With all the noise about default passwords on Internet-connected devices, it is maybe time to revisit a 2012 paper on the Carna botnet. There were probably other even quieter ones before that and certainly default passwords have been long exploited. The Carna botnet operator went to the trouble of publishing a paper four years ago. He or she was playing around with the Nmap Scripting Engine (NSE) and discovered an amazing number of open embedded devices on the Internet. Many allowed login with empty or default credentials and were thus used to build a distributed port scanner to scan all IPv4 addresses to form a kind of census of the IPv4 Internet. The scanned data is in the public domain and available for download and analysis over Bittorrent.
IPv6 is another can of worms and the IPv4 data is thus of historical interest.
Related Stories
Ben Cox writes in his blog about visualizing IPv4 address space use by mapping the whole IPv4 Internet with Hilbert curves. While the IPv4 address space is quite large it is still small enough to be able to send a packet to each and every IP address. He goes a little into the background of the maths involved and then makes a comparison to the IPv4 address space back in 2012 using data from the Carna botnet.
[See, also: xkcd's MAP of the INTERNET, the IPv4 space, 2006. --martyb]
Earlier on SN: Vint Cerf's Dream Do-Over: 2 Ways He'd Make the Internet Different
(Score: 1) by fraxinus-tree on Monday October 24 2016, @11:32AM
I wonder what kind of trouble the author went in? Anyway, a good read and a good pile of data to analyze that I didn't noticed.
(Score: 2) by JoeMerchant on Monday October 24 2016, @12:41PM
The Snowden kind of trouble, but enforced by corporations instead of governments. This is info that needs to be out there; without awareness business as usual will continue.
🌻🌻 [google.com]
(Score: 4, Touché) by Geezer on Monday October 24 2016, @05:07PM
We don't call them botnets anymore. It's called the IoT now.
/sarcasm