Visible to the public Beyond Telnet: Prevalence of IoT Protocols in Telescope and Honeypot Measurements

TitleBeyond Telnet: Prevalence of IoT Protocols in Telescope and Honeypot Measurements
Publication TypeConference Paper
Year of Publication2018
AuthorsMetongnon, Lionel, Sadre, Ramin
Conference NameProceedings of the 2018 Workshop on Traffic Measurements for Cybersecurity
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5910-8
Keywordshoney pots, Human Behavior, human factors, internet measurement, IoT, IoT attacks, IoT protocols, pubcrawl, resilience, Resiliency, Scalability
Abstract

With the arrival of the Internet of Things (IoT), more devices appear online with default credentials or lacking proper security protocols. Consequently, we have seen a rise of powerful DDoS attacks originating from IoT devices in the last years. In most cases the devices were infected by bot malware through the telnet protocol. This has lead to several honeypot studies on telnet-based attacks. However, IoT installations also involve other protocols, for example for Machine-to-Machine communication. Those protocols often provide by default only little security. In this paper, we present a measurement study on attacks against or based on those protocols. To this end, we use data obtained from a /15 network telescope and three honey-pots with 15 IPv4 addresses. We find that telnet-based malware is still widely used and that infected devices are employed not only for DDoS attacks but also for crypto-currency mining. We also see, although at a much lesser frequency, that attackers are looking for IoT-specific services using MQTT, CoAP, UPnP, and HNAP, and that they target vulnerabilities of routers and cameras with HTTP.

URLhttps://dl.acm.org/doi/10.1145/3229598.3229604
DOI10.1145/3229598.3229604
Citation Keymetongnon_beyond_2018