sponsors
usenix conference policies
Zippier ZMap: Internet-Wide Scanning at 10 Gbps
David Adrian, Zakir Durumeric, Gulshan Singh, and J. Alex Halderman, University of Michigan
We introduce optimizations to the ZMap network scanner that achieve a 10-fold increase in maximum scan rate. By parallelizing address generation, introducing an improved blacklisting algorithm, and using zero-copy NIC access, we drive ZMap to nearly the maximum throughput of 10 gigabit Ethernet, almost 15 million probes per second. With these changes, ZMap can comprehensively scan for a single TCP port across the entire public IPv4 address space in 4.5 minutes given adequate upstream bandwidth. We consider the implications of such rapid scanning for both defenders and attackers, and we briefly discuss a range of potential applications.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {David Adrian and Zakir Durumeric and Gulshan Singh and J. Alex Halderman},
title = {Zippier {ZMap}: {Internet-Wide} Scanning at 10 Gbps},
booktitle = {8th USENIX Workshop on Offensive Technologies (WOOT 14)},
year = {2014},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/woot14/workshop-program/presentation/adrian},
publisher = {USENIX Association},
month = aug
}
connect with us