2018
DOI: 10.1145/3213232.3213234
|View full text |Cite
|
Sign up to set email alerts
|

Scanning the Internet for Liveness

Abstract: Internet-wide scanning depends on a notion of liveness: does a target IP address respond to a probe packet? However, the interpretation of such responses, or lack of them, is nuanced and depends on multiple factors, including: how we probed, how different protocols in the network stack interact, the presence of filtering policies near the target, and temporal churn in IP responsiveness. Although often neglected, these factors can significantly affect the results of active measurement studies. We develop a taxo… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
16
1

Year Published

2019
2019
2023
2023

Publication Types

Select...
4
4

Relationship

1
7

Authors

Journals

citations
Cited by 33 publications
(17 citation statements)
references
References 34 publications
0
16
1
Order By: Relevance
“…The state of active scanning research was pushed forward significantly by ZMap [18], which allows researchers to scan the entire IPv4 address space in less than an hour. Several works have since used the tool to investigate the deployment of different protocols and applications in the Internet, e.g., liveness [19], TCP initial window [20], and QUIC [21]. Others have looked into passive data traces for a different viewpoint on deployment measurements.…”
Section: B Related Workmentioning
confidence: 99%
“…The state of active scanning research was pushed forward significantly by ZMap [18], which allows researchers to scan the entire IPv4 address space in less than an hour. Several works have since used the tool to investigate the deployment of different protocols and applications in the Internet, e.g., liveness [19], TCP initial window [20], and QUIC [21]. Others have looked into passive data traces for a different viewpoint on deployment measurements.…”
Section: B Related Workmentioning
confidence: 99%
“…However, our certigo scan found around 20% more addresses, which we attribute to two causes. First, both Rapid7 and Censys have to respond to complaints and remove IP addresses from their scans [12,29,110]. As both scans have run for years, more address space is excluded over time.…”
Section: Validationmentioning
confidence: 99%
“…This includes both client-facing and operations IP addresses. Here, we leave some leeway to account for both packet loss, network-specific filtering [9], as well as for servers that might be in a maintenance mode, such as for a system software update. In our dataset, we find a total of 2.8K full scans, originating from 1.3K source IP addresses.…”
Section: Internet-wide Full Ipv4 Scansmentioning
confidence: 99%
“…Such connection artifacts, e.g., IPsec, are frequently reported to appear in firewall logs in production networks[4] 9. We leverage the CDN's proprietary geolocation database to map scanner IP addresses to countries.…”
mentioning
confidence: 99%