Uncovering Network Tarpits with Degreaser
Network tarpits, whereby a single host or appliance can masquerade as many fake hosts on a network and slow network scanners, are a form of defensive cyber-deception. In this paper, the authors develop degreaser, an efficient fingerprinting tool to remotely detect tarpits. In addition to validating their tool in a controlled environment, they use degreaser to perform an Internet-wide scan. They discover tarpits of non-trivial size in the wild (prefixes as large as /16), and characterize their distribution and behavior. They then show how tarpits pollute existing network measurement surveys that are tarpit-naive, e.g. Internet census data, and how degreaser can improve the accuracy of such surveys.