Social Links

Zmap Software Scans Entire Internet, a Major Internet Security Boost

April 8, 2015 By Finley Engineering in

An exciting Internet development has come out of the University of Michigan. According to researchers, it’s now possible to rapidly scan every device connected to the public Internet. 

This capability already has demonstrated its usefulness in combating a major flaw in the encryption that secures websites recently.

According to a MIT Technology Review post published on March 30, a research fellow at the University of Michigan realized the full potential of the flaw, known as FREAK, after performing a scan of every device on the Internet. Only later did the researchers who identified the flaw come to the same realization.

FREAK affected more than five million websites, including those operated by the FBI, Apple and Google. The University of Michigan researcher’s results prompted what the MIT Technology Review writer called “an urgent, careful effort” to inform key companies and organizations prior to a public announcement of the problem.

The scanning software, known as Zmap , is open-source and according to the Zmap website, it’s capable of performing a complete scan of the entire IPv4 Internet address space in less than 5 minutes, approaching the theoretical limit of ten gigabit Ethernet.

Zmap scanning can encompass all the four billion devices connected to the Internet and scan the entire public Internet in under an hour, according to MIT Technology Review. Zmap also can identify sites vulnerable to cyber attacks.

When FREAK hit the scene, the University of Michigan researcher — Zakir Durumeric — received a call from a Johns Hopkins University assistant professor who had been warned of the threat by its discoverers, a team of researchers from Microsoft, the French Institute for Research in Computer Science and Automation, and Madrid’s IMDEA Software Institute.

Before Zmap it took two weeks or even months to scan the entire Internet. “Existing tools were a thousand times too slow,” Durumeric told MIT Technology Review.

The first high-profile use of Zmap was in April 2014 when it was used to track the Heartbleed virus, which exploited a flaw in Web encryption software. Having used Zmap to scan the Internet and identify those affected or vulnerable, the University of Michigan research team went so far as to send automated emails to companies on the list informing them what they could do to counter the threat.

According to Durumeric, the use of Zmap to counter Heartbleed, FREAK and other Internet security threats has prompted companies to fix and upgrade the security of their systems. “Controlled experiments showed that the notifications made a measurable difference,” University of Michigan professor and project team member Michael Bailey was quoted in the MIT Technology Review report.