Communications of the ACM
Probing the Whole Internet For Weak Spots
A team at the University of Michigan is using the ZMap tool to scan the Internet to identify websites vulnerable to security flaws.
Credit: Carna Botnet
When the FREAK encryption flaw was uncovered early in March, a team at the University of Michigan used a tool they had developed to scan the Internet to identify vulnerable websites so they could be warned before the flaw was made public.
The ZMap tool was developed by a University of Michigan team led by research fellow Zakir Durumeric in late 2013. ZMap is a more efficient version of earlier tools that systematically query all of the numerical addresses for Internet devices using the IPv4 protocol. Previous tools took days or even weeks to complete the task, while ZMap can complete a scan in under an hour.
ZMap had its first major test last April, searching for websites vulnerable to the Heartbleed bug. Durumeric notes almost a year later, nearly 1 percent of the top million websites are still vulnerable to Heartbleed.
ZMap is now used by security researchers and Google, which reportedly is employing the tool to improve the security of its Chrome browser. However, the researchers note ZMap has some limitations. It cannot scan the much larger and growing IPv6 address space, private networks such as corporate intranets, or devices connecting via mobile data networks.
From Technology Review
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found