Three researchers from the University of Michigan have devised a scanning tool that is capable of surveying the entirety of the IPv4 Internet in less than one hour utilizing only one machine.
The a modular, open-source network scanner, called ZMap, is said to have “numerous security applications, including exposing new vulnerabilities and tracking the adoption of defensive mechanisms,” according to the researchers.
ZMap was unveiled in a presentation at the USENIX Security conference last month, where the researchers discussed the scanner’s architecture, demonstrated its performance and accuracy, and examined potential “security implications of high speed Internet-scale network surveys, both offensive and defensive.”
The advantage for researchers is in the scanners speed and accuracy, allowing for the preservation of a snapshot in time of the whole IPv4 address space, and allowing more rapid analysis of findings.
“You can imagine that if you did your scans over three months and then did all the follow-up processing, the Internet could have grown, in terms of the use of certain protocols, by 10 percent. So you have a whole new degree of specificity,” team member Zakir Durumeric told Dark Reading.
Prior to ZMap, scans had to be conducted in subnet batches in order to handle the vast amounts of data, and the process could overwhelm small networks.
ZMap generates pseudo-random IP addresses and packets are matched up by inserting identifiers in unused fields in the packets, all of which are collected by a separate “asynchronous collector.”
The scans can be used to help identify vulnerable systems, and plans are already in place to use ZMap to help inventory enterprise network connections and unknown assets.