ISBN: 978-981-14-4787-7 DOI: 10.18178/wcse.2020.06.052
Measure the Non-standard Port of Popular Protocols
Abstract— With the prosperity of the Internet, numerous network services have emerged. Many network services use non-standard, unregistered TCP/IP ports, which make the port-based firewall policy no longer effective. However, port-based firewalls are still deployed on the gateway of some local networks. As the application layer protocol increasing, network failures may increase due to the obsolete firewall policies. To make up this gap, our study aims to measure the port distribution of the popular Internet applications (e.g. WWW, P2P, multimedia). Using the flow-based traffic classification technique, we analyze the traffic collected from ISP and profile the characteristic of the protocols using non-standard ports. Our results show that a lot of application layer protocols are deployed on a wide range of non-standard ports. Particularly, both HTTP and SSL protocol, the two most popular protocols, account for a large proportion of non-standard port traffic, which is caused by the increasing web-based applications and the increasing of SSL-based encrypted traffic, respectively. Our measurement results demonstrate it is necessary to develop more fine-grained port-based firewall policies
Index Terms—traffic classification, non-standard port, port-based firewall, passive measurement
Chengshang Hou, Junzheng Shi, Gaopeng Gou, Zhen Li, Gang Xiong
Institute of Information Engineering, Chinese Academy of Sciences, CHINA
School of Cyber Security, University of Chinese Academy of Sciences, CHINA
Cite:Chengshang Hou, Junzheng Shi, Gaopeng Gou, Zhen Li, Gang Xiong" Measure the Non-standard Port of Popular Protocols " Proceedings of 2020 the 10th International Workshop on Computer Science and Engineering (WCSE 2020), pp. 347-352, Shanghai, China, 19-21 June, 2020.