A malicious actor who gains access to an organization's file server, mail server or database server is capable of causing severe damage to the organization. In order to gain access to one of the above services, an attacker may first gain access to the network and then determine which machine within the network is hosting the service. One common way of determining the host of a service after gaining access to a network is monitoring traffic on the network and observing which traffic is routed to which host as well as which ports the traffic is routed through.
Traditional systems for securing networks often focus on preventing attackers from gaining access to the network, but may have no process for mitigating an attack once it has progressed past that stage. Some traditional systems may revolve around preventing data exfiltration once critical servers have been accessed. In some examples, traditional systems may be focused on detecting network intrusions by potentially malicious actors. Traditional systems for securing networks may not include any measures for preventing attackers from identifying which hosts provide which services on a network. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for obscuring network services.