Feeds

back to article New tool lets single server map entire internet in 45 minutes

Researchers at the University of Michigan have developed a new tool that allows a single server with a gigabit Ethernet port to scan the internet so quickly that it can map 98 per cent of the world's IPv4 connections in under 45 minutes. Mapping internet nodes is nothing new – companies and researchers have been doing it for …

COMMENTS

This topic is closed for new posts.
Silver badge

Impressive Achievement

Congrats.

9
0
Anonymous Coward

Re: Impressive Achievement

Impressive indeed. Good job ipv6 is on the way. For the same trick there I estimate it would take a little over 6,000 years to complete the scan. Having said that I bet you can't achieve the same optimisations with ipv6: addresses are longer so packet size limitations kick in earlier. Call it 9,000 years ... ish. I'll be dead and gone to a better place before that becomes a problem I need to worry about :-)

0
0

For years...

NMap has always been a slow tool, and faster tools have existed for years... Google for `synscan', a stateless tcp port scanning tool... It just fires out packets and a second process waits for any responses that might be received.

0
0
Anonymous Coward

Re: For years...

Didn't you mean "scanrand" ?

"Synscan" is an astronomy program for aligning telescopes.

1
0
Silver badge

Devastation United

There is absolutey no doubt that a dark version of this tool will spring up as fast as an Interweb-Zuck-Meme.........

The daring virus, malware, spammer etc won't have to wait hours or days for meaningfull results, instead they will only be waiting minutes..... I hear a distant bell ringing "Moore's Law" doesn't only apply to IC, it also appears to apply to many different technologies/ideas.

Encoding the details in the returned packet, simple and very clever...... Kudos to the researchers.

1
0
Bronze badge

Re: Devastation United

Encoding the details in the returned packet, simple and very clever

It's clever, but not an entirely new idea. SYN-cookies use a similar approach, for example; and even REST web services employ the same general concept: make the peer keep your state for you.

0
0
Anonymous Coward

First customer will probably be spammers.

2
0
Bronze badge

And what would they do with the data? You could find all the SMTP servers, but you don't know what domains it serves or even if its just an exit server for someone's email system with the entrance being hosted by a third party.

You could do a reverse look-up on the IP address that respond, but you'll only end up with their external host-names so service providers' server wouldn't match what they host. The easier thing to do would be to just query DNS with a big list of domains and setting the type to MX.

0
0
Silver badge

NSA will be second

0
0
Silver badge

Yet another step to the P2P parallel Internet.

This will be a huge boon to the P2P parallel Internet.

Never heard of it? You can google it.

0
2

Yes we scan

sounds pretty good, I think every script kiddie should have this.

1
0
Anonymous Coward

...and yet it takes Win7 40 seconds to find the 15 computers on my LAN.

12
0

lucky man

I've never been able to make Win 7 autodiscovery work on my home LAN.

Maybe I should figure out why and market the problem as a scanner defense?

1
0
Bronze badge
FAIL

RE: and yet it takes Win7 40 seconds to find the 15 computers on my LAN.

Do you know why???

Because, between each scan, WindblowZE 7 must call home to the mother lode Borg Central to determine if you are using Genuine WindblowZE.

</sarcasm>

0
0

Couldn't one design software which found unpatched computers, and patched them?

Yeah, I realize this is a horrible, shame on me, privacy violation, don't hack my computer kind of thing, but fuck it, there's still XP machines which doesn't even have service pack 1 out there. A tool which automatically turned on updates on old forgotten junk would be a boon to humanity. It would be like forcing new age parents to vaccinate their kids.

4
2
g e
Silver badge

Yes but

ISPs could scan their clients quite economically and notify them / de-route them until patched.

3
1
Silver badge

Of more interest....

....there are still people out there hanging on to their XP machines for irrelevant or just plain silly reasons, such as preferring the colour of the start menu/not liking the search bar in the start menu - whatever. Non technical reasons, IE not something like having no choice but to run legacy software (can't upgrade versions to suit a new host OS etc).

August 2014, a hole is discovered in NT5/6 that allows an attacker to run a remote shell on a vulnerable platform that grants file system access - the ability to save files to that machine.

Vista, 7 and 8 get patched.

Xp does not.

Within the space of a few hours, hundreds of 'innocent' unpatched XP machines are hosting illegal materials (choose your own type), completely out in the open, and in a manner that effectively cannot be policed as 99.99% of the hosting the material will genuinely not have been aware of what as happened, never mind how to prevent against it. Within a day, it's hundreds of *thousands*. At this point, it *is* impossible to police.

How unrealistic am I being? I fear, not massively...

1
3
Facepalm

Re: Of more interest....

@Steven Raith

Why are we waiting until August 2014?

Did you miss the bit where 20% of the Internet is vulnerable to an exploit published in January.

Availability of patches only helps if you actually patch. The morons who think it's fine to have an Internet facing XP box late next year will be the same morons not bothering to patch it now.

3
1
Silver badge

Re: Of more interest....

I completely agree, but as of April, if something comes out that gets patched in newer OSs, it just won't be in XP, hence the use of next august as a worst case scenario for the situation.

I've been a bit 'meh' about patching my few remaining Windows instances (although I'm generally on top of my routers and internet facing appliances for obvious reasons). Um...not any more.

Steven R

1
0
Anonymous Coward

Re: Of more interest....

He's gone with August because beyond that point someone could discover an exploit that means windows XP machines pillage your home, rape your wife then explode and it won't be patched.

0
1

Re: Yes but

I think (before they got borged by plusnet or whoever it was) Metronet used to do this or something very similar...blackholed your connection so you could get to AV vendors & a few other sites and stopped you communicating with anything else...I think they also had network level content filtering (that you had to opt in to fwiw)...I guess their admins were just a few years ahead of their time.

0
0
Bronze badge

Re: Of more interest.... @ Steven Raith

In the UK, possession of child porn is a strict liability offence, so it doesn't matter if the host is genuinely unaware, they're still guilty.

1
1
Bronze badge
Childcatcher

Re: Of more interest.... @ Steven Raith

In the UK, possession of child porn is a strict liability offence, so it doesn't matter if the host is genuinely unaware, they're still guilty.

So it's the offense you can have someone else commit on your behalf, without their consent or knowledge? That's a pretty harsh penalty for cluelessness.

1
0
Silver badge
Happy

Re: Yes but

de-route them until patched

Dear user,

We have determined that your PC's patch status is: ERR-UNKNOWN-OS.

Please download the appropriate updates from NULL-RECORD-ENCOUNTERED.

Once you do so, we will reinstate your internet connection, for a modest fee.

Please e-mail us with any questions. Have a nice day!

2
0
Anonymous Coward

Re: Of more interest....

Woe is me, no edit function. *April*

0
0
Silver badge

A tool which automatically turned on updates on old forgotten junk

That Win98 PC isn't a forgotten old piece of junk. It's a vital piece of equipment handling a critical testing process. Getting the programming rewritten, and new hardware for it will cost millions of dollars. Oh, and did I mention it's running the pressure testing on the containment structure? So rebooting it at a random time could be exceedingly dangerous.

OK, so actually in the instance I'm thinking of you'd never get to patch it because it never touches the internet. But that doesn't stop the security gestapo from wanting to patch it.

0
0
Silver badge
Holmes

Re: Of more interest.... @ Steven Raith

@ DijitulSupport - glad to see you are on the same wavelength as me.

Plrndl - boom, headshot - exactly what I was inferring, and completes my point about the ability to enforce the laws we've written up around it.

If a not insignificant proportion of computer users suddenly find 'awful pictures' on their computers, how precisely are the police/CPS going to handle it? After all, we've had it beaten into us that ANYONE WHO LOOKS ASKANCE AT ANYTHING VAGUELY RESEMBLING A CHILD IN A SEXUAL MANNER IS TO BE BURNED AT THE STAKE WITHOUT TRIAL. I'm all for strong sentencing for CP offenses, but this just shows how useless a strict liability law can be. It's all very well when it's, perhaps, a few dozen people a year getting hacked and used a proxy for illegal materials - and having it discovered, go through the courts etc. But what happens when that number increases by several orders of magnitude, in the space of a few weeks?

What are they going to do? Put 10,000 pensioners (reasonably conservative potential number/likely victims due to knowing nowt about IT security/patching for the most part) on the sex offenders register?

This is a bigger problem than is being made out, I fear. And it's not like it's being made out to be a minor inconvenience.

This is a fucking game changer.

Excuse any odd typos - I've just eaten about a kilo of pork and I'm having the meat sweats. Yummy meat sweats.

Steven R

0
0
Bronze badge

Couldn't one design software which found unpatched computers, and patched them?

Proposed and debated years ago in various venues, such as BUGTRAQ. There are various failure modes which make this a very dubious proposition, even holding legality and ethics aside.

0
0
Gold badge
Thumb Up

1300x faster.

Someone's had their Weetabix today. *

* And it looks like they've really dug into both TCP/IP and Ethernet protocols.

That's some serious speedup.

1
0
Silver badge

Re: 1300x faster.

It certainly is, now if they could only incorporate it into an ftp server/client my movie transfers would be a lot quicker.

0
0
Facepalm

"But the researchers warn that Zmap also has serious implications for the security industry if malware propagators cotton on to the technique."

Let's hope no-one spreads any information about it then....oh.

1
1
Silver badge

And elsewhere on the Reg

Amazon disappears from teh web

0
0
This topic is closed for new posts.