Home / Series / Chaos Communication Congress / Aired Order / Season 30 / Episode 44

Fast Internet-wide Scanning and its Security Applications (#5533)

Speaker: J. Alex Halderman Internet-wide network scanning has powerful security applications, including exposing new vulnerabilities, tracking their mitigation, and exposing hidden services. Unfortunately, probing the entire public address space with standard tools like Nmap requires either months of time or large clusters of machines. In this talk, I'll demonstrate ZMap, an open-source network scanner developed by my research group that is designed from the ground up to perform Internet-wide scans efficiently. We've used ZMap with a gigabit Ethernet uplink to survey the entire IPv4 address space in under 45 minutes from a single machine, more than 1300 times faster than Nmap. I'll explain how ZMap's architecture enables such high performance. We'll then work through a series of practical examples that explore the security applications of very fast Internet-scale scanning, both offensive and defensive. I'll talk about results and experiences from conducting more than 300 Internet-wide scans over the past 18 months, including new revelations about the state of the HTTPS CA ecosystem. I'll discuss the reactions our scans have generated--on one occasion we were mistaken for an Iranian attack against U.S. banks and we received a visit from the FBI--and I'll suggest guidelines and best practices for good Internet citizenship while scanning.

English
  • Originally Aired December 28, 2013
  • Runtime 60 minutes
  • Production Code 5533
  • Created January 10, 2015 by
    Administrator admin
  • Modified January 10, 2015 by
    Administrator admin
Name Type Role
J. Alex Halderman Guest Star