Skip to main content

Automatically Determining a Network Reconnaissance Scope Using Passive Scanning Techniques

  • Conference paper
  • First Online:
Fourth International Congress on Information and Communication Technology

Abstract

The starting point of securing a network is having a concise overview of it. As networks are becoming more and more complex both in general and with the introduction of IoT technology and their topological peculiarities in particular, this is increasingly difficult to achieve. Especially, in cyber-physical environments, such as smart factories, gaining a reliable picture of the network can be, due to intertwining of a vast amount of devices and different protocols, a tedious task. Nevertheless, this work is necessary to conduct security audits, compare documentation with actual conditions or find vulnerabilities using an attacker’s view, for all of which a reliable topology overview is pivotal. For security auditors; however, there might not much information, such as asset management access, be available beforehand, which is why this paper assumes network to audit as a complete black box. The goal is, therefore, to set security auditors in a condition of, without having any a priori knowledge at all, automatically gaining a topology oversight. This paper describes, in the context of a bigger system that uses active scanning to determine the network topology, an approach to automate the first steps of this procedure: passively scanning the network and determining the network’s scope, as well as gaining a valid address to perform the active scanning. This allows for bootstrapping an automatic network discovery process without prior knowledge.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    This way, it can be prevented to assume a remote network (with more than one hop away) as current network.

  2. 2.

    3 of which were detected additionally through the still active-passive scanners (represented by the disjunct bubble in Fig. 4). This indicates that the hosts were not online at the very moment of the Nmap scan.

  3. 3.

    For instance with nmap -sn -Pn [network_portion]. This ensures traceroutes to be carried out, even when no active host resides in the network to be examined.

  4. 4.

    A possibility would be to compare the most distant addresses and, by binary splitting the set, keep comparing until the traceroutes are equal to yield actual subnetworks.

References

  1. Aboba, B.: Detecting Network Attachment (DNA) in IPv4. RFC Draft, Internet Engineering Task Force. https://tools.ietf.org/html/draft-ietf-dhc-dna-ipv4-15 (2005)

  2. Aboba, B., Carlson, J., Cheshire, S.: Detecting Network Attachment in IPv4 (DNAv4). RFC 4436, Internet Engineering Task Force (2006)

    Google Scholar 

  3. Adat, V., Gupta, B.B.: A DDoS attack mitigation framework for internet of things. In: 2017 International Conference on Communication and Signal Processing (ICCSP), pp. 2036–2041 (2017). https://doi.org/10.1109/ICCSP.2017.8286761

  4. Baker, F.: Requirements for IP Version 4 Routers. RFC 1812, Internet Engineering Task Force (1995)

    Google Scholar 

  5. Bonica, R., Cotton, M., Haberman, B., Vegoda, L.: Updates to the Special-Purpose IP Address Registries. RFC 8190, Internet Engineering Task Force (2017)

    Google Scholar 

  6. Braden, R.: Requirements for Internet Hosts—Communication Layers. RFC 1122, Internet Engineering Task Force (1989)

    Google Scholar 

  7. Cheshire, S., Aboba, B., Guttman, E.: Dynamic Configuration of IPv4 Link-Local Addresses. RFC 3927, Internet Engineering Task Force (2005)

    Google Scholar 

  8. Droms, R.: Dynamic Host Configuration Protocol. RFC 2131, Internet Engineering Task Force (1997)

    Google Scholar 

  9. Eastlake, D.E. (eds.): ICMP Router Discovery Messages. RFC 1256, Internet Engineering Task Force (1991)

    Google Scholar 

  10. Gont, F., Pignataro, C.: Formally Deprecating Some ICMPv4 Message Types. RFC 6918, Internet Engineering Task Force (2013)

    Google Scholar 

  11. Guttman, E.: Zero configuration networking. In: INET 2000 Proceedings. Yokohama, Japan. https://www.isoc.org/inet2000/cdproceedings/3c/3c_3.htm (2000)

  12. Marksteiner, S., Expósito Jiménez, V.J., Vallant, H., Zeiner, H.: An overview of wireless iot protocol security in the smart home domain. In: Proceedings of 2017 Internet of Things Business Models, Users, and Networks Conference (CTTE), pp. 1–8. IEEE, New York, NY, USA (2017). https://doi.org/10.1109/CTTE.2017.8260940

  13. Marksteiner, S., Lernbeiß, H., Jandl-Scherf, B.: An iterative and toolchain-based approach to automate scanning and mapping computer networks. In: Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense, SafeConfig’16, pp. 37–43. ACM, New York, NY, USA (2016). https://doi.org/10.1145/2994475.2994479. https://doi.org/10.1145/2994475.2994479

  14. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)

    Article  Google Scholar 

  15. Mogul, J.: Internet Subnets. RFC 917, Internet Engineering Task Force (1984)

    Google Scholar 

  16. Mogul, J., Postel, J.: Internet Standard Subnetting Procedure. RFC 950, Internet Engineering Task Force (1985)

    Google Scholar 

  17. Muelder, C., Ma, K.L., Bartoletti, T.: Interactive visualization for network and port scan detection. In: Recent Advances in Intrusion Detection, pp. 265–283. Springer (2005)

    Google Scholar 

  18. Pickett, G.: Port scanning without sending packets. Presentation at DEF CON 19. https://defcon.org/images/defcon-19/dc-19-presentations/Pickett/DEFCON-19-Pickett-Port-Scanning-Without-Packets.pdf (2011)

  19. Postel, J.: Internet Control Message Protocol. RFC 792, Internet Engineering Task Force (1981)

    Google Scholar 

  20. Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.J., Lear, E.: Address Allocation for Private Internets. RFC 1918, Internet Engineering Task Force (1996)

    Google Scholar 

  21. Siby, S.: Default TTL (time to live) values of different OS. http://subinsb.com/default-device-ttl-values/ (2014). Retrieved 06 Nov 2018

  22. Straka, K., Manes, G.: Passive detection of nat routers and client counting. In: Olivier, M.S., Shenoi, S. (eds.) Advances in Digital Forensics II, pp. 239–246. Springer, US, Boston, MA (2006)

    Chapter  Google Scholar 

  23. Williams, A.: Requirements for Automatic Configuration of IP Hosts. Internet-Draft, IETF Zeroconf Working Group. http://files.zeroconf.org/draft-ietf-zeroconf-reqts-12.txt (2002)

  24. Williams L.F., Jr.: A modification to the half-interval search (binary search) method. In: Proceedings of the 14th Annual Southeast Regional Conference, ACM-SE 14, pp. 95–101. ACM, New York, NY, USA. https://doi.org/10.1145/503561.503582 (1976). https://doi.org/10.1145/503561.503582

Download references

Acknowledgements

This work was partly supported by the Austrian Research Promotion Agency (FFG) within the ICT of the future grants program, grant nb. 863129 (project IoT4CPS), of the Federal Ministry for Transport, Innovation and Technology (BMVIT) and by the Federal Ministry of Defence (BMLV).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Stefan Marksteiner .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Marksteiner, S., Jandl-Scherf, B., Lernbeiß, H. (2020). Automatically Determining a Network Reconnaissance Scope Using Passive Scanning Techniques. In: Yang, XS., Sherratt, S., Dey, N., Joshi, A. (eds) Fourth International Congress on Information and Communication Technology. Advances in Intelligent Systems and Computing, vol 1027. Springer, Singapore. https://doi.org/10.1007/978-981-32-9343-4_11

Download citation

  • DOI: https://doi.org/10.1007/978-981-32-9343-4_11

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-32-9342-7

  • Online ISBN: 978-981-32-9343-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics