Mäurer, N. (2015):

Efficient scans in a research network

The Leibniz Supercomputing Centre (LRZ) is the provider of Munich's largest research network, the Munich Scientific Network (MWN). As the MWN is not a supervised company network, but a peripherally organized university network, port scans are required to get an overview about activities and the difference between actual and desired state within the network. Due to long scan times with the port scanner Nmap, used thus far for scanning the MWN, this thesis gathers new port scanners like Masscan and ZMap, compares and evaluates them and comes to the solution, that Masscan is currently best suited for scanning the entire MWN. Additionally, since October 2014, a new SSL/TLS security breach named POODLE (Padding Oracle on Downgraded Legacy Encryption) is known and the most secure way to prevent it, is to disable SSL 3.0 and older versions. This is the second task this thesis fulfills: providing a fast solution regarding SSL 3.0 fallback detection. To fulfill this goal, a new scanning evaluation tool is developed, introduced and used to scan the MWN with 500,000 hosts is scanned. Interesting information is saved containing IPs, open ports, services, OSes and vulnerabilities. More than 2000 hosts were detected with SSL 3.0 enabled. Furthermore a part of the MWN was detected to be unable to withstand a packet rate of more than 200 kpps and three hosts were identified, with almost half of all possible ports open.