back to article New tool lets single server map entire internet in 45 minutes

Researchers at the University of Michigan have developed a new tool that allows a single server with a gigabit Ethernet port to scan the internet so quickly that it can map 98 per cent of the world's IPv4 connections in under 45 minutes. Mapping internet nodes is nothing new – companies and researchers have been doing it for …


This topic is closed for new posts.
  1. NoneSuch Silver badge

    Impressive Achievement


    1. Anonymous Coward
      Anonymous Coward

      Re: Impressive Achievement

      Impressive indeed. Good job ipv6 is on the way. For the same trick there I estimate it would take a little over 6,000 years to complete the scan. Having said that I bet you can't achieve the same optimisations with ipv6: addresses are longer so packet size limitations kick in earlier. Call it 9,000 years ... ish. I'll be dead and gone to a better place before that becomes a problem I need to worry about :-)

  2. Joe Montana

    For years...

    NMap has always been a slow tool, and faster tools have existed for years... Google for `synscan', a stateless tcp port scanning tool... It just fires out packets and a second process waits for any responses that might be received.

    1. Anonymous Coward
      Anonymous Coward

      Re: For years...

      Didn't you mean "scanrand" ?

      "Synscan" is an astronomy program for aligning telescopes.

  3. Khaptain Silver badge

    Devastation United

    There is absolutey no doubt that a dark version of this tool will spring up as fast as an Interweb-Zuck-Meme.........

    The daring virus, malware, spammer etc won't have to wait hours or days for meaningfull results, instead they will only be waiting minutes..... I hear a distant bell ringing "Moore's Law" doesn't only apply to IC, it also appears to apply to many different technologies/ideas.

    Encoding the details in the returned packet, simple and very clever...... Kudos to the researchers.

    1. Michael Wojcik Silver badge

      Re: Devastation United

      Encoding the details in the returned packet, simple and very clever

      It's clever, but not an entirely new idea. SYN-cookies use a similar approach, for example; and even REST web services employ the same general concept: make the peer keep your state for you.

  4. Anonymous Coward
    Anonymous Coward

    First customer will probably be spammers.

    1. Crazy Operations Guy

      And what would they do with the data? You could find all the SMTP servers, but you don't know what domains it serves or even if its just an exit server for someone's email system with the entrance being hosted by a third party.

      You could do a reverse look-up on the IP address that respond, but you'll only end up with their external host-names so service providers' server wouldn't match what they host. The easier thing to do would be to just query DNS with a big list of domains and setting the type to MX.

    2. Version 1.0 Silver badge

      NSA will be second

  5. ecofeco Silver badge

    Yet another step to the P2P parallel Internet.

    This will be a huge boon to the P2P parallel Internet.

    Never heard of it? You can google it.

  6. The Alpha Klutz

    Yes we scan

    sounds pretty good, I think every script kiddie should have this.

  7. Anonymous Coward
    Anonymous Coward

    ...and yet it takes Win7 40 seconds to find the 15 computers on my LAN.

    1. Len Goddard

      lucky man

      I've never been able to make Win 7 autodiscovery work on my home LAN.

      Maybe I should figure out why and market the problem as a scanner defense?

    2. Fatman

      RE: and yet it takes Win7 40 seconds to find the 15 computers on my LAN.

      Do you know why???

      Because, between each scan, WindblowZE 7 must call home to the mother lode Borg Central to determine if you are using Genuine WindblowZE.


  8. Vociferous

    Couldn't one design software which found unpatched computers, and patched them?

    Yeah, I realize this is a horrible, shame on me, privacy violation, don't hack my computer kind of thing, but fuck it, there's still XP machines which doesn't even have service pack 1 out there. A tool which automatically turned on updates on old forgotten junk would be a boon to humanity. It would be like forcing new age parents to vaccinate their kids.

    1. g e

      Yes but

      ISPs could scan their clients quite economically and notify them / de-route them until patched.

      1. OllyL

        Re: Yes but

        I think (before they got borged by plusnet or whoever it was) Metronet used to do this or something very similar...blackholed your connection so you could get to AV vendors & a few other sites and stopped you communicating with anything else...I think they also had network level content filtering (that you had to opt in to fwiw)...I guess their admins were just a few years ahead of their time.

      2. Steve Knox

        Re: Yes but

        de-route them until patched

        Dear user,

        We have determined that your PC's patch status is: ERR-UNKNOWN-OS.

        Please download the appropriate updates from NULL-RECORD-ENCOUNTERED.

        Once you do so, we will reinstate your internet connection, for a modest fee.

        Please e-mail us with any questions. Have a nice day!

    2. Steven Raith

      Of more interest....

      ....there are still people out there hanging on to their XP machines for irrelevant or just plain silly reasons, such as preferring the colour of the start menu/not liking the search bar in the start menu - whatever. Non technical reasons, IE not something like having no choice but to run legacy software (can't upgrade versions to suit a new host OS etc).

      August 2014, a hole is discovered in NT5/6 that allows an attacker to run a remote shell on a vulnerable platform that grants file system access - the ability to save files to that machine.

      Vista, 7 and 8 get patched.

      Xp does not.

      Within the space of a few hours, hundreds of 'innocent' unpatched XP machines are hosting illegal materials (choose your own type), completely out in the open, and in a manner that effectively cannot be policed as 99.99% of the hosting the material will genuinely not have been aware of what as happened, never mind how to prevent against it. Within a day, it's hundreds of *thousands*. At this point, it *is* impossible to police.

      How unrealistic am I being? I fear, not massively...

      1. Justicesays

        Re: Of more interest....

        @Steven Raith

        Why are we waiting until August 2014?

        Did you miss the bit where 20% of the Internet is vulnerable to an exploit published in January.

        Availability of patches only helps if you actually patch. The morons who think it's fine to have an Internet facing XP box late next year will be the same morons not bothering to patch it now.

        1. Steven Raith

          Re: Of more interest....

          I completely agree, but as of April, if something comes out that gets patched in newer OSs, it just won't be in XP, hence the use of next august as a worst case scenario for the situation.

          I've been a bit 'meh' about patching my few remaining Windows instances (although I'm generally on top of my routers and internet facing appliances for obvious reasons). Um...not any more.

          Steven R

        2. Anonymous Coward
          Anonymous Coward

          Re: Of more interest....

          He's gone with August because beyond that point someone could discover an exploit that means windows XP machines pillage your home, rape your wife then explode and it won't be patched.

          1. Anonymous Coward
            Anonymous Coward

            Re: Of more interest....

            Woe is me, no edit function. *April*

      2. plrndl

        Re: Of more interest.... @ Steven Raith

        In the UK, possession of child porn is a strict liability offence, so it doesn't matter if the host is genuinely unaware, they're still guilty.

        1. Robert Helpmann??

          Re: Of more interest.... @ Steven Raith

          In the UK, possession of child porn is a strict liability offence, so it doesn't matter if the host is genuinely unaware, they're still guilty.

          So it's the offense you can have someone else commit on your behalf, without their consent or knowledge? That's a pretty harsh penalty for cluelessness.

        2. Steven Raith

          Re: Of more interest.... @ Steven Raith

          @ DijitulSupport - glad to see you are on the same wavelength as me.

          Plrndl - boom, headshot - exactly what I was inferring, and completes my point about the ability to enforce the laws we've written up around it.

          If a not insignificant proportion of computer users suddenly find 'awful pictures' on their computers, how precisely are the police/CPS going to handle it? After all, we've had it beaten into us that ANYONE WHO LOOKS ASKANCE AT ANYTHING VAGUELY RESEMBLING A CHILD IN A SEXUAL MANNER IS TO BE BURNED AT THE STAKE WITHOUT TRIAL. I'm all for strong sentencing for CP offenses, but this just shows how useless a strict liability law can be. It's all very well when it's, perhaps, a few dozen people a year getting hacked and used a proxy for illegal materials - and having it discovered, go through the courts etc. But what happens when that number increases by several orders of magnitude, in the space of a few weeks?

          What are they going to do? Put 10,000 pensioners (reasonably conservative potential number/likely victims due to knowing nowt about IT security/patching for the most part) on the sex offenders register?

          This is a bigger problem than is being made out, I fear. And it's not like it's being made out to be a minor inconvenience.

          This is a fucking game changer.

          Excuse any odd typos - I've just eaten about a kilo of pork and I'm having the meat sweats. Yummy meat sweats.

          Steven R

    3. Tom 13

      A tool which automatically turned on updates on old forgotten junk

      That Win98 PC isn't a forgotten old piece of junk. It's a vital piece of equipment handling a critical testing process. Getting the programming rewritten, and new hardware for it will cost millions of dollars. Oh, and did I mention it's running the pressure testing on the containment structure? So rebooting it at a random time could be exceedingly dangerous.

      OK, so actually in the instance I'm thinking of you'd never get to patch it because it never touches the internet. But that doesn't stop the security gestapo from wanting to patch it.

    4. Michael Wojcik Silver badge

      Couldn't one design software which found unpatched computers, and patched them?

      Proposed and debated years ago in various venues, such as BUGTRAQ. There are various failure modes which make this a very dubious proposition, even holding legality and ethics aside.

  9. John Smith 19 Gold badge
    Thumb Up

    1300x faster.

    Someone's had their Weetabix today. *

    * And it looks like they've really dug into both TCP/IP and Ethernet protocols.

    That's some serious speedup.

    1. Sir Runcible Spoon

      Re: 1300x faster.

      It certainly is, now if they could only incorporate it into an ftp server/client my movie transfers would be a lot quicker.

  10. Norman Hartnell

    "But the researchers warn that Zmap also has serious implications for the security industry if malware propagators cotton on to the technique."

    Let's hope no-one spreads any information about it then....oh.

  11. Tom 7

    And elsewhere on the Reg

    Amazon disappears from teh web

This topic is closed for new posts.

Other stories you might like