Now You Can Scan the Entire Internet in Under an Hour

Like many things in life and on the internet specifically, this new, speedy scanner is a tool of neutral moral value.

Aug 19 2013, 4:50pm
Image via Mike Lee on Flickr.

It is now possible to scan the internet in just under the amount of time it would take you watch an episode of Breaking Bad.

Three computer scientists headquartered at the University of Michigan announced Zmap this past Friday. Zmap is an “open-source network scanner” designed to make internet-wide research all the more accessible.

No special equipment or “heroic effort” is required. Anyone can download Zmap from its website, and, with the help of a few tips on how to be an ethical user, start conducting their own studies.

HTTPS adoption. Image courtsey of Zakir Durumeric, Eric Wustrow, and J. Alex Halderman.

Admittedly, it’s a bit of an overstatement to say this scans the entire internet. What it actually does is scan all IPv4 addresses in about three-quarters of an hour. Although it doesn’t touch IPv6, that’s a big deal.

First of all, IPv6 may be the latest version of the Internet Protocol, but according to Zakir Durumeric, one of the Michigan researchers, "the vast majority of clients on the Internet do not have access to IPv6. Because most clients do not support IPv6, we expect that most public services and hosts will still support IPv4." Durumeric noted, however, that adoption is on the rise for the new protocol and "this places us in a unique position in history where we can fully enumerate the IPv4 address space while we still believe hosts are using IPv4."

Secondly, while doing a scan itself is nothing new, being able to do it in a manageable time frame is. Nmap, a scanner that predates Zmap by over a decade and even made an appearance in The Matrix Reloaded, can take months to do an internet-wide scan. According to Durumeric and his colleagues, the two products were designed with very different objectives in mind, but as Nmap has been used in research previously, they compared them anyway. What they discovered through some extrapolation was that Zmap could complete an internet-wide scan 1,300 times faster than Nmap on its most vigorous setting.

Some of the studies that can potentially be done using this faster mechanism include analyses of HTTPS adoption, security holes, and service disruptions. The latter capability was tested during Hurricane Sandy’s destructive visit to the Eastern seaboard last fall. To the surprise of no one who experienced the storm’s wrath, Zmap uncovered a significant rate of service issues. While the data reveals nothing we didn't already know, it demonstrates Zmap’s functionality with regards to studying outages.

Outages in the wake of Hurricane Sandy. According to the researchers, this map represents "locations with more than a 30% decrease in the number of listening hosts." Image courtsey of Zakir Durumeric, Eric Wustrow, and J. Alex Halderman.

It’s about that time where you might be questioning whether internet scans in general, and especially internet scans that can be done in under an hour, are a good thing. There is no simple yes/no answer. Like many things in life and on the internet specifically, Zmap is a tool of neutral moral value. Whether it becomes a means for good, such as identifying security vulnerabilities, or not-so-good, such as using those security vulnerabilities to attack hosts, all depends on whose hands Zmap finds itself in.