Predicting IPv4 Services Across All Ports
This work addresses the challenge of internet-wide scanning for security and topology analysis, providing a practical solution for researchers and security professionals by enabling efficient service discovery across all ports.
The paper tackles the problem of exhaustively scanning all IPv4 services across all ports, which is costly and bandwidth-intensive, by introducing GPS, a predictive system that learns from small samples to discover services efficiently. It achieves this by computing predictions in 13 minutes (four orders of magnitude faster than prior work), finding 92.5% of services with 131x less bandwidth and 204x more precision compared to exhaustive scanning.
Internet-wide scanning is commonly used to understand the topology and security of the Internet. However, IPv4 Internet scans have been limited to scanning only a subset of services -- exhaustively scanning all IPv4 services is too costly and no existing bandwidth-saving frameworks are designed to scan IPv4 addresses across all ports. In this work we introduce GPS, a system that efficiently discovers Internet services across all ports. GPS runs a predictive framework that learns from extremely small sample sizes and is highly parallelizable, allowing it to quickly find patterns between services across all 65K ports and a myriad of features. GPS computes service predictions in 13 minutes (four orders of magnitude faster than prior work) and finds 92.5% of services across all ports with 131x less bandwidth, and 204x more precision, compared to exhaustive scanning. GPS is the first work to show that, given at least two responsive IP addresses on a port to train from, predicting the majority of services across all ports is possible and practical.