Cited By
View all- Liu YZhu WMa CHuang C(2024)Active Detection Based NTP Device Attribute DetectionWireless Artificial Intelligent Computing Systems and Applications10.1007/978-3-031-71464-1_15(173-183)Online publication date: 13-Nov-2024
Switches are Scanners Too!: A Fast and Scalable In-Network Scanner with Programmable Switches
Pages 77 - 83
Abstract
Network scanning has been a standard measurement technique to understand the network's security situations, however, probing a large-scale scanning space with existing network scanners is both difficult and slow. To address this issue, we introduce IMap, a fast and scalable in-network scanner based on programmable switches. In designing IMap, we overcome key restrictions posed by computation models and memory resources of programmable switches, and devise numerous techniques and optimizations to turn a switch into a practical high-speed network scanner. We conduct preliminary experiments on the open-source prototype of IMap and evaluation results show that IMap can survey all addresses (i.e., 6 Class B Addresses) and all ports of our campus network in 8 minutes, nearly 4 times faster than state-of-the-art network scanners. As an ongoing work, we plan to continuously improve the design and implementation of IMap, and hope IMap can serve as a foundation for designing next-generation terabit network scanners.
References
[1]
David Adrian, Zakir Durumeric, Gulshan Singh, and J Alex Halderman. 2014. Zippier zmap: internet-wide scanning at 10 gbps. In 8th {USENIX} Workshop on Offensive Technologies ({WOOT} 14). USENIX, San Diego, CA.
[2]
Johanna Amann, Oliver Gasser, Quirin Scheitle, Lexi Brent, Georg Carle, and Ralph Holz. 2017. Mission accomplished? HTTPS security after DigiNotar. In Proceedings of the 2017 Internet Measurement Conference. ACM, New York, USA, 325--340.
[3]
Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J Alex Halderman, Viktor Dukhovni, et al. 2016. {DROWN}: Breaking {TLS} Using SSLv2. In 25th {USENIX} Security Symposium ({USENIX} Security 16). USENIX, Austin, TX, 689--706.
[4]
AVSystem. 2021. 5G IoT: What does 5G mean for IoT? https://www.avsystem.com/blog/5g-iot/. (2021).
[5]
D. J. Bernstein. 2021. SYN cookies. https://cr.yp.to/syncookies.html. (2021).
[6]
Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, and Jean Karim Zinzindohoue. 2015. A messy state of the union: Taming the composite state machines of TLS. In 2015 IEEE Symposium on Security and Privacy. IEEE, IEEE, San Jose, CA, USA, 535--552.
[7]
Pat Bosshart, Dan Daly, Glen Gibb, Martin Izzard, Nick McKeown, Jennifer Rexford, Cole Schlesinger, Dan Talayco, Amin Vahdat, George Varghese, et al. 2014. P4: Programming protocol-independent packet processors. ACM SIGCOMM Computer Communication Review 44, 3 (2014), 87--95.
[8]
Pat Bosshart, Glen Gibb, Hun-Seok Kim, George Varghese, Nick McKeown, Martin Izzard, Fernando Mujica, and Mark Horowitz. 2013. Forwarding metamorphosis: Fast programmable match-action processing in hardware for SDN. ACM SIGCOMM Computer Communication Review 43, 4 (2013), 99--110.
[9]
Stephen Checkoway, Ruben Niederhagen, Adam Everspaugh, Matthew Green, Tanja Lange, Thomas Ristenpart, Daniel J Bernstein, Jake Maskiewicz, Hovav Shacham, and Matthew Fredrikson. 2014. On the practical exploitability of dual {EC} in {TLS} implementations. In 23rd {USENIX} Security Symposium ({USENIX} Security 14). USENIX, San Diego, CA, 319--335.
[10]
Cisco. 2021. Best Practices in Core Network Capacity Planning White Paper. https://www.cisco.com/c/en/us/products/collateral/routers/ wan-automation-engine/white_paper_c11-728551.html. (2021).
[11]
Intel DPDK. 2021. Learn How To Get Involved With DPDK. https://www.dpdk.org/. (2021).
[12]
Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Elie Bursztein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, and J Alex Halderman. 2015. Neither snow nor rain nor MITM... an empirical analysis of email delivery security. In Proceedings of the 2015 Internet Measurement Conference. ACM, New York, USA, 27--39.
[13]
Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2013. ZMap: Fast Internet-wide scanning and its security applications. In 22nd {USENIX} Security Symposium ({ USENIX} Security 13). USENIX, Washington, D.C., USA, 605--620.
[14]
Arpit Gupta, Rob Harrison, Marco Canini, Nick Feamster, Jennifer Rexford, and Walter Willinger. 2018. Sonata: Query-driven streaming network telemetry. In Proceedings of the 2018 conference of the ACM special interest group on data communication. 357--371.
[15]
Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2012. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In 21st {USENIX} Security Symposium ({USENIX} Security 12). USENIX, Bellevue, WA, 205--220.
[16]
Ralph Holz, Johanna Amann, Olivier Mehani, Matthias Wachs, and Mohamed Ali Kaafar. 2016. TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication. In Symposium on Network and Distributed System Security (NDSS). Internet Society, San Diego, CA, USA.
[17]
IMapScanner. 2021. IMap. https://github.com/IMapScanner/IMap.git. (2021).
[18]
Intel. 2021. Intel Tofino: P4-programmable Ethernet switch ASIC that delivers better performance at lower power. https://www.intel.com/content/www/us/en/products/network-io/programmable-ethernet-switch/tofino-series.html. (2021).
[19]
Google Ipv6. 2021. IPv6 Adoption. https://www.google.com/intl/en/ipv6/statistics.html. (2021).
[20]
Xin Jin, Xiaozhou Li, Haoyu Zhang, Nate Foster, Jeongkeun Lee, Robert Soulé, Changhoon Kim, and Ion Stoica. 2018. Netchain: Scale-free subrtt coordination. In 15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 18). USENIX, Renton, WA, USA, 35--49.
[21]
Redis Labs. 2021. Redis. https://redis.io/. (2021).
[22]
Masscan. 2021. Masscan: Mass IP port scanner. https://github.com/robertdavidgraham/masscan. (2021).
[23]
Rui Miao, Hongyi Zeng, Changhoon Kim, Jeongkeun Lee, and Minlan Yu. 2017. Silkroad: Making stateful layer-4 load balancing fast and cheap using switching asics. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication. 15--28.
[24]
NMAP.ORG. 2021. Nmap. https://nmap.org/. (2021).
[25]
Aurojit Panda, Sangjin Han, Keon Jang, Melvin Walls, Sylvia Ratnasamy, and Scott Shenker. 2016. NetBricks: Taking the V out of {NFV}. In 12th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 16). 203--216.
[26]
Philipp Richter, Georgios Smaragdakis, David Plonka, and Arthur Berger. 2016. Beyond counting: new perspectives on the active IPv4 address space. In Proceedings of the 2016 Internet Measurement Conference. ACM, New York, USA, 135--149.
[27]
Vybint. 2021. 15 Alarming Cyber Security Facts and Stats. https://www.cybintsolutions.com/cyber-security-facts-stats/. (2021).
[28]
W3Techs. 2021. Usage statistics of IPv6 for websites. https://w3techs.com/technologies/details/ce-ipv6. (2021).
[29]
Dai Zhang, Yu Zhou, Zhaowei Xi, Yangyang Wang, Mingwei Xu, and Jianping Wu. 2021. Hypertester: high-performance network testing driven by programmable switches. IEEE/ACM Transactions on Networking (2021).
[30]
Menghao Zhang, Jun Bi, Kai Gao, Yi Qiao, Guanyu Li, Xiao Kong, Zhaogeng Li, and Hongxin Hu. 2019. Tripod: Towards a scalable, efficient and resilient cloud gateway. IEEE Journal on Selected Areas in Communications 37, 3 (2019), 570--585.
[31]
ZMap. 2021. ZMap: The Internet Scanner. https://github.com/zmap/zmap. (2021).
Index Terms
- Switches are Scanners Too!: A Fast and Scalable In-Network Scanner with Programmable Switches
Index terms have been assigned to the content through auto-classification.
Recommendations
Scanning the Scanners: Sensing the Internet from a Massively Distributed Network Telescope
IMC '19: Proceedings of the Internet Measurement ConferenceScanning of hosts on the Internet to identify vulnerable devices and services is a key component in many of today's cyberattacks. Tracking this scanning activity, in turn, provides an excellent signal to assess the current state-of-affairs for many ...
Intrinsic sensor noise features for forensic analysis on scanners and scanned images
A large portion of digital images available today are acquired using digital cameras or scanners. While cameras provide digital reproduction of natural scenes, scanners are often used to capture hard-copy art in a more controlled environment. In this ...
Flatbed colour scanners
Most pages of text or graphical materials in a library are black-and-white and most of the work that a scanner will do involves black-and-white images. Yet, it makes sense to buy a scanner capable of processing colour images. The difference in cost ...
Comments
Information & Contributors
Information
Published In
November 2021
246 pages
ISBN:9781450390873
DOI:10.1145/3484266
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 November 2021
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- the National Natural Science Foundation of China
- the National Key R&D Program of China
Conference
HotNets '21
Sponsor:
HotNets '21: The 20th ACM Workshop on Hot Topics in Networks
November 10 - 12, 2021
Virtual Event, United Kingdom
Acceptance Rates
Overall Acceptance Rate 110 of 460 submissions, 24%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 242Total Downloads
- Downloads (Last 12 months)23
- Downloads (Last 6 weeks)2
Reflects downloads up to 01 Mar 2025
Other Metrics
Citations
Cited By
View all- Liu YZhu WMa CHuang C(2024)Active Detection Based NTP Device Attribute DetectionWireless Artificial Intelligent Computing Systems and Applications10.1007/978-3-031-71464-1_15(173-183)Online publication date: 13-Nov-2024
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in