Beyond Telnet: Prevalence of IoT Protocols in Telescope and Honeypot Measurements
Title | Beyond Telnet: Prevalence of IoT Protocols in Telescope and Honeypot Measurements |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Metongnon, Lionel, Sadre, Ramin |
Conference Name | Proceedings of the 2018 Workshop on Traffic Measurements for Cybersecurity |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-5910-8 |
Keywords | honey pots, Human Behavior, human factors, internet measurement, IoT, IoT attacks, IoT protocols, pubcrawl, resilience, Resiliency, Scalability |
Abstract | With the arrival of the Internet of Things (IoT), more devices appear online with default credentials or lacking proper security protocols. Consequently, we have seen a rise of powerful DDoS attacks originating from IoT devices in the last years. In most cases the devices were infected by bot malware through the telnet protocol. This has lead to several honeypot studies on telnet-based attacks. However, IoT installations also involve other protocols, for example for Machine-to-Machine communication. Those protocols often provide by default only little security. In this paper, we present a measurement study on attacks against or based on those protocols. To this end, we use data obtained from a /15 network telescope and three honey-pots with 15 IPv4 addresses. We find that telnet-based malware is still widely used and that infected devices are employed not only for DDoS attacks but also for crypto-currency mining. We also see, although at a much lesser frequency, that attackers are looking for IoT-specific services using MQTT, CoAP, UPnP, and HNAP, and that they target vulnerabilities of routers and cameras with HTTP. |
URL | https://dl.acm.org/doi/10.1145/3229598.3229604 |
DOI | 10.1145/3229598.3229604 |
Citation Key | metongnon_beyond_2018 |