Understanding Passive and Active Service Discovery. Bartlett, G., Heidemann, J., & Papadopoulos, C. In Proceedings of the ACM Internet Measurement Conference, pages to appear, San Diego, California, USA, October, 2007. ACM.
Understanding Passive and Active Service Discovery [link]Paper  abstract   bibtex   
Increasingly, network operators do not directly operate computers on their network, yet are responsible for assessing network vulnerabilities to ensure compliance with laws and policies about information disclosure, and tracking services that affect provisioning. Thus, with decentralized network management, \emphservice discovery becomes an important part of maintaining and protecting computer networks. We explore two approaches to service discovery: \emphactive probing and \emphpassive monitoring. Active probing finds all services currently on the network, except services temporarily unavailable or hidden by firewalls; however, it is often too invasive, especially if used across administrative boundaries. Passive monitoring is typically much slower and can find transient services, but misses services that are idle. We compare the accuracy of passive and active approaches to service discovery and show that they are complimentary, highlighting the need for multiple active scans coupled with long-duration passive monitoring. We find passive monitoring is well suited for quickly finding popular services, finding servers responsible for 99% of incoming connections within minutes. Active scanning is better suited to rapidly finding \emphall servers, which is important for vulnerability detection–one scan finds 98% of services in two hours, missing only a handful. External scans are an unexpected ally to passive monitoring, speeding service discovery by the equivalent of 9–15 days of additional observation. Finally, we show how the use of static or dynamic addresses changes the effectiveness of service discovery, both due to address reuse and VPN effects.
@InProceedings{Bartlett07d,
	author = 	"Genevieve Bartlett and John Heidemann and Christos Papadopoulos",
	title = 	"Understanding Passive and Active Service
                         Discovery",
	booktitle = 	"Proceedings of the " # "ACM Internet Measurement Conference",
	year = 		2007,
	sortdate = 		"2007-10-01", 
	publisher =	"ACM",
	address =	"San Diego, California, USA",
	month =		oct,
	pages =		"to appear",
	jlocation =	"johnh: pafile",
	keywords =	"passive service discovery, active service discovery",
	project = "ant, lander, predict",
	jsubject = "traffic_detection",
	url =		"https://ant.isi.edu/%7ejohnh/PAPERS/Bartlett07d.html",
	pdfurl =		"https://ant.isi.edu/%7ejohnh/PAPERS/Bartlett07d.pdf",
	myorganization =	"USC/Information Sciences Institute",
	copyrightholder = "ACM",
	copyrightterms = "Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. ",
	abstract = "
Increasingly, network operators do not directly operate computers on
their network, yet are responsible for assessing network
vulnerabilities to ensure compliance with laws and policies about
information disclosure, and tracking services that affect
provisioning.  Thus, with decentralized network management,
\emph{service discovery} becomes an important part of maintaining and
protecting computer networks.  We explore two approaches to service
discovery:  \emph{active probing} and \emph{passive monitoring}.
Active probing finds all services currently on the network, except
services temporarily unavailable or hidden by firewalls; however, it
is often too invasive, especially if used across administrative
boundaries.  Passive monitoring is typically much slower and can find
transient services, but misses services that are idle.  We compare the
accuracy of passive and active approaches to service discovery and
show that they are complimentary, highlighting the need for multiple
active scans coupled with long-duration passive monitoring.  We find
passive monitoring is well suited for quickly finding popular
services, finding servers responsible for 99\% of incoming connections
within minutes.  Active scanning is better suited to rapidly finding
\emph{all} servers, which is important for vulnerability
detection--one scan finds 98\% of services in two hours, missing only
a handful.  External scans are an unexpected ally to passive
monitoring, speeding service discovery by the equivalent of 9--15 days
of additional observation.  Finally, we show how the use of static or
dynamic addresses changes the effectiveness of service discovery, both
due to address reuse and VPN effects.
",
}
Downloads: 0
About
Documentation
Keywords
Search
Users
Terms and Conditions of Use
Privacy Policy
Sitemap
© BibBase.org 2021