U. of Michigan Researchers Speed Up Internet Scans
Wired Campus 2013-08-20
Computer scientists at the University of Michigan at Ann Arbor have made a big technological advance for researchers who study the Internet and how people use it, cutting the time necessary to survey the whole of the network from two or three months to just 44 minutes—and cutting the cost accordingly. That means it’s possible to take meaningful snapshots of the Internet at various points in time and compare them in ways that may reveal behavioral trends, security problems, and other information.
The researchers—Zakir Durumeric and Eric Wustrow, both Ph.D. candidates, and J. Alex Halderman, an assistant professor of computer science and electrical engineering—created an open-source network scanner called ZMap. As The Washington Post explains, the Michigan team speeded up the process of sending brief queries to large numbers of networked computers by embedding return-address information in the original query. Replies no longer have to be matched with outstanding requests because the replies themselves contain all the information researchers need—and that’s where so much time is saved.
ZMap can ask the machines it talks to only fairly simple questions—like what kinds of software they’re running and, of course, whether they’re running at all. But as the Post account notes, ZMap’s ease of use and low cost open new possibilities for Internet research. The Michigan computer scientists, for instance, scanned the Internet every two hours during Hurricane Sandy last October, and were able to map locations with widespread outages (right). They have also tracked how quickly bug fixes for software are adopted after release.
In a paper they presented last week at a network-security conference, they even suggested that the ZMap technology could be the basis for a system of anonymous communication. “Rather than using the scanner to send probes, it could be used to broadcast a short encrypted message to every public IP address. In this scenario, it would be impossible to determine the desired destination host.”