Bugtraq mailing list archives
Re: netscan.org - broadcast ICMP list
From: troy () LTNX NET (Troy Davis)
Date: Thu, 31 Dec 1998 13:26:50 -0800
On Wed, Dec 30, 1998 at 02:40:14PM -0500, epperson () VAK12ED EDU wrote:
32508 networks have been probed with the SAR 15969 of them are currently broken 7208 have been fixed after being listed hereHmmm. netscan.org reports 144,047 "broken" networks. Either their effort is on a higher order of magnitude than SAR's, or it all depends on what the definition of "network" is....
Both, but mostly the former. We scanned *.*.*.255 and .0; SAR scans the networks people submit. We checked somewhere around (assuming 3/4 of the class A's are allocated according to ARIN): 255*255*255*0.75 # number of potential class Cs * 0.75 allocated 12436031.25 # est. allocated class Cs 12436031*2 # 2 pings (.0 and .255) per class C 24872062 # that many pings sent/IPs checked Very roughly, 24.8 million IPs checked or 12.4 million class Cs, versus 32k networks at SAR. Their broken:total ratio is much higher than ours for the same reason - we scanned all class Cs, they scanned networks that people submitted (which are most likely broken). Their scanner is more flexible than ours in the definition of a network; ours takes only class Cs right now, whereas theirs handles other netmasks. We're working on making netscan.org handle netmasks (both for length of block and size it's subnetted into). We'll probably recheck SAR's database when ours supports netmasks and may also do all /25s - shouldn't be far away. Other additions in the works are searching by BGP ASN and/or NIC contact. If you're the admin for a class B or large netblock, email me and I'll give you the raw database output. A week or two after the database is properly searchable (see above), we'll release the raw database. This wasn't done originally because admins should have time to fix their nets. To scan down to /30 (smallest allocation) will be somewhere around 790 million IPs, so we're taking donations of bandwidth/CPU resources to scan from. Comments/suggestions welcome. Cheers, Troy Davis
Current thread:
- Re: netscan.org - broadcast ICMP list Fyodor (Dec 31)
- Deception Toolkit on SCO root6 (Jan 01)
- nmap can crash microsoft telnetd Tomas Halgas (Jan 02)
- Re: netscan.org - broadcast ICMP list Troy Davis (Jan 02)
- UNIX ELF PARASITES AND VIRUS silvio () BIG NET AU (Jan 02)
- <Possible follow-ups>
- Re: netscan.org - broadcast ICMP list Troy Davis (Dec 31)
- Re: netscan.org - broadcast ICMP list eric lindvall (Dec 31)