Researchers Release Tool That Can Scan the Entire Internet In Under an Hour

[Vitalius]

Story at /.
 

dstates writes

"A team of researchers at the University of Michigan has released Zmap, a tool that allows an ordinary server to scan every address on the Internet in just 45 minutes. This is a task that used to take months, but now is accessible to anyone with a fast internet connection. In their announcement Friday , at the Usenix security conference in Washington they provide interesting examples tracking HTTPS deployment over time, the effects of Hurricane Sandy on Internet infrastructure, but also rapid identification of vulnerable hosts for security exploits. A Washington Post Blog discussing the work shows examples of the rate with which of computers on the Internet have been patched to fix Universal Plug and Play, 'Debian weak key' and 'factorable RSA keys' vulnerabilities. Unfortunately, in each case it takes years to deploy patches and in the case of UPnP devices, they found 2.56 million (16.7 percent) devices on the Internet had not yet upgraded years after the vulnerability had been described."

Dat title. So misleading and yet true.

Although I do not like what this implies that the NSA could possibly do (with their surveillance and such), it does give great power to the average person. Perhaps... too much power.

[legopc]

cool :D 

[YellowDragon]

I call utter bullshit, anyone that has take a class in Algorithm efficiency and computer logic would realize that those claims are a joke. That would be like running supercomputer protien folding on a cell phone, to parse that much information you need some serious hardware. look at how big google is and they run a search engine that comprises most of the surface net, they have massive datacenters and servers to make sure it all works and you have this tiny university coming along and saying it can keep an index of everything ever connected to the net on a single server. Yeh excuse me while I go laugh at them.

 

No form of sorting is efficient enough, quicksort would still be too slow. Watch I bet you any money they will say they used bubble sort and that it is surprisingly efficient ( for you programmers out there you should get this joke) 

[Vitalius]

I call utter bullshit, anyone that has take a class in Algorithm efficiency and computer logic would realize that those claims are a joke. That would be like running supercomputer protien folding on a cell phone, to parse that much information you need some serious hardware. look at how big google is and they run a search engine that comprises most of the surface net, they have massive datacenters and servers to make sure it all works and you have this tiny university coming along and saying it can keep an index of everything ever connected to the net on a single server. Yeh excuse me while I go laugh at them.

 

No form of sorting is efficient enough, quicksort would still be too slow. Watch I bet you any money they will say they used bubble sort and that it is surprisingly efficient ( for you programmers out there you should get this joke) 

From their site:

"ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet.

ZMap can be used to study protocol adoption over time, monitor service availability, and help us better understand large systems distributed across the Internet."

So yeah. They are only scanning the IP addresses from what I understand. Not the file systems that connect to those (like the actual computers), but only the traffic and protocols regarding the connection.

In other words, it is not exactly a lot of information imo, as compared to the storage on all the computers connected to said IP addresses. If it approaches the theoretical limit of gigabit Ethernet, it is about 100MB/s+ meaning someone needs Google Fiber to utilize it (but if it's servers, they should have enough bandwidth). 

At 100MB/s for 45 minutes, that is is 45 * 60 * 100 = 270,000MB or 270GB of information. 

Just my thoughts.

[Guest]

its imposibruuuu to do such things in that ammount of time

its all bs that came out becasuse of  the nsa leaks and shit

[qwertywarrior]

what no windows version ......

[criso8]

That is a very bold claim. Not sure how true it actually is. Think about the amount of data that would have to sift through.

[Vitalius]

That is a very bold claim. Not sure how true it actually is. Think about the amount of data that would have to sift through.

Again, as I have said, they are basically saying they can scan every IPv4 address and check the traffic of that address along with UPnP stuff regarding it. But that is it.

They do not scan the actual "internet". They do not scan the pages of the websites, nor the computers connected to the addresses. They only look at the addresses, the firmware/vulnerabilities of said addresses, and the traffic regarding said addresses.

At least that is all they mention that they see with the Zmap program. 270GB for all that seems about right imo. Maybe a little on the light side but eh. 

[Katness Everdeen]

No-one should have this much power, kill it now ! kill it with fire !

[Beskamir]

Story at /.

 

Dat title. So misleading and yet true.

Although I do not like what this implies that the NSA could possibly do (with their surveillance and such), it does give great power to the average person. Perhaps... too much power.

Wow that sounds so impossible and almost reminds me of the guy that wanted to print the entire internet. Also it's better for the average person to have that kind of power instead of it just being restricted to organizations like the NSA. Ultimatly nobody should have the ablitiy to surveillance someone else; however since I doubt that we can get away from that at this point in time, it is the lesser of the two evils to have everyone have access to that kind of power instead of just one group of people. (also if everyone had this access I think people would want to get rid of it quicker so win-win :D