Full scan / 0

    The site Internet Census 2012 internetcensus2012.bitbucket.org published the results of a scan of all existing IPv4 addresses. Scanning of this scale was possible due to a botnet of 420 thousand unprotected devices.

    The author came up with the idea of ​​such a scan two years ago when, using the Nmap Scripting Engine, he decided to try logging in to random IP addresses with standard login: password (root: root) pairs using telnet protocol, and a sufficient number of devices were found where authorization was successful. Then a worm was created that scanned a certain range of addresses and, upon detection of an unprotected device, copied itself there. A new copy began to scan its range, and so exponentially. Thus formed a fairly large distributed botnet called Carna.

    For ten months of 2012, all IP addresses in the IPv4 address space were scanned, scanning was carried out using the following methods: sending service packets to all popular port numbers, ping, DNS reverse query, and SYN query.

    The scan resulted in a database of 9 terabytes, after archiving, using ZPAQ, the volume became 568 gigabytes and all this is available for downloading here internetcensus2012.bitbucket.org/download.html

    In total, the database contains:

    -52 billion ICMP pings
    -80 million TCP / IP fingerprints
    -10.5 billion responses to a reverse DNS query
    -180 billion scans for service ports
    -68 million traceroute records
    -2.8 billion responses to a SYN request for 660 million IP addresses and 71 billion tested ports

    The author hopes that researchers can benefit from the data collected.

    Also popular now: