

Masscan: The entire internet in 3 minutes - yammesicka
http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html

======
routelastresort
I highly recommend watching his C10M video (linked in the article): 'Shmoocon
2013 - C10M Defending The Internet At Scale' \-
[http://www.youtube.com/watch?v=73XNtI0w7jA](http://www.youtube.com/watch?v=73XNtI0w7jA)

------
disclosure
How do you deal with the abuse reports? I tried this on a Digital Ocean's
droplet against port 80 and sure enough I got reported for abuse in less than
5 minutes after running the script at only 100k rate. It's only port 80!

~~~
michaelt
According to [1] they got 58 abuse complaints for a scan of the entire
internet on port 22. The scanner IP address they list is hosted by cari.net
who will presumably overlook some abuse reports if you're on their
$225-a-month high bandwidth plan.

[1] [http://blog.erratasec.com/2013/09/we-scanned-internet-for-
po...](http://blog.erratasec.com/2013/09/we-scanned-internet-for-port-22.html)

------
babuskov
Impressive.

Only one thing bugs me: "but I replace 'xor' with a mathematically equivalent
'modulus' operation."

Unless you scan 256,512,768,etc. number of ports there will be bias, and
sequence only looks random. I suggest the author to take a look at this:

[http://eternallyconfuzzled.com/arts/jsw_art_rand.aspx](http://eternallyconfuzzled.com/arts/jsw_art_rand.aspx)

~~~
robertgraham
I'm not using % on the result of rand().

I'm using the "Feistal network" construction that is at the heart of the data
encryption standard, replacing binary operations like 'xor' with the "addition
plus modulus" operation.

My found function sucks, and I only do 3 rounds, so there's probably some
issues there. But, if I were to fix those issues, then there should be no more
detectable bias than in the original DES cipher.

------
metabrew
30 million packets per second from one server, wow.

Pretty terrifying if you subvert it to hit just one network instead of
randomly scanning the internet.

------
neilk
What's important about scanning the whole internet in three minutes versus
thirty? Actual question, not trying to be snarky.

~~~
robertgraham
It's 3 minutes per port. In the real world, you'll want to scan for many ports
at a time. If scanning for all ports, it'd take 108 days at this rate.

