Forgot your password?
typodupeerror
The Internet Security

Researchers Release Tool That Can Scan the Entire Internet In Under an Hour 97

Posted by samzenpus
from the scan-me dept.
dstates writes "A team of researchers at the University of Michigan has released Zmap, a tool that allows an ordinary server to scan every address on the Internet in just 45 minutes. This is a task that used to take months, but now is accessible to anyone with a fast internet connection. In their announcement Friday , at the Usenix security conference in Washington they provide interesting examples tracking HTTPS deployment over time, the effects of Hurricane Sandy on Internet infrastructure, but also rapid identification of vulnerable hosts for security exploits. A Washington Post Blog discussing the work shows examples of the rate with which of computers on the Internet have been patched to fix Universal Plug and Play, 'Debian weak key' and 'factorable RSA keys' vulnerabilities. Unfortunately, in each case it takes years to deploy patches and in the case of UPnP devices, they found 2.56 million (16.7 percent) devices on the Internet had not yet upgraded years after the vulnerability had been described."
This discussion has been archived. No new comments can be posted.

Researchers Release Tool That Can Scan the Entire Internet In Under an Hour

Comments Filter:
  • Re:doesn't add up (Score:5, Informative)

    by Anonymous Coward on Monday August 19, 2013 @09:45AM (#44606759)

    TFS should have just quoted the entire sentence then; from TFA: "Out of 15.7 UPnP devices, they found 2.56 million (16.7 percent) had not yet upgraded."

  • by mysticalreaper (93971) on Monday August 19, 2013 @09:46AM (#44606761)

    Sure, scanning 4 billion addresses in a hour sounds like a lot of data, but conceivable with today's high-speed computers and tech.

    But 3.4 x 10^29 billion addresses, as contained in IPv6? Not the same feasibility at all.

  • by Dagger2 (1177377) on Monday August 19, 2013 @09:59AM (#44606893)
    http://loopsofzen.co.uk/ [loopsofzen.co.uk]
  • by Anonymous Coward on Monday August 19, 2013 @10:51AM (#44607447)

    Please look into "scanrand" software. I used it with nmap combination to scan entire Internet range for under few hours, about 7 YEARS ago.

      The Paketto Keiretsu is a collection of tools that use new and unusual
        strategies for manipulating TCP/IP networks. scanrand is said to be
        faster than nmap and more useful in some scenarios.
        .
        This package includes:
            * scanrand, a very fast port, host, and network trace scanner
            * minewt, a user space NAT/MAT (MAC Address Translation) gateway
            * linkcat(lc), that provides direct access to the network (Level 2)
            * paratrace, a "traceroute"-like tool using existing TCP connections
            * phentropy, that plots a large data source onto a 3D matrix

  • by Bacon Bits (926911) on Monday August 19, 2013 @11:36AM (#44607903)

    I don't think ports are a limitation. As is common with IPv6, I don't think people appreciate the difference in scale.

    The header alone for IPv6 is 40 bytes. IPv6 is 2^128 addresses. 40 * 2^128 / 2^80 = 40 * 2^48 = 11,258,999,068,426,240 YiB (Yobibytes). Just for header data. Even if you use some kind of magic multicasting magic to send the packets, you've still got to get that much header data back. At a transfer speed of 1 Yibps (yebibit per second), it would take 2.8 billion years to transfer all those packets. Then you have to store that data. Just storing every possible IPv6 address as a 128 bit number would take at least 4,503,599,627,370,496 YiB.

    Nobody has pipes that fat. Nobody has disks that big.

    Compare that to IPv4:
    The header is 20-24 bytes. IPv4 is 2^32 addresses. 20 * 2^32 / 2^30 = 80 GiB. That's a completely reasonable amount of data to push in 45 minutes or to store on disk.

  • by kermidge (2221646) on Monday August 19, 2013 @08:54PM (#44613421) Journal

    re scanrand
    http://www.vulnerabilityassessment.co.uk/scanrand.htm [vulnerabil...ment.co.uk] good article, didn't see a date, discuss installation and necessary changes for Fedora Core 1.

    dan kaminsky's site for paketto, which includes scanrand; version 1.1 from 2002 has some tools which look interesting
    http://dankaminsky.com/?s=paketto [dankaminsky.com]

Going the speed of light is bad for your age.

Working...