IIT Home Page CNR Home Page

How long does it take before a new Internet node is contacted for the very first time?

When connecting to the Internet a new device (e.g. a computer, a server, a consumer IoT device, etc.) that publicly exposes - i.e. uses a public IPv4 address - any service on any given TCP port (e.g. TELNET on port TCP/23, etc.), the new connected node could be remotely contacted by other network nodes that, both legitimately and maliciously, could attempt to remotely connect to the exposed service. To know if a remote connection attempt comes from a legitimate or a malicious node, it is possible to use a honeypot: a network node that acts as the new device, but actually works as a malicious nodes bait. The latter allows making the assumption that all the attempts, incoming to the honeypot, comes from malicious nodes. In this case, how long does it take before a malicious node attempts to remotely connect to the honeypot, for the very first time since it has been connected to the Internet? This article gives an answer to the latter question, describing both network and software environments used to get the appropriate measurements discussed within this document.


2018

Autori IIT:

Tipo: Rapporto Tecnico
Area di disciplina: Computer Science & Engineering
IIT TR-03/2018

File: IIT-03-2018.pdf

Attività: Rete telematica del CNR di Pisa