I Still Know Who You Scanned Last Summer: An Update on the Landscape of Internet Scanners
摘要
The proliferation of Internet-connected services and devices has led to more vulnerabilities on the Internet. These vulnerabilities are often discovered through Internet-wide scans conducted by various groups of users with different intentions, both benign and malicious. This work investigates these scanning activities by operating six globally distributed honeypots over a 20-month period. We examine scanning organizations, which scanning tools they use, and their behavioral patterns, e.g., the number of scans and covered ports. We observe that the introduction of new services on the honeypots, namely SSH, Telnet, HTTP, and HTTPS, correlates with a general increase in scanning activity. We identify temporally focused scanning patterns that indicate strategic approaches by different scanning entities. In this analysis, we found that the scanning tools were not being updated frequently, possibly due to the need to adapt the interaction between tools or due to the risk of new bugs. This study provides valuable insights on the evolving landscape of Internet-wide scanning and its implications for cybersecurity.