Internet-Wide Network Topology Research

Why am I receiving connection attempts from this machine?

These connections are part of an ongoing computer science research project to conduct frequent network topology analysis. The connections are initiated using the ZMap software originally released by the University of Michigan in 2013. Sorengard participates in this research and releases the raw data as a free alternative to Censys, which is the commercial offering by the University of Michigan.

As part of this research, every public IP address on the internet receives a very small number of packets each day via the ICMP protocol (ping) and on ports 80 (HTTP) and 443 (HTTPS). These connections are standard, non-targeted and harmless. We never attempt to compromise machines, exploit security vulnerabilities, brute force passwords, change configurations or steal information. The connections are small enough that they should not add any significant load to your network.

We also perform DNS (ANY) lookups on every .com and .net domain name, and reverse DNS (PTR) lookups on every public IP address on a daily basis. These lookups should not even touch your networks, but that data is also available publicly.

Where can I view or download data from this research?

Glad you asked! You can view all data collected from ZMap scans here. DNS records are available here, and reverse DNS records here. Please feel free to download it via HTTP, FTP or Rsync, but keep in mind the datasets are very large.

Why are you collecting this data?

The data collected through these connections consists only of information that is already publicly visible on the Internet. It helps computer scientists study the deployment and configuration of network protocols and security technologies. For example, we use it to help web browser developers and other software developers understand the impact of proposed protocol changes and security improvements. In some cases, we are able to detect vulnerable systems and report the problems to the system operators.

In the past, published datasets on internet-wide network topology have been extremely useful for computer scientists conducting their own research. For example, the following publications use internet-scale datasets:

Which IP addresses do you use for your connections?

89.248.174.141, 94.102.59.57, 94.102.59.58, 94.102.59.59 and 89.248.173.192, 89.248.173.193, 94.102.53.123, 94.102.53.124 and 198.8.88.129/27.

Can I opt-out of these measurements?

This research helps the scientific community accurately study the Internet. The data is sometimes used to detect security problems and to inform operators of vulnerable systems so that they can fixed. If you opt-out of the research, you might not receive these important security notifications. That said, if you still wish to opt-out, you can do so by configuring your firewall to drop traffic from the aforementioned IP addresses, or by sending an email to the address on this page.

If you have further questions about this research, please contact admin@sorengard.com.