short-paper

Ten Years of ZMap

Authors:

Zakir Durumeric,

Phillip Stephens,

J. Alex HaldermanAuthors Info & Claims

IMC '24: Proceedings of the 2024 ACM on Internet Measurement Conference

Pages 139 - 148

https://doi.org/10.1145/3646547.3689012

Published: 04 November 2024 Publication History

Abstract

Since ZMap's debut in 2013, networking and security researchers have used the open-source scanner to write hundreds of research papers that study Internet behavior. In addition, ZMap has been adopted by the security industry to build new classes of enterprise security and compliance products. Over the past decade, much of ZMap's behavior---ranging from its pseudorandom IP generation to its packet construction---has evolved as we have learned more about how to scan the Internet. In this work, we quantify ZMap's adoption over the ten years since its release, describe its modern behavior (and the measurements that motivated changes), and offer lessons from releasing and maintaining ZMap for future tools.

References

[1]

The rule of 2, 2024. https://chromium.googlesource.com/chromium/src// master/docs/security/rule-of-2.md.

[2]

Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J. A., Heninger, N., Springall, D., Thomé, E., Valenta, L., et al. Imperfect forward secrecy: How Diffie-Hellman fails in practice. In ACM Conference on Computer and Communications Security (2015).

Digital Library

[3]

Adrian, D., and Durumeric, Z. https://github.com/zmap/zgrab2.

[4]

Adrian, D., Durumeric, Z., Singh, G., and Halderman, J. A. Zippier ZMap: Internet-wide scanning at 10 Gbps. In USENIX Workshop on Offensive Technologies (2014).

[5]

Alaraj, A., Bock, K., Levin, D., and Wustrow, E. A global measurement of routing loops on the Internet. In International Conference on Passive and Active Network Measurement (2023).

Digital Library

[6]

Albakour, T., Gasser, O., Beverly, R., and Smaragdakis, G. Third time's not a charm: exploiting SNMPv3 for router fingerprinting. In ACM Internet Measurement Conference (2021).

Digital Library

[7]

Albakour, T., Gasser, O., and Smaragdakis, G. Pushing alias resolution to the limit. In ACM Internet Measurement Conference (2023).

Digital Library

[8]

Alt, L., Beverly, R., and Dainotti, A. Uncovering network tarpits with degreaser. In 30th Annual Computer Security Applications Conference (2014).

Digital Library

[9]

Anand, A., Kallitsis, M., Sippe, J., and Dainotti, A. Aggressive Internet-wide scanners: Network impact and longitudinal characterization. In Conference on emerging Networking EXperiments and Technologies (2023).

Digital Library

[10]

Anderson, S., Bell, T., Egan, P., Weinshenker, N., and Barford, P. Powerping: Measuring the impact of power outages on Internet hosts in the U.S. International Conference on Critical Infrastructure Protection.

[11]

Anonymous. Can't stop the scan: An empirical study on opting out of internetwide scanning. https://csl.nict.go.jp/pdf/paper_draft.pdf.

[12]

Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Kumar, D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., and Zhou, Y. Understanding the Mirai botnet. In USENIX Security Symposium (2017).

Digital Library

[13]

Arise, H. Clogging, saturating and DoSing Russia's Internet with ZMap. https://www.hackers-arise.com/post/clogging-and-dosing-russia-sinternet- with-zmap.

[14]

Aviram, N., Schinzel, S., Somorovsky, J., Heninger, N., Dankel, M., Steube, J., Valenta, L., Adrian, D., Halderman, J. A., Dukhovni, V., Käsper, E., Cohney, S., Engels, S., Paar, C., and Shavitt, Y. DROWN: Breaking TLS with SSLv2. In USENIX Security Symposium (Aug. 2016).

[15]

Bano, S., Richter, P., Javed, M., Sundaresan, S., Durumeric, Z., Murdoch, S. J., Mortier, R., and Paxson, V. Scanning the Internet for liveness. ACM SIGCOMM Computer Communication Review (2018).

[16]

Baskins, D. The Judy array implementation, 2000.

[17]

Bayat, N., Mahajan, K., Denton, S., Misra, V., and Rubenstein, D. Down for failure: Active power status monitoring. Future Generation Computer Systems (2021).

[18]

Beurdouche, B., Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., and Zinzindohoue, J. K. A messy state of the union: Taming the composite state machines of TLS.

[19]

Bieri, L. Fixed missing null termination. https://github.com/zmap/zmap/pull/ 118.

[20]

Bock, K., Alaraj, A., Fax, Y., Hurley, K., Wustrow, E., and Levin, D. Weaponizing middleboxes for TCP reflected amplification. In USENIX Security Symposium (2021).

[21]

Bonkoski, A., Bielawski, R., and Halderman, J. A. Illuminating the security issues surrounding Lights-Out server management. In USENIX Workshop on Offensive Technologies (2013).

[22]

Bos, J. W., Halderman, J. A., Heninger, N., Moore, J., Naehrig, M., and Wustrow, E. Elliptic curve cryptography in practice. In Financial Cryptography and Data Security (2014).

[23]

Braun, V., and Clarke, V. Thematic analysis. American Psychological Association, 2012.

[24]

Brinkmann, M., Dresen, C., Merget, R., Poddebniak, D., Müller, J., Somorovsky, J., Schwenk, J., and Schinzel, S. ALPACA: Application layer protocol confusion-analyzing and mitigating cracks in TLS authentication. In USENIX Security Symposium (2021).

[25]

Brubaker, C., Jana, S., Ray, B., Khurshid, S., and Shmatikov, V. Using frankencerts for automated adversarial testing of certificate validation in SSL/TLS implementations. In IEEE Symposium on Security and Privacy (2014).

Digital Library

[26]

Bushart, J., and Rossow, C. DNS unchained: Amplified application-layer DoS attacks against DNS authoritatives. In Research in Attacks, Intrusions, and Defenses (RAID) (2018).

[27]

Chung, T., Liu, Y., Choffnes, D., Levin, D., Maggs, B. M., Mislove, A., and Wilson, C. Measuring and applying invalid SSL certificates: The silent majority. In ACM Internet Measurement Conference (2016).

Digital Library

[28]

Claffy, K., and Clark, D. The 11thWorkshop on Active Internet Measurements (AIMS-11) workshop report. ACM SIGCOMM Computer Communication Review (2019).

[29]

Costin, A., Zaddach, J., Francillon, A., and Balzarotti, D. A Large-scale analysis of the security of embedded firmwares. In USENIX Security Symposium (2014).

Digital Library

[30]

Dahlmanns, M., Lohmöller, J., Fink, I. B., Pennekamp, J., Wehrle, K., and Henze, M. Easing the conscience with OPC UA: An Internet-wide study on insecure deployments. In ACM Internet Measurement Conference (2020).

Digital Library

[31]

Dahlmanns, M., Lohmöller, J., Pennekamp, J., Bodenhausen, J., Wehrle, K., and Henze, M. Missed opportunities: measuring the untapped TLS support in the industrial Internet of things. In ACM Asia Conference on Computer and Communications Security (2022).

Digital Library

[32]

Durumeric, Z. Fix use-after-free's in ipip probe module. https://github.com/ zmap/zmap/pull/815.

[33]

Durumeric, Z., and Adrian, D. Zschema. https://github.com/zmap/zschema.

[34]

Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., and Halderman, J. A. A search engine backed by Internet-wide scanning. In ACM Conference on Computer and Communications Security (2015).

Digital Library

[35]

Durumeric, Z., Adrian, D., Mirian, A., Kasten, J., Bursztein, E., Lidzborski, N., Thomas, K., Eranti, V., Bailey, M., and Halderman, J. A. Neither snow nor rain nor MITM. . an empirical analysis of email delivery security. In ACM Internet Measurement Conference (2015).

[36]

Durumeric, Z., Bailey, M., and Halderman, J. A. An Internet-wide view of Internet-wide scanning. In USENIX Security Symposium (2014).

Digital Library

[37]

Durumeric, Z., Kasten, J., Bailey, M., and Halderman, J. A. Analysis of the HTTPS certificate ecosystem. In ACM Internet Measurement Conference (2013).

Digital Library

[38]

Durumeric, Z., Li, F., Kasten, J., Amann, J., Beekman, J., Payer, M., Weaver, N., Adrian, D., Paxson, V., Bailey, M., and Halderman, J. A. The matter of Heartbleed. In ACM Internet Measurement Conference (2014).

Digital Library

[39]

Durumeric, Z.,Wustrow, E., and Halderman, J. A. ZMap: Fast Internet-wide scanning and its security applications. In USENIX Security Symposium (2013).

Digital Library

[40]

Fiebig, T., Feldmann, A., and Petschick, M. A one-year perspective on exposed in-memory key-value stores. In ACM Workshop on Automated Decision Making for Active Cyber Defense (2016).

Digital Library

[41]

Franzen, F., Steger, L., Zirngibl, J., and Sattler, P. Looking for honey once again: Detecting RDP and SMB honeypots on the Internet. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (2022).

[42]

Frolov, S., Wampler, J., and Wustrow, E. Detecting probe-resistant proxies. In Network and Distributed System Security Symposium (2020).

[43]

Gasser, O., Scheitle, Q., Gebhard, S., and Carle, G. Scanning the IPv6 Internet: Towards a comprehensive hitlist. arXiv preprint arXiv:1607.05179 (2016).

[44]

Gaynor, A. What science can tell us about C and C's security, 2020. https: //alexgaynor.net/2020/may/27/science-on-memory-unsafety-and-security/.

[45]

Giotsas, V., Smaragdakis, G., Dietzel, C., Richter, P., Feldmann, A., and Berger, A. Inferring BGP blackholing activity in the Internet. In ACMConference on Computer and Communications Security (2017).

Digital Library

[46]

Giotsas, V., Smaragdakis, G., Huffaker, B., Luckie, M., and Claffy, K. Mapping peering interconnections to a facility. In 11th ACM Conference on Emerging Networking Experiments and Technologies (2015).

Digital Library

[47]

Goldblatt, D., Vuong, C., and Rabinovich, M. On blowback traffic on the Internet. arXiv preprint arXiv:2305.04434 (2023).

[48]

Graham, R. D. Masscan: Mass IP port scanner. URL: https://github. com/robertdavidgraham/masscan (2014).

[49]

Griffioen, H., Koursiounis, G., Smaragdakis, G., and Doerr, C. Have you SYN me? characterizing ten years of Internet scanning. In ACM Internet Measurement Conference (2024).

Digital Library

[50]

Guo, H., and Heidemann, J. Detecting ICMP rate limiting in the Internet. In Passive and Active Measurement (2018).

[51]

Guo, R., Chen, J., Liu, B., Zhang, J., Zhang, C., Duan, H., Wan, T., Jiang, J., Hao, S., and Jia, Y. Abusing CDNs for fun and profit: Security issues in cdns' origin validation. In IEEE Symposium on Reliable Distributed Systems (2018).

[52]

Hastings, M., Fried, J., and Heninger, N. Weak keys remain widespread in network devices. In ACM Internet Measurement Conference (2016).

Digital Library

[53]

Heninger, N., Durumeric, Z., Wustrow, E., and Halderman, J. A. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In USENIX Security Symposium (2012).

Digital Library

[54]

Hiesgen, R., Nawrocki, M., King, A., Dainotti, A., Schmidt, T. C., and Wählisch, M. Spoki: Unveiling a new wave of scanners through a reactive network telescope. In USENIX Security Symposium (2022).

[55]

Hilts, A., and Parsons, C. Half baked: The opportunity to secure cookie-based identifiers from passive surveillance. In 5th USENIX Workshop on Free and Open Communications on the Internet (2015).

[56]

Hlavacek, T., Cunha, I., Gilad, Y., Herzberg, A., Katz-Bassett, E., Schapira, M., and Shulman, H. Disco: Sidestepping rpki's deployment barriers. In Network and Distributed System Security Symposium (2020).

[57]

Holz, R., Amann, J., Mehani, O.,Wachs, M., and Kaafar, M. A. TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication. arXiv preprint arXiv:1511.00341 (2015).

[58]

Hsu, A., Li, F., Pearce, P., and Gasser, O. A first look at NAT64 deployment in-the-wild. In Conference on Passive and Active Network Measurement (2024).

Digital Library

[59]

Izhikevich, L., Akiwate, G., Berger, B., Drakontaidis, S., Ascheman, A., Pearce, P., Adrian, D., and Durumeric, Z. ZDNS: a fast DNS toolkit for Internet measurement. In ACM Internet Measurement Conference (2022).

Digital Library

[60]

Izhikevich, L., Teixeira, R., and Durumeric, Z. LZR: Identifying unexpected Internet services. In USENIX Security Symposium (2021).

[61]

Izhikevich, L., Teixeira, R., and Durumeric, Z. Predicting IPv4 services across all ports. In ACM SIGCOMM Conference (2022).

Digital Library

[62]

Izhikevich, L., Tran, M., Izhikevich, K., Akiwate, G., and Durumeric, Z. Democratizing leo satellite network measurement. ACM SIGMETRICS (2024).

[63]

Izhikevich, L., Tran, M., Kallitsis, M., Fass, A., and Durumeric, Z. Cloud watching: Understanding attacks against cloud-hosted services. In ACM Internet Measurement Conference (2023).

Digital Library

[64]

Janovsky, A., Nemec, M., Svenda, P., Sekan, P., and Matyas, V. Biased rsa private keys: Origin attribution of gcd-factorable keys. In 25th European Symposium on Research in Computer Security (2020).

Digital Library

[65]

Kaminsky, D. Paketto simplified. https://dankaminsky.com/2002/11/18/77/.

[66]

Kim, S. K., Ma, Z., Murali, S., Mason, J., Miller, A., and Bailey, M. Measuring ethereum network peers. In ACM Internet Measurement Conference (2018).

Digital Library

[67]

Kosek, M., Schumann, L., Marx, R., Doan, T. V., and Bajpai, V. Dns privacy with speed? evaluating dns over quic and its impact on web performance. In ACM Internet Measurement Conference (2022).

Digital Library

[68]

Kranch, M., and Bonneau, J. Upgrading https in mid-air. In Network and Distributed System Security Symposium (2015).

[69]

Lee, R. E., and Louis, J. C. Introducing unicornscan. https://defcon.org/images/ defcon-13/dc13-presentations/DC_13-Lee.pdf.

[70]

Lee, Y., and Spring, N. Identifying and aggregating homogeneous ipv4/24 blocks with hobbit. In ACM Internet Measurement Conference (2016).

Digital Library

[71]

Leonard, D., and Loguinov, D. Demystifying service discovery: implementing an Internet-wide scanner. In ACM Internet Measurement Conference (2010).

Digital Library

[72]

Li, F., Durumeric, Z., Czyz, J., Karami, M., Bailey, M., McCoy, D., Savage, S., and Paxson, V. You've got vulnerability: Exploring effective vulnerability notifications. In USENIX Security Symposium (Aug. 2016).

[73]

Li, X., Liu, B., Zheng, X., Duan, H., Li, Q., and Huang, Y. Fast IPv6 network periphery discovery and security implications. In IEEE/IFIP International Conference on Dependable Systems and Networks (2021).

[74]

Lichtblau, F., Streibelt, F., Krüger, T., Richter, P., and Feldmann, A. Detection, classification, and analysis of inter-domain traffic with spoofed source IP addresses. In ACM Internet Measurement Conference (2017).

Digital Library

[75]

Liu, D., Hao, S., and Wang, H. All your dns records point to us: Understanding the security threats of dangling dns records. In ACM Conference on Computer and Communications Security (2016).

Digital Library

[76]

Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M., and Liu, M. Cloudy with a chance of breach: Forecasting cyber security incidents. In USENIX Security Symposium (2015).

Digital Library

[77]

Liu, Y., Tome, W., Zhang, L., Choffnes, D., Levin, D., Maggs, B., Mislove, A., Schulman, A., and Wilson, C. An end-to-end measurement of certificate revocation in the web's pki. In ACM Internet Measurement Conference (2015).

Digital Library

[78]

Liu, Y., Zhang, J., Sarabi, A., Liu, M., Karir, M., and Bailey, M. Predicting cyber security incidents using feature-based characterization of network-level malicious activities. In ACM International Workshop on Security and Privacy Analytics (2015).

Digital Library

[79]

Lu, C., Liu, B., Li, Z., Hao, S., Duan, H., Zhang, M., Leng, C., Liu, Y., Zhang, Z., andWu, J. An end-to-end, large-scale measurement of dns-over-encryption: How far have we come? In ACM Internet Measurement Conference (2019).

Digital Library

[80]

Luo, Y., Li, C., Wang, Z., and Yang, J. IPREDS: efficient prediction system for Internet-wide port and service scanning. Proceedings of the ACM on Networking, CoNEXT1.

[81]

Malhotra, A., Cohen, I. E., Brakke, E., and Goldberg, S. Attacking the network time protocol. Cryptology ePrint Archive (2015).

[82]

Mangino, A., Pour, M. S., and Bou-Harb, E. Internet-scale insecurity of consumer Internet of things: An empirical measurements perspective. ACM Transactions on Management Information Systems (TMIS) (2020).

Digital Library

[83]

Marczak, B., Scott-Railton, J., Senft, A., Poetranto, I., and McKune, S. Pay no attention to the server behind the proxy: Mapping finfisher's continuing proliferation. Tech. rep., 2015.

[84]

Marczak,W. R., Scott-Railton, J., Marqis-Boire, M., and Paxson, V. When governments hack opponents: A look at actors and technology. In USENIX Security Symposium (2014).

[85]

Maroofi, S., Korczy'ski, M., Hölzel, A., and Duda, A. Adoption of email anti-spoofing schemes: a large scale analysis. IEEE Transactions on Network and Service Management (2021).

[86]

Mazel, J., and Strullu, R. Identifying and characterizing zmap scans: a cryptanalytic approach. arXiv preprint arXiv:1908.04193 (2019).

[87]

McIlroy, M., Pinson, E., and Tague, B. Unix time-sharing system: Forward. The Bell system technical journal 57, 6 (1978), 1899--1904.

[88]

Mehani, O., Holz, R., Ferlin, S., and Boreli, R. An early look at multipath TCP deployment in the wild. In International workshop on hot topics in planet-scale measurement (2015).

Digital Library

[89]

Merit Network. ORION network telescope. https://www.merit.edu/initiatives/ orion-network-telescope/.

[90]

Mirian, A., Ma, Z., Adrian, D., Tischer, M., Chuenchujit, T., Yardley, T., Berthier, R., Mason, J., Durumeric, Z., Halderman, J. A., et al. An Internetwide view of ics devices. In 14th Annual Conference on Privacy, Security and Trust (2016), IEEE.

[91]

Moon, S.-J., Yin, Y., Sharma, R. A., Yuan, Y., Spring, J. M., and Sekar, V. Accurately measuring global risk of amplification attacks using {AmpMap}. In USENIX Security Symposium (2021).

[92]

Moore, H. Fix a segfault when udp->uh_ulen is less than 8. https://github.com/ zmap/zmap/pull/155.

[93]

Morishita, S., Hoizumi, T., Ueno,W., Tanabe, R., Gañán, C., Van Eeten, M. J., Yoshioka, K., and Matsumoto, T. Detect me if you. . . oh wait. an Internet-wide view of self-revealing honeypots. In IFIP/IEEE Symposium on Integrated Network and Service Management (IM) (2019).

[94]

Moura, G. C., Ganán, C., Lone, Q., Poursaied, P., Asghari, H., and van Eeten, M. How dynamic is the ISPs address space? towards Internet-wide DHCP churn estimation. In IFIP Networking Conference (2015).

[95]

National Cyber Security Centre. Active cyber defence: The sixth year. https://www.ncsc.gov.uk/files/ACD6-full-report.pdf.

[96]

National Science Foundation. Internet measurement research: Methodologies, tools, and infrastructure (imr). https://new.nsf.gov/funding/opportunities/ internet-measurement-research-methodologies-tools.

[97]

Nemec, M., Klinec, D., Svenda, P., Sekan, P., and Matyas, V. Measuring popularity of cryptographic libraries in Internet-wide scans. In Proceedings of the 33rd Annual Computer Security Applications Conference (2017), pp. 162--175.

Digital Library

[98]

Nguyen, T. T., Backes, M., and Stock, B. Freely given consent? studying consent notice of third-party tracking and its violations of gdpr in android apps. In ACM Conference on Computer and Communications Security (2022).

[99]

Palo Alto Unit 42. New Mirai variant targeting network security devices. https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/.

[100]

Pearce, P., Ensafi, R., Li, F., Feamster, N., and Paxson, V. Augur: Internetwide detection of connectivity disruptions. In IEEE Symposium on Security and Privacy (2017).

[101]

Pearce, P., Jones, B., Li, F., Ensafi, R., Feamster, N., Weaver, N., and Paxson, V. Global measurement of DNS manipulation. In USENIX Security Symposium (2017).

[102]

Perino, D., Varvello, M., and Soriente, C. Proxytorrent: Untangling the free HTTP(S) proxy ecosystem. In World Wide Web Conference (2018).

Digital Library

[103]

Perl, H., Fahl, S., and Smith, M. You won't be needing these any more: On removing unused certificates from trust stores. In Financial Cryptography and Data Security (2014).

[104]

Perta, V. C., Barbera, M. V., and Mei, A. Exploiting delay patterns for user ips identification in cellular networks. In Privacy Enhancing Technologies (2014).

[105]

Preston-Werner, T. The semantic versioning specification. semver.org (2011).

[106]

Ramesh, R., Raman, R. S., Bernhard, M., Ongkowijaya, V., Evdokimov, L., Edmundson, A., Sprecher, S., Ikram, M., and Ensafi, R. Decentralized control: A case study of Russia. In Network and Distributed System Security Symposium (2020).

[107]

Rodday, N., Kaltenbach, L., Cunha, I., Bush, R., Katz-Bassett, E., Rodosek, G. D., Schmidt, T. C., and Wählisch, M. On the deployment of default routes in inter-domain routing. In ACM SIGCOMM 2021 Workshop on Technologies, Applications, and Uses of a Responsible Internet (2021), pp. 14--20.

Digital Library

[108]

Rüth, J., Poese, I., Dietzel, C., and Hohlfeld, O. A first look at quic in the wild. In Passive and Active Measurement (2018).

[109]

Rye, E. C., and Beverly, R. Sundials in the shade: An Internet-wide perspective on icmp timestamps. In Passive and Active Measurement (2019).

Digital Library

[110]

Salus, P. H. A quarter century of UNIX. ACM Press/Addison-Wesley Publishing Co., 1994.

Digital Library

[111]

Sarabi, A., Jin, K., and Liu, M. Smart Internet probing: Scanning using adaptive machine learning. Game Theory and Machine Learning for Cyber Security (2021).

[112]

Sattler, P., Zirngibl, J., Jonker, M., Gasser, O., Carle, G., and Holz, R. Packed to the brim: Investigating the impact of highly responsive prefixes on Internet-wide measurement campaigns. Proceedings of the ACM on Networking, CoNEXT3 (2023).

Digital Library

[113]

Sommers, J., Durairajan, R., and Barford, P. Automatic metadata generation for active measurement. In ACM Internet Measurement Conference (2017).

Digital Library

[114]

Song, G., He, L., Zhao, T., Luo, Y., Wu, Y., Fan, L., Li, C., Wang, Z., and Yang, J. Which doors are open: Reinforcement learning-based Internet-wide port scanning. In IEEE/ACM 31st International Symposium on Quality of Service (2023).

[115]

Springall, D., Durumeric, Z., and Halderman, J. A. FTP: the forgotten cloud. In IEEE/IFIP International Conference on Dependable Systems and Networks (2016).

[116]

Springall, D., Durumeric, Z., and Halderman, J. A. Measuring the security harm of TLS crypto shortcuts. In ACM Internet Measurement Conference (2016). [117] Srinivasa, S., Pedersen, J. M., and Vasilomanolakis, E. Open for hire: Attack trends and misconfiguration pitfalls of IoT devices. In ACM Internet Measurement Conference (2021).

[117]

Sullivan, G. A., Sippe, J., Heninger, N., and Wustrow, E. Open to a fault: On the passive compromise of TLS keys via transient errors. In 31st USENIX Security Symposium (2022).

[118]

P., Nemec, M., Sekan, P., Kvaovsk

[119]

y, R., Formánek, D., Komárek, D., and Matyá?, V. The Million-Key question: Investigating the origins of RSA public keys. In USENIX Security Symposium (2016).

[120]

Szurdi, J., and Christin, N. Email typosquatting. In ACM Internet Measurement Conference (2017).

Digital Library

[121]

The White House. Back to the building blocks: A path toward secure and measurable software. Tech. rep., 2024. https://www.whitehouse.gov/wpcontent/ uploads/2024/02/Final-ONCD-Technical-Report.pdf.

[122]

Toulas, B. Medusa botnet returns as a Mirai-based variant with ransomware sting. https://www.bleepingcomputer.com/news/security/medusabotnet- returns-as-a-mirai-based-variant-with-ransomware-sting/.

[123]

van der Toorn, O., van Rijswijk-Deij, R., Sommese, R., Sperotto, A., and Jonker, M. Saving brian's privacy: the perils of privacy exposure through reverse dns. In ACM Internet Measurement Conference (2022).

Digital Library

[124]

VanderSloot, B., Amann, J., Bernhard, M., Durumeric, Z., Bailey, M., and Halderman, J. A. Towards a complete view of the certificate ecosystem. In ACM Internet Measurement Conference (2016).

Digital Library

[125]

Vissers, T., Van Goethem, T., Joosen, W., and Nikiforakis, N. Maneuvering around clouds: Bypassing cloud-based security providers. In ACM Conference on Computer and Communications Security (2015).

Digital Library

[126]

Wan, G., Izhikevich, L., Adrian, D., Yoshioka, K., Holz, R., Rossow, C., and Durumeric, Z. On the origin of scanning: The impact of location on Internetwide scans. In ACM Internet Measurement Conference (2020).

Digital Library

[127]

Ward, I. JSON lines. https://jsonlines.org/.

[128]

Xu, Z., Wang, H., and Wu, Z. A measurement study on co-residence threat inside the cloud. In USENIX Security Symposium (2015).

[129]

Yang, K., Li, Q., and Sun, L. Towards automatic fingerprinting of IoT devices in the cyberspace. Computer networks (2019).

[130]

Zhang, J., Durumeric, Z., Bailey, M., Liu, M., and Karir, M. On the mismanagement and maliciousness of networks. In Network and Distributed System Security Symposium (2014).

[131]

Zhu, L., Wessels, D., Mankin, A., and Heidemann, J. Measuring dane TLSA deployment. In Traffic Monitoring and Analysis (2015).

[132]

Zirngibl, J., Buschmann, P., Sattler, P., Jaeger, B., Aulbach, J., and Carle, G. It's over 9000: Analyzing early quic deployments with the standardization on the horizon. In ACM Internet Measurement Conference (2021).

Digital Library

[133]

Zyp, K. JSON schema. https://json-schema.org/.

Cited By

Han CTanaka ATakahashi TDadkhah SGhorbani ALin T(2024)Traceability Measurement Analysis of Sustained Internet-Wide Scanners via Darknet2024 IEEE Conference on Dependable and Secure Computing (DSC)10.1109/DSC63325.2024.00015(17-22)Online publication date: 6-Nov-2024
https://doi.org/10.1109/DSC63325.2024.00015

Index Terms

Ten Years of ZMap

Recommendations

Have you SYN me? Characterizing Ten Years of Internet Scanning
IMC '24: Proceedings of the 2024 ACM on Internet Measurement Conference

Port scanning is the de-facto method to enumerate active hosts and potentially exploitable services on the Internet. Over the last years, several studies have quantified the ecosystem of port scanning. Each work has found drastic changes in the threat ...
Illuminating large-scale IPv6 scanning in the internet
IMC '22: Proceedings of the 22nd ACM Internet Measurement Conference

While scans of the IPv4 space are ubiquitous, today little is known about scanning activity in the IPv6 Internet. In this work, we present a longitudinal and detailed empirical study on large-scale IPv6 scanning behavior in the Internet, based on ...
Scanning the Scanners: Sensing the Internet from a Massively Distributed Network Telescope
IMC '19: Proceedings of the Internet Measurement Conference

Scanning of hosts on the Internet to identify vulnerable devices and services is a key component in many of today's cyberattacks. Tracking this scanning activity, in turn, provides an excellent signal to assess the current state-of-affairs for many ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '24: Proceedings of the 2024 ACM on Internet Measurement Conference

November 2024

812 pages

ISBN:9798400705922

DOI:10.1145/3646547

General Chairs:
Narseo Vallina-Rodríguez
IMDEA Networks Institute, Spain
,
Guillermo Suarez-Tángil
IMDEA Networks Institute, Spain
,
Program Chairs:
Dave Levin
University of Maryland, United States
,
Cristel Pelsser
UCLouvain, Belgium

Copyright © 2024 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2024

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

IMC '24

Sponsor:

IMC '24: ACM Internet Measurement Conference

November 4 - 6, 2024

Madrid, Spain

Acceptance Rates

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
256
Total Downloads

Downloads (Last 12 months)256
Downloads (Last 6 weeks)48

Reflects downloads up to 03 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Han CTanaka ATakahashi TDadkhah SGhorbani ALin T(2024)Traceability Measurement Analysis of Sustained Internet-Wide Scanners via Darknet2024 IEEE Conference on Dependable and Secure Computing (DSC)10.1109/DSC63325.2024.00015(17-22)Online publication date: 6-Nov-2024
https://doi.org/10.1109/DSC63325.2024.00015

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten