With all the noise about default passwords on Internet-connected devices, it is maybe time to revisit a 2012 paper on the Carna botnet. There were probably other even quieter ones before that and certainly default passwords have been long exploited. The Carna botnet operator went to the trouble of publishing a paper four years ago. He or she was playing around with the Nmap Scripting Engine (NSE) and discovered an amazing number of open embedded devices on the Internet. Many allowed login with empty or default credentials and were thus used to build a distributed port scanner to scan all IPv4 addresses to form a kind of census of the IPv4 Internet. The scanned data is in the public domain and available for download and analysis over Bittorrent.
IPv6 is another can of worms and the IPv4 data is thus of historical interest.
Related Stories
Ben Cox writes in his blog about visualizing IPv4 address space use by mapping the whole IPv4 Internet with Hilbert curves. While the IPv4 address space is quite large it is still small enough to be able to send a packet to each and every IP address. He goes a little into the background of the maths involved and then makes a comparison to the IPv4 address space back in 2012 using data from the Carna botnet.
[See, also: xkcd's MAP of the INTERNET, the IPv4 space, 2006. --martyb]
Earlier on SN: Vint Cerf's Dream Do-Over: 2 Ways He'd Make the Internet Different
Software engineer Kevin McDonald has investigated the topology of the Internet itself before. He enjoys the open data archaeology of this nature. In this recent edition, he has used BGP routing to visualize the Internet again.
For the past few years, I've been trying to make the physical reality of the Internet visible with my Internet Infrastructure Map. This map shows the network of undersea fiber-optic cables along with peering bandwidth, grouped by city. I update the map annually, but I don't want to just pull the latest data and call it a day. In this post I discuss how the map evolved this year and what I did to make it happen, but you can skip to the good part by viewing it here: map.kmcd.dev.
For the 2026 edition, I wanted to better answer the question: where does the Internet actually live? By layering on BGP routing tables alongside physical infrastructure data, I'm now closer to answering that question.
The result is a concept I call “Logical Dominance.” Each city's dominance is calculated by summing total address space of IPv4 subnets that are “homed” in that city. How can I tell where IP addresses are homed? This required analyzing global routing tables to trace IP ownership back to specific geographies. Read on to find out how I accomplished this!
Mapping BGP prefixes to specific locations turned out to be a challenge. Use of BGP in this case means that he had to focus on IPv4 this time.
Previously:
(2018) Mapping the Whole IPv4 Internet with Hilbert Curves
(2016) Revisiting the Carna Botnet
(2014) Undersea Cables Wiring the Earth
(Score: 1) by fraxinus-tree on Monday October 24 2016, @11:32AM
I wonder what kind of trouble the author went in? Anyway, a good read and a good pile of data to analyze that I didn't noticed.
(Score: 2) by JoeMerchant on Monday October 24 2016, @12:41PM
The Snowden kind of trouble, but enforced by corporations instead of governments. This is info that needs to be out there; without awareness business as usual will continue.
🌻🌻🌻🌻 [google.com]
(Score: 4, Touché) by Geezer on Monday October 24 2016, @05:07PM
We don't call them botnets anymore. It's called the IoT now.
/sarcasm