skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


This content will become publicly available on November 4, 2025

Title: Ten Years of ZMap
Since ZMap’s debut in 2013, networking and security researchers have used the open-source scanner to write hundreds of research papers that study Internet behavior. In addition, ZMap has been adopted by the security industry to build new classes of enterprise security and compliance products. Over the past decade, much of ZMap’s behavior—ranging from its pseudorandom IP generation to its packet construction—has evolved as we have learned more about how to scan the Internet. In this work, we quantify ZMap’s adoption over the ten years since its release, describe its modern behavior (and the measurements that motivated changes), and offer lessons from releasing and maintaining ZMap for future tools.  more » « less
Award ID(s):
2223360 2319080
PAR ID:
10553593
Author(s) / Creator(s):
; ; ; ;
Publisher / Repository:
ACM
Date Published:
ISBN:
9798400705922
Page Range / eLocation ID:
139 to 148
Subject(s) / Keyword(s):
Internet Measurement Internet Scanning ZMap
Format(s):
Medium: X
Location:
Madrid Spain
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, 2020 22nd International Conference on Transparent Optical Networks (ICTON))
    null (Ed.)
    With the vastly growing need for secure communication, quantum key distribution (QKD) has been developed to provide high security for communications against potential attacks from the fast-developing quantum computers. Among different QKD protocols, continuous variable (CV-) QKD employing Gaussian modulated coherent states has been promising for its complete security proof and its compatibility with current communication systems in implementation with homodyne or heterodyne detection. Since satellite communication has been more and more important in developing global communication networks, there have been concerns about the security in satellite communication and how we should evaluate the security of CV-QKD in such scenarios. To better analyse the secure key rate (SKR) in this case, in this invited paper we investigate the CV-QKD SKR lower bounds under realistic assumptions over a satellite-to-satellite channel. We also investigate the eavesdropper's best strategy to apply in these scenarios. We demonstrate that for these channel conditions with well-chosen carrier centre frequency and receiver aperture size, based on channel parameters, we can optimize SKR correspondingly. The proposed satellite-based QKD system provides high security level for the coming 5G and beyond networks, the Internet of things, self-driving cars, and other fast-developing applications. 
    more » « less
  2. ; ; (, Proceedings of the ACM SIGCOMM Internet Measurement Conference)
    The Border Gateway Protocol (BGP) is the protocol that networks use to exchange (announce) routing information across the Internet. Unfortunately, BGP has no mechanism to prevent unauthorized announcement of network addresses, also known as prefix hijacks. Since the 1990s, the primary means of protecting against unauthorized origin announcements has been the use of routing information databases, so that networks can verify prefix origin information they receive from their neighbors in BGP messages. In the 1990s, operators deployed databases now collectively known as the Internet Routing Registry (IRR), which depend on voluntary (although sometimes contractually required) contribution of routing information without strict (or sometimes any) validation. Coverage, accuracy, and use of these databases remains inconsistent across ISPs and over time. In 2012, after years of debate over approaches to improving routing security, the operator community deployed an alternative known as the Resource Public Key Infrastructure (RPKI). The RPKI includes cryptographic attestation of records, including expiration dates, with each Regional Internet Registry (RIR) operating as a "root" of trust. Similar to the IRR, operators can use the RPKI to discard routing messages that do not pass origin validation checks. But the additional integrity comes with complexity and cost. Furthermore, operational and legal implications of potential malfunctions have limited registration in and use of the RPKI. In response, some networks have redoubled their efforts to improve the accuracy of IRR registration data. These two technologies are now operating in parallel, along with the option of doing nothing at all to validate routes. Although RPKI use is growing, its limited coverage means that security-conscious operators may query both IRR and RPKI databases to maximize routing security. However, IRR information may be inaccurate due to improper hygiene, such as not updating the origin information after changes in routing policy or prefix ownership. Since RPKI uses a stricter registration and validation process, we use it as a baseline against which to compare the trends in accuracy and coverage of IRR data. 
    more » « less
  3. ; ; ; ; ; ; (, IEEE)
    Since the exhaustion of unallocated IP addresses at the Internet Assigned Numbers Authority (IANA), a market for IPv4 addresses has emerged. In complement to purchasing address space, leasing IP addresses is becoming increasingly popular. Leasing provides a cost-effective alternative for organizations that seek to scale up without a high upfront investment. However, malicious actors also benefit from leasing as it enables them to rapidly cycle through different addresses, circumventing security measures such as IP blocklisting. We explore the emerging IP leasing market and its implications for Internet security. We examine leasing market data, leveraging blocklists as an indirect measure of involvement in various forms of network abuse. In February 2025, leased prefixes were 2.89× more likely to be flagged by blocklists compared to non-leased prefixes. This result raises questions about whether the IP leasing market should be subject to closer scrutiny. 
    more » « less
  4. ; ; ; ; ; (, Proceedings of the 22nd ACM Internet Measurement Conference (IMC '22))
    Mutually Agreed Norms on Routing Security (MANRS) is an industry-led initiative to improve Internet routing security by encouraging participating networks to implement a series of mandatory or recommended actions. MANRS members must register their IP prefixes in a trusted routing database and use such information to prevent propagation of invalid routing information. MANRS membership has increased significantly in recent years, but the impact of the MANRS initiative on the overall Internet routing security remains unclear. In this paper, we provide the first independent look into the MANRS ecosystem by using publicly available data to analyze the routing behavior of participant networks. We quantify MANRS participants' level of conformance with the stated requirements, and compare the behavior of MANRS and non-MANRS networks. While not all MANRS members fully comply with all required actions, we find that they are more likely to implement routing security practices described in MANRS actions. We assess the relevance of the MANRS effort in securing the overall routing ecosystem. We found that as of May 2022, over 83% of MANRS networks were conformant to the route filtering requirement by dropping BGP messages with invalid information according to authoritative records, and over 95% were conformant to the routing information facilitation requirement, registering their resources in authoritative databases. 
    more » « less
  5. ; (, IEEE Conference on Communications and Network Security (CNS))
    Residential networks pose a unique challenge for security since they are operated by end-users that may not have security expertise. Residential networks are also home to devices that may have lackluster security protections, such as Internet of Things (IoT) devices, which may introduce vulnerabilities. In this work, we introduce TLSDeputy, a middlebox-based system to protect residential networks from connections to inauthentic TLS servers. By combining the approach with OpenFlow, a popular software-defined networking protocol, we show that we can effectively provide residential network-wide protections across diverse devices with minimal performance overheads. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email