Of Scannings and Statistics

August 22, 2014

Introduction

We have been engaged in scanning of the internet for its better health for over a year (we started with a few, then grew to a dozen).  The decreases in abusable systems has dropped significantly in several areas.  We have also had an inadvertent effect of identifying networking misconfiguration on many networks which has helped improve the stability and security of those organizations.  Overall we have been very satisfied with the project and besides a few minor complaints it has been received very well by all of our consumers and the Internet in general.

Statistics

While each of the protocols we scan have their own web page and have a large variety of information available about each scan, the information is a summation of the total, and in many cases a shorter list of the results.  We believe in openness, although do not want to focus on any particular organization, since each one has different needs and capabilities of dealing with the results of the data.  We wanted to make available a complete set of statistics for the scans.  We are interested in seeing what everyone else might do with the information and perhaps even provide more value back to the community.

UPDATE:  Only base statistics are included in the web pages now, see here for the details why.

Here is the complete list of scan results in CSV format as well as the original statistics pages for each one:

And the statistics for the Gameover Zeus takedown (GOZ)

Whitelisting

Because we have an opt-out option for any network that does not wish to be scanned there will be certain networks for which we will not have any statistics.  As this can skew any analytics when looking at the data we are also including all the whitelisting we are have been requested to deploy for any network greater than a /24 of IP address space.  Because they are included in the whitelisting does not make them better or worse and in fact some of these are very clean networks.  It does mean that we are not looking into them and therefore there is not any data.

Conclusion

So there you have it all.  If you find something cool to do with the data please let us know.

Updates

2016

  • UPDATED:  2016-11-13 – Added Telnet
  • UPDATED:  2016-11-02 – Added LDAP
  • UPDATED:  2016-09-22 – Added RDP
  • UPDATED:  2016-09-21 – Added ISAKMP
  • UPDATED:  2016-05-18 – Added XDMCP
  • UPDATED:  2016-05-18 – Added DB2
  • UPDATED:  2016-03-09 – Added TFTP
  • UPDATED:  2016-02-18 – Added mDNS

2015

  • UPDATED:  2015-09-20 – Added Synful Knock
  • UPDATED:  2015-09-15 – Added Portmapper
  • UPDATED:  2015-06-01 – Added Elastic Search
  • UPDATED:  2015-03-09 – Added SSL/FREAK
  • UPDATED:  2015-02-13 – Added MongoDB
  • UPDATED:  2015-01-29 – Added MS-SQL
  • UPDATED:  2015-01-23 – Added MemCached
  • UPDATED:  2015-01-21 – Added REDIS
  • UPDATED:  2015-01-07 – Added NAT-PMP

2014

  • UPDATED:  2014-11-17 – Added SSLv3
  • UPDATED:  2014-08-28 – Added Netcore/Netis Routers

Recent Articles