Weekly Edition
Return to the Development page
| |||||||||||||
Here's what you find when you scan the entire Internet in an hour (The Washington Post)
Over at The Washington Post, Timothy B. Lee looks at the ZMap network scanning tool that was announced (slides [PDF]) at the USENIX Security conference on August 16. "In contrast, ZMap is "stateless," meaning that it sends out requests and then forgets about them. Instead of keeping a list of [outstanding] requests, ZMap cleverly encodes identifying information in outgoing packets so that it will be able to identify responses. The lower overhead of this approach allows ZMap to send out packets more than 1,000 times faster than Nmap. So while an Internet-wide scan with Nmap takes weeks, ZMap can (with a gigabit network connection) scan the entire Internet in 44 minutes." Beyond just the tool itself, Lee also looks at the results of some of the research that ZMap has facilitated in areas like HTTPS adoption, security flaw fixing, and when the internet sleeps.
(Log in to post comments)
Here's what you find when you scan the entire Internet in an hour (The Washington Post) Posted Aug 20, 2013 23:23 UTC (Tue) by PaulWay (✭ supporter ✭, #45600) [Link]
I mentioned this at work and a friend pointed out that Pakketo Keiretsu (http://freecode.com/projects/paketto) has been around for a couple of years ago. It apparently uses the same techniques. Did the Zmap people not do their research? Or are they different things?
Have fun,
Paul
Here's what you find when you scan the entire Internet in an hour (The Washington Post) Posted Aug 21, 2013 7:26 UTC (Wed) by alanjwylie (subscriber, #4794) [Link]
That would be the entire *IPv4* Internet.
Here's what you find when you scan the entire Internet in an hour (The Washington Post) Posted Aug 21, 2013 14:01 UTC (Wed) by raven667 (subscriber, #5198) [Link]
Although at that speed they should be able to scan a single IPv6 /64 subnet in 2 days, probably more quickly if you prioritize the more likely addresses.
Here's what you find when you scan the entire Internet in an hour (The Washington Post) Posted Aug 21, 2013 19:19 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]
2 days?
More like 2000 years.
Here's what you find when you scan the entire Internet in an hour (The Washington Post) Posted Aug 21, 2013 20:21 UTC (Wed) by johill (subscriber, #25196) [Link]
How did either of you arrive at those numbers?
If they're scanning the entire IPv4 internet in 44 minutes, that's ~2^32 addresses. A /64 is 2^32 times that much (since 32+32=64), which seems it would be ~360k years?
Or did I totally get it wrong somewhere?
Here's what you find when you scan the entire Internet in an hour (The Washington Post) Posted Aug 21, 2013 20:24 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]
Well, I knew that 1 gigasecond is about 20 years. So if we're looking at 44 minutes times ~4 gigaseconds then it's going to be at least thousands of years.
I hadn't calculated the number exactly - if something is going to take more than a thousand years then it doesn't really matter.
Here's what you find when you scan the entire Internet in an hour (The Washington Post) Posted Aug 28, 2013 16:24 UTC (Wed) by mathstuf (subscriber, #69389) [Link]
> Well, I knew that 1 gigasecond is about 20 years.
30 is much better (it's actually 31.69).
Here's what you find when you scan the entire Internet in an hour (The Washington Post) Posted Aug 29, 2013 8:44 UTC (Thu) by anselm (subscriber, #2796) [Link] The usual quip is »π seconds are a nanocentury«.
Here's what you find when you scan the entire Internet in an hour (The Washington Post) Posted Aug 28, 2013 9:14 UTC (Wed) by robbe (subscriber, #16131) [Link]
If you use straight-forward SLAAC, no privacy extensions, two days is remarkably accurate: The three vendor bytes actually have only about 14 bits allocated by IEEE at the moment. So the MAC gives 2^(14+24) in total, which is only 64 times larger than the IPv4 space. Times 44 minutes is 1.96 days.
|
|||||||||||||