March 19, 2013 at 19:07Full scan / 0
The site Internet Census 2012 internetcensus2012.bitbucket.org published the results of a scan of all existing IPv4 addresses. Scanning of this scale was possible due to a botnet of 420 thousand unprotected devices.
The author came up with the idea of such a scan two years ago when, using the Nmap Scripting Engine, he decided to try logging in to random IP addresses with standard login: password (root: root) pairs using telnet protocol, and a sufficient number of devices were found where authorization was successful. Then a worm was created that scanned a certain range of addresses and, upon detection of an unprotected device, copied itself there. A new copy began to scan its range, and so exponentially. Thus formed a fairly large distributed botnet called Carna.
For ten months of 2012, all IP addresses in the IPv4 address space were scanned, scanning was carried out using the following methods: sending service packets to all popular port numbers, ping, DNS reverse query, and SYN query.
The scan resulted in a database of 9 terabytes, after archiving, using ZPAQ, the volume became 568 gigabytes and all this is available for downloading here internetcensus2012.bitbucket.org/download.html
In total, the database contains:
-52 billion ICMP pings
-80 million TCP / IP fingerprints
-10.5 billion responses to a reverse DNS query
-180 billion scans for service ports
-68 million traceroute records
-2.8 billion responses to a SYN request for 660 million IP addresses and 71 billion tested ports
The author hopes that researchers can benefit from the data collected.
The author came up with the idea of such a scan two years ago when, using the Nmap Scripting Engine, he decided to try logging in to random IP addresses with standard login: password (root: root) pairs using telnet protocol, and a sufficient number of devices were found where authorization was successful. Then a worm was created that scanned a certain range of addresses and, upon detection of an unprotected device, copied itself there. A new copy began to scan its range, and so exponentially. Thus formed a fairly large distributed botnet called Carna.
For ten months of 2012, all IP addresses in the IPv4 address space were scanned, scanning was carried out using the following methods: sending service packets to all popular port numbers, ping, DNS reverse query, and SYN query.
The scan resulted in a database of 9 terabytes, after archiving, using ZPAQ, the volume became 568 gigabytes and all this is available for downloading here internetcensus2012.bitbucket.org/download.html
In total, the database contains:
-52 billion ICMP pings
-80 million TCP / IP fingerprints
-10.5 billion responses to a reverse DNS query
-180 billion scans for service ports
-68 million traceroute records
-2.8 billion responses to a SYN request for 660 million IP addresses and 71 billion tested ports
The author hopes that researchers can benefit from the data collected.