, Pages: 628–636

Original Article

Connection Failure Message-based Approach for Detecting Sequential and Random TCP Scanning

Mohammed Anbar^1*, Sureswaran Ramadass¹ , Selvakumar Manickam¹ and Alhamza Al-Wardi²

1 National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia; anbar@nav6.org, sures@nav6.or, selva@nav6.org
2 Universiti Malaysia Perlis 02600 UNIMAP, Perlis, Malaysia; esraa@nav6.org

This work is licensed under a Creative Commons Attribution 4.0 International License.

Abstract

Network scanning is considered the first step for attackers to gain access to a targeted network. Attackers will blindly scan the network without any prior knowledge about the active service or host in the target network. Such blind scan will generate a high ratio of connection failure messages that come in the form of Internet Common Message Protocol type3 code1 (host unreachable) and TCP-RST packets. This paper proposes an approach for TCP random and sequential scanning detection on the basis of connection failure messages.

Keywords: Connection Failure, Network Scanning, TCP Random Scanning, TCP Sequential Scanning