Sneaking Past the Firewall: Quantifying the Unexpected Traffic on Major TCP and UDP Ports
| Title | Sneaking Past the Firewall: Quantifying the Unexpected Traffic on Major TCP and UDP Ports |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Alcock, Shane, Möller, Jean-Pierre, Nelson, Richard |
| Conference Name | Proceedings of the 2016 Internet Measurement Conference |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4526-2 |
| Keywords | application protocols, composability, deep packet inspection, firewalls, Metrics, pubcrawl, Scalability, Traffic classification |
| Abstract | This study aims to identify and quantify applications that are making use of port numbers that are typically associated with other major Internet applications (i.e. port 53, 80, 123, 443, 8000 and 8080) to bypass port-based traffic controls such as firewalls. We use lightweight packet inspection to examine each flow observed using these ports on our campus network over the course of a week in September 2015 and identify applications that are producing network traffic that does not match the expected application for each port. We find that there are numerous programs that co-opt the port numbers of major Internet applications on our campus, many of which are Chinese in origin and are not recognized by existing traffic classification tools. As a result of our investigation, new rules for identifying over 20 new applications have been made available to the research community. |
| URL | http://doi.acm.org/10.1145/2987443.2987447 |
| DOI | 10.1145/2987443.2987447 |
| Citation Key | alcock_sneaking_2016 |