Zakir Durumeric, Eric Wustrow, and J. Alex Halderman, University of Michigan
Abstract:
Internet-wide network scanning has numerous security applications, including exposing new vulnerabilities and tracking the adoption of defensive mechanisms, but probing the entire public address space with existing tools is both difficult and slow. We introduce ZMap, a modular, open-source network scanner specifically architected to perform Internet-wide scans and capable of surveying the entire IPv4 address space in under 45 minutes from user space on a single machine, approaching the theoretical maximum speed of gigabit Ethernet. We present the scanner architecture, experimentally characterize its performance and accuracy, and explore the security implications of high speed Internet-scale network surveys, both offensive and defensive. We also discuss best practices for good Internet citizenship when performing Internet-wide surveys, informed by our own experiences conducting a long-term research survey over the past year.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {182948,
author = {Zakir Durumeric and Eric Wustrow and J. Alex Halderman},
title = {{ZMap}: Fast Internet-wide Scanning and Its Security Applications},
booktitle = {22nd USENIX Security Symposium (USENIX Security 13)},
year = {2013},
isbn = {978-1-931971-03-4},
address = {Washington, D.C.},
pages = {605--620},
url = {https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/durumeric},
publisher = {USENIX Association},
month = aug
}
connect with us