Towards Validation of the Internet Census 2012

  • Dirk Maan
  • José Jair Santanna
  • Anna Sperotto
  • Pieter-Tjerk de Boer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8846)


The reliability of the “Internet Census 2012” (IC), an anonymously published scan of he entire IPv4 address space, is not a priori clear. As a step towards validation of this dataset, we compare it to logged reference data on a /16 network, and present an approach to systematically handle uncertainties in timestamps in the IC and reference data. We find evidence the scan indeed took place, and a 93 % match with the /16 reference data.


Internet census Scan Validation 



Special thanks goes to Jeroen van Ingen at ICTS (University of Twente) for providing the ARP data. This work was funded by the FP7 Network of Excellence project FLAMINGO (ICT-318488).


  1. 1.
    Alistair, A.: Carna botnet scans confirmed (2013).
  2. 2.
    Anonymous.: Internet census 2012 (2013).
  3. 3.
    Dainotti, A., King, A., Claffy, K., Papale, F., Pescapè, A.: Analysis of a “/0” stealth scan from a botnet. In: Proceedings of the 2012 ACM Internet Measurement Conference, pp. 1–14. IMC ’12. ACM, New York (2012).
  4. 4.
    Durumeric, Z., Wustrow, E., Halderman, J.A.: Zmap: fast internet-wide scanning and its security applications. In: 22nd USENIX Security Symposium, pp. 605–619 (2013)Google Scholar
  5. 5.
    Eckersley, P., Burns, J.: An observatory for the SSLiverse. Talk at Defcon 18 (2010).
  6. 6.
    Heidemann, J., Pradkin, Y., Govindan, R., Papadopoulos, C., Bartlett, G., Bannister, J.: Census and survey of the visible internet. In: Proceedings of the 2008 ACM Internet Measurement Conference, pp. 169–182. ACM, Vouliagmeni, Greece (2008).
  7. 7.
    Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.: Mining your ps and qs: detection of widespread weak keys in network devices. In: 21st USENIX Security Symposium (2012)Google Scholar
  8. 8.
    Holz, R., Braun, L., Kammenhuber, N., Carle, G.: The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements. In: Proceedings of the 2011 ACM Internet Measurement Conference, pp. 427–444. IMC ’11. ACM, New York (2011).
  9. 9.
    Maan, H.C.: Validation of internet census 2012. BSc thesis, University of Twente, The Netherlands (2014)Google Scholar
  10. 10.
    Moore, H.: Security flaws in universal plug and play: unplug, don’t play (2013). 1-16596/SecurityFlawsUPnP.pdf
  11. 11.
    Smallberg, D.: Request For Comment 832: Who talks TCP. RFC 832, December 1982.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Dirk Maan
    • 1
  • José Jair Santanna
    • 1
  • Anna Sperotto
    • 1
  • Pieter-Tjerk de Boer
    • 1
  1. 1.Design and Analysis of Communication Systems (DACS)University of TwenteEnschedeThe Netherlands

Personalised recommendations