Ten Years of ZMap
Zakir Durumeric, David Adrian, Phillip Stephens, Eric Wustrow, and J., Alex Halderman
TL;DR
This paper reviews a decade of ZMap's development, adoption, and evolution in Internet scanning, highlighting its impact on research and industry, and providing insights for future network measurement tools.
Contribution
It documents ZMap's decade-long evolution, quantifies its adoption, and shares lessons learned for developing and maintaining large-scale Internet scanning tools.
Findings
ZMap has been widely adopted in research and industry over ten years.
The tool's behavior has evolved based on measurement insights.
Lessons for future Internet measurement tools are discussed.
Abstract
Since ZMap's debut in 2013, networking and security researchers have used the open-source scanner to write hundreds of research papers that study Internet behavior. In addition, ZMap has been adopted by the security industry to build new classes of enterprise security and compliance products. Over the past decade, much of ZMap's behavior -- ranging from its pseudorandom IP generation to its packet construction -- has evolved as we have learned more about how to scan the Internet. In this work, we quantify ZMap's adoption over the ten years since its release, describe its modern behavior (and the measurements that motivated changes), and offer lessons from releasing and maintaining ZMap for future tools.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Network Security and Intrusion Detection · IPv6, Mobility, Handover, Networks, Security