Attackers gather intelligence in phases: Footprinting (DNS, email servers, IP range) → Scanning (OS, services, architecture) → Enumeration (users, groups, routing tables, SNMP).
| Study | Focus | Cost |
|---|---|---|
| Mining Ps and Qs | Widespread weak keys in network devices | 25h × 25 EC2 (625 CPU-h) |
| EFF SSL Observatory | CA ecosystem | 3 months, 3 machines (6500 CPU-h) |
| Census of Visible Internet | 5% HTTPS, 10% SSH vulns | 3 months ICMP (2200 CPU-h) |
Open-source tool that can port scan the entire IPv4 address space. On a gigabit network: ~45 minutes, 97% linespeed, 98% coverage.
Example: TCP SYN on port 443 → ~34M listening hosts in 44 min.
| Aspect | Traditional (e.g. Nmap) | ZMap |
|---|---|---|
| State | Track individual hosts, retransmit | Eliminate per-connection state |
| Approach | Probe widely dispersed; avoid flooding via timing | Shotgun: always n probes; send as fast as network allows |
| Stack | Use OS network stack | Probe-optimized; generate Ethernet frames directly |
| Speed | Blocking, timeouts | Full async; no blocking except network |
1.4M packets/sec on gigabit. Probe modules fill packet details and interpret responses. Output modules allow follow-up. Abstracts configuration, timing, addressing, validation.
No correlation between hit-rate and scan-rate. Slower scanning does not reveal additional hosts.
1 packet: 97.9%; 2 packets: 98.8%; 3 packets: 99.4%. Plateau in responsive hosts.
ZMap is >1300× faster than Nmap "insane" mode. ZMap also finds more results - Nmap times out hosts (e.g. 250ms per probe); some responses arrive after Nmap has given up.
How to randomly scan addresses without excessive state? Iterate over the multiplicative group of integers modulo p (prime slightly larger than 232). Scan according to a random permutation.
Negligible state: primitive root, current location, first address. Fresh random permutation per scan.
Without local per-target state, how validate responses? Encode secrets into mutable fields of the probe packet (IP, TCP headers) that have a recognizable effect on responses. Receiver echoes or uses them; validator can check.
Ethernet (MAC), IP (addresses), TCP (ports, sequence, ack) - mutable fields carry encoded info so responses can be matched without storing per-host state.
RSA: n = p × q. If two keys share prime p,
then p = GCD(n₁, n₂) - trivial to compute. Bernstein's
algorithm efficiently finds GCD of all pairs.
Insufficient entropy. Embedded/network devices use
/dev/urandom but lack entropy sources (keyboard, disk
I/O). Boot-time entropy hole - urandom predictable
until ~192 bits available; keys generated early may be weak. 5%
HTTPS, 10% SSH hosts had vulnerable keys.
Researchers tracked browser-trusted certificates. Findings: 3700+ trusted certs in a year; misused certs (Turkish transit, Korean gov 1300 certs); 90% of certs signed by 5 orgs; 26% of trusted sites signed by single intermediate.
CAs often do not use name/path length constraints. 1218 certs for "mail" across orgs. Local domains not fully qualified.
90% use 2048/4096-bit RSA; 50% rooted in 1024-bit. Many expired post-2016. Some still signed with MD5.
Entropy = randomness for crypto. Sources: hardware RNGs. Lack of entropy → negative impact on performance and security.
USENIX Security 2013. Modular single-packet scanner; probe-optimized stack; applications to vulnerability discovery, mitigation tracking.