3,000,000 million certs in less than a minute
32 views
Skip to first unread message
Gerold Meisinger
Nov 29, 2014, 2:30:01 PM11/29/14
to perspect...@googlegroups.com
https://scans.io/study/umich-https:
> Regular and continuing scans of the HTTPS Ecosystem from 2012 and
> 2013 including parsed and raw X.509 certificates, temporal state of
> scanned hosts, and the raw ZMap output of scans on port 443. The
> dataset contains approximately 43 million unique certificates from
> 108 million hosts collected via 100+ scans.
https://zmap.io
> ZMap is an open-source network scanner that enables researchers to
> easily perform Internet-wide network studies. With a single machine
> and a well provisioned network uplink, ZMap is capable of performing
> a complete scan of the IPv4 address space in under 5 minutes,
> approaching the theoretical limit of ten gigabit Ethernet.
:D
Apparently the ZMap developers achieve this with the following tricks:
1. using ethernet frames directly instead of TCP/IP
2. no per-connection state managing
3. no retransmissons
So it's actually not a "complete scan" in that sense but complete enough
and any missed host may be covered in the next scan.
> Regular and continuing scans of the HTTPS Ecosystem from 2012 and
> 2013 including parsed and raw X.509 certificates, temporal state of
> scanned hosts, and the raw ZMap output of scans on port 443. The
> dataset contains approximately 43 million unique certificates from
> 108 million hosts collected via 100+ scans.
https://zmap.io
> ZMap is an open-source network scanner that enables researchers to
> easily perform Internet-wide network studies. With a single machine
> and a well provisioned network uplink, ZMap is capable of performing
> a complete scan of the IPv4 address space in under 5 minutes,
> approaching the theoretical limit of ten gigabit Ethernet.
:D
Apparently the ZMap developers achieve this with the following tricks:
1. using ethernet frames directly instead of TCP/IP
2. no per-connection state managing
3. no retransmissons
So it's actually not a "complete scan" in that sense but complete enough
and any missed host may be covered in the next scan.
Dave Schaefer
Dec 2, 2014, 12:32:32 AM12/2/14
to perspect...@googlegroups.com
Very neat :)
There is also massscan by Robert David Graham. "It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second."
https://github.com/robertdavidgraham/masscan
http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html
There is also massscan by Robert David Graham. "It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second."
https://github.com/robertdavidgraham/masscan
http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html
Reply all
Reply to author
Forward
0 new messages