Watching the Internet breathe
April 26, 2013 8:19 AM   Subscribe

This beautiful animated image was generated by the author of the Carna Botnet, a massive distributed port scanner running unauthorized on about 420,000 poorly secured "routers ... set-top boxes ... industrial control systems, physical door security systems, big Cisco/Juniper equipment and so on" and capable of interrogating the entire IPv4 address space overnight.

Here's a higher-resolution version (1100x618, 9MB) of that animation.

All 568GB of the data gathered by the botnet has been released into the public domain, along with some useful tools for further study.
posted by flabdablet (8 comments total)

This post was deleted for the following reason: Yep, looks like recently, feel free to toss this into that thread since it's still open. -- cortex

But, what does it mean?
posted by kinnakeet at 8:25 AM on April 26, 2013

Fascinating. The animated gif displays overall utilization of devices over time, so it should roughly mimic day/night transitions in the real world. This is some real Neuromancer-type shit here. Thanks for the excellent FPP.
posted by anewnadir at 8:27 AM on April 26, 2013

But, what does it mean?

It's a heat map showing Internet device availability by geolocated IP address and time of day, with a shaded overlay to show where day and night are.
posted by flabdablet at 8:29 AM on April 26, 2013

But, what does it mean?

Patching is useless because nobody does it.
posted by eriko at 8:35 AM on April 26, 2013 [2 favorites]

This does need a previously. Not quite a double.
posted by k5.user at 8:39 AM on April 26, 2013

Patching is useless because nobody does it.

From the article:
Two years ago while spending some time with the Nmap Scripting Engine (NSE) someone mentioned that we should try the classic telnet login root:root on random IP addresses. This was meant as a joke, but was given a try. We started scanning and quickly realized that there should be several thousand unprotected devices on the Internet.
So they didn't exploit a vulnerability. (Unless you count running telnet on the public internet.) They just literally tried "root:root", "admin:admin", and the like, and BOOM, instant botnet.
posted by jcreigh at 8:39 AM on April 26, 2013

Not quite a double.

If it walks like a double and quacks like a double... ok, flagged. I did search before posting, honestly.
posted by flabdablet at 8:42 AM on April 26, 2013

I want to zoom in on the dots. Badly.
posted by aramaic at 8:43 AM on April 26, 2013

« Older He Stopped Loving Her Today   |   Central Park Five Newer »

This thread has been archived and is closed to new comments