Abstract: The ephemeral port of a probe UDP packet is populated with a first value that is a function of the destination address and destination port of a target as well as a random seed. The first value may also be a function of the local address of the server generating the probe UDP packet. The destination port of a response UDP packet is compared to a second value that is a function of the source address, source port, and the random seed, and possibly the destination address. If the destination port matches the second value, the response packet is determined not to be spoofed. Probe packets may be generated by multiple probes and labeled with a local address and index assigned to the probe to enable response packets to be mapped back to a probe.

Abstract: Various embodiments of apparatuses and methods for a continuous scanning engine with automatic protocol detection are described. In some embodiments, the continuous scanning engine comprises one or more discovery components and one or more protocol detection components. The discovery components, in some embodiments, send initial packets to a plurality of ports of a plurality of network addresses of a network, receive responses to a least some of the initial packets, asynchronously match the received responses to the sent initial packets, and determine that some ports at some network addresses require further analysis.

Abstract: Various embodiments of a scanning engine are described. In some embodiments, the scanning engine comprises discovery components associated with different Internet providers and/or protocol detection components associated with the different Internet providers. When a first discovery component associated with a first Internet provider does not receive a response from a port at an Internet address, then a second discovery component associated with a second Internet provider sends packets to that port at that Internet address to attempt to elicit a response. When a first protocol inspection component associated with a first Internet provider is not able to communicate with a port at an Internet address, then it provides information that can be obtained by a second protocol inspection component associated with a second Internet provider. That second protocol inspection component attempts to communicate with the port at the Internet address through the second Internet provider using various communication protocols.

Abstract: Various embodiments of apparatuses and methods for a continuous scanning engine with automatic protocol detection are described. In some embodiments, the continuous scanning engine comprises one or more discovery components and one or more protocol detection components. The discovery components, in some embodiments, send initial packets to a plurality of ports of a plurality of network addresses of a network, receive responses to a least some of the initial packets, asynchronously match the received responses to the sent initial packets, and determine that some ports at some network addresses require further analysis.

Abstract: Various embodiments of apparatuses and methods for a continuous scanning engine with automatic protocol detection are described. In some embodiments, the continuous scanning engine comprises one or more discovery components and one or more protocol detection components. The discovery components, in some embodiments, send initial packets to a plurality of ports of a plurality of network addresses of a network, receive responses to a least some of the initial packets, asynchronously match the received responses to the sent initial packets, and determine that some ports at some network addresses require further analysis.

Abstract: Various embodiments of a scanning engine are described. In some embodiments, the scanning engine comprises discovery components associated with different Internet providers and/or protocol detection components associated with the different Internet providers. When a first discovery component associated with a first Internet provider does not receive a response from a port at an Internet address, then a second discovery component associated with a second Internet provider sends packets to that port at that Internet address to attempt to elicit a response. When a first protocol inspection component associated with a first Internet provider is not able to communicate with a port at an Internet address, then it provides information that can be obtained by a second protocol inspection component associated with a second Internet provider. That second protocol inspection component attempts to communicate with the port at the Internet address through the second Internet provider using various communication protocols.