Census and survey of the visible internet

Heidemann, John; Pradkin, Yuri; Govindan, Ramesh; Papadopoulos, Christos; Bartlett, Genevieve; Bannister, J.

doi:10.1145/1452520.1452542

Cited by 143 publications

(227 citation statements)

References 39 publications

Supporting

Mentioning

221

Contrasting

Order By: Relevance

“…RELATED WORK 1) Large-scale Scanning: In 2008 Heidemann et al [35] started an Internet wide discovery scan of edge hosts. They were the first to census the IPv4 address space, but were limited to host discovery, not containing protocol or service specific results.…”

Section: Mitigation Strategiesmentioning

confidence: 99%

No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large

Mayer

Zauner

Schmiedecker

et al. 2016

2016 11th International Conference on Availability, Reliability and Security (ARES)

View full text Add to dashboard Cite

Abstract-TLS is the most widely used cryptographic protocol on the Internet. While many recent studies focused on its use in HTTPS, none so far analyzed TLS usage in e-mail related protocols, which often carry highly sensitive information. Since end-to-end encryption mechanisms like PGP are seldomly used, today confidentiality in the e-mail ecosystem is mainly based on the encryption of the transport layer. A well-positioned attacker may be able to intercept plaintext passively and at global scale.In this paper we are the first to present a scalable methodology to assess the state of security mechanisms in the e-mail ecosystem using commodity hardware and open-source software. We draw a comprehensive picture of the current state of every e-mail related TLS configuration for the entire IPv4 range. We collected and scanned a massive data-set of 20 million IP/port combinations of all related protocols (SMTP, POP3, IMAP) and legacy ports. Over a time span of approx. three months we conducted more than 10 billion TLS handshakes. Additionally, we show that securing server-to-server communication using e.g. SMTP is inherently more difficult than securing client-toserver communication. Lastly, we analyze the volatility of TLS certificates and trust anchors in the e-mail ecosystem and argue that while the overall trend points in the right direction, there are still many steps needed towards secure e-mail.

show abstract

Section: Mitigation Strategiesmentioning

confidence: 99%

No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large

Mayer

Zauner

Schmiedecker

et al. 2016

2016 11th International Conference on Availability, Reliability and Security (ARES)

View full text Add to dashboard Cite

show abstract

“…In [6], Heidemann et al presented a study of the active Internet over the period [2003][2004][2005][2006][2007][2008]. The presented census highlighted anomalies in the un-allocated address space and indicates the percentage of usage for allocated network blocks.…”

Section: Related Work and Backgroundmentioning

confidence: 99%

“…Active scans on the Internet are certainly an important source of information, as several studies have demonstrated that they can help reveal new kinds of vulnerabilities, monitor deployment of mitigation, and highlight hidden distributed ecosystems [5,6,7,8,11]. However, the IC results were published anonymously, and the methodology only partially described, which, as pointed out by the Cooperative Association for Internet Data Analysis (CAIDA) [1], leads to some important questions, such as: how does one know that the IC scan actually happened, and if it did, how does one know that the resulting data is correct?…”

Section: Introductionmentioning

confidence: 99%

Towards Validation of the Internet Census 2012

Maan

Santanna

Sperotto

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The reliability of the "Internet Census 2012" (IC), an anonymously published scan of the entire IPv4 address space, is not a priori clear. As a step towards validation of this dataset, we compare it to logged reference data on a /16 network, and present an approach to systematically handle uncertainties in timestamps in the IC and reference data. We find evidence the scan indeed took place, and a 93% match with the /16 reference data.

show abstract

“…aim to shed light on its structure [2], [13], user behavior [14], [17], host availability [6], [11], and web content [7], [10]; however, accurately capturing Internet-wide metrics has long remained a challenging research problem. The main tradeoff involves the amount of available hardware and the delay the user is willing to tolerate.…”

Section: Introductionmentioning

confidence: 99%

“…Sending such a large number of small packets presents a problem for Winsock and limits the duration of the measurement to days instead of minutes. A slightly different, but related, measurement goal that requires high pps sending rates is discovery of open services using horizontal scanning [1], [3], [6], [11], where each IP address in the IANA (3.3B destinations) or BGP (2.1B) space is probed with a packet on a given port. Instead of using months to scan the Internet as in prior work [1], [3], [6], [11], our goal in another ongoing project is to accomplish this activity in several hours/days.…”

Section: Introductionmentioning

confidence: 99%

Enabling High-Performance Internet-Wide Measurements on Windows

Smith

Loguinov

2010

Passive and Active Measurement

View full text Add to dashboard Cite

Abstract. This paper presents analysis of the Windows kernel network stack and designs a novel high-performance NDIS driver platform called IRLstack whose goal is to enable large-scale Internet measurements that require sending billions of packets and managing millions of outstanding connections on inexpensive commodity hardware available to any research lab. Our results show that with just 75% of one modern CPU core, IRLstack can saturate a gigabit link with SYN packets (i.e., 1.48M pps) and achieve 3.52 Gbps (i.e., 5.25 Mpps) with a quad-core CPU. IRLstack's transmission performance exceeds that of Winsock by a factor of 92-174, batch-mode WinPcap by a factor of 4.7-6.7, and the latest optimized PF RING/TNAPI Linux kernel by up to 30%.

show abstract

Census and survey of the visible internet

Cited by 143 publications

References 39 publications

No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large

No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large

Towards Validation of the Internet Census 2012

Enabling High-Performance Internet-Wide Measurements on Windows

Contact Info

Product

Resources

About