Please Stop Knocking on My Door: An Empirical Study on Opt-Out of Internet-Wide Scanning

IF 3.4 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Access Pub Date : 2025-03-17 DOI:10.1109/ACCESS.2025.3551691

Takahiro Kasama;Yukiko Endo;Masaki Kubo;Daisuke Inoue

{"title":"Please Stop Knocking on My Door: An Empirical Study on Opt-Out of Internet-Wide Scanning","authors":"Takahiro Kasama;Yukiko Endo;Masaki Kubo;Daisuke Inoue","doi":"10.1109/ACCESS.2025.3551691","DOIUrl":null,"url":null,"abstract":"Internet-wide scanning is prevalent due to the availability and widespread adoption of high-speed scanning tools, e.g., ZMap and Masscan, which can be used to perform Internet census tasks. However, benign scanning traffic can create undesirable noise for network administrators or researchers monitoring network traffic for security-related events. To mitigate the negative effects, previous studies have proposed best practices to guide ethical and well-regulated Internet-wide scans. In this paper, we are the first to shed light on the practicality of these best practices, with a primary focus on opt-out practices. By analyzing large-scale darknet traffic, we identify 46 scan organizations, including some that have not been reported in previous studies. We found that nearly 70% of the scanners we considered to be for survey purposes did not reveal their identity. In addition, we demonstrated that among scanners with identifiable identities, approximately 50% did not implement effective opt-out measures, which suggests that the effectiveness of opt-out practices is limited. Furthermore, only seven scanners confirmed that an opt-out request was sent from a legitimate administrator, indicating a challenge in terms of verifying the authenticity of opt-out requests. Based on these findings and reactions from scanning organizations, we revisit best practices for scanning organizations and recipients to facilitate effective and sustainable Internet-wide scanning practices.","PeriodicalId":13079,"journal":{"name":"IEEE Access","volume":"13 ","pages":"48416-48430"},"PeriodicalIF":3.4000,"publicationDate":"2025-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10928993","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Access","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10928993/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Internet-wide scanning is prevalent due to the availability and widespread adoption of high-speed scanning tools, e.g., ZMap and Masscan, which can be used to perform Internet census tasks. However, benign scanning traffic can create undesirable noise for network administrators or researchers monitoring network traffic for security-related events. To mitigate the negative effects, previous studies have proposed best practices to guide ethical and well-regulated Internet-wide scans. In this paper, we are the first to shed light on the practicality of these best practices, with a primary focus on opt-out practices. By analyzing large-scale darknet traffic, we identify 46 scan organizations, including some that have not been reported in previous studies. We found that nearly 70% of the scanners we considered to be for survey purposes did not reveal their identity. In addition, we demonstrated that among scanners with identifiable identities, approximately 50% did not implement effective opt-out measures, which suggests that the effectiveness of opt-out practices is limited. Furthermore, only seven scanners confirmed that an opt-out request was sent from a legitimate administrator, indicating a challenge in terms of verifying the authenticity of opt-out requests. Based on these findings and reactions from scanning organizations, we revisit best practices for scanning organizations and recipients to facilitate effective and sustainable Internet-wide scanning practices.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Access COMPUTER SCIENCE, INFORMATION SYSTEMSENGIN-ENGINEERING, ELECTRICAL & ELECTRONIC

CiteScore

9.80

自引率

7.70%

发文量

6673

审稿时长

6 weeks

期刊介绍： IEEE Access® is a multidisciplinary, open access (OA), applications-oriented, all-electronic archival journal that continuously presents the results of original research or development across all of IEEE''s fields of interest. IEEE Access will publish articles that are of high interest to readers, original, technically correct, and clearly presented. Supported by author publication charges (APC), its hallmarks are a rapid peer review and publication process with open access to all readers. Unlike IEEE''s traditional Transactions or Journals, reviews are "binary", in that reviewers will either Accept or Reject an article in the form it is submitted in order to achieve rapid turnaround. Especially encouraged are submissions on: Multidisciplinary topics, or applications-oriented articles and negative results that do not fit within the scope of IEEE''s traditional journals. Practical articles discussing new experiments or measurement techniques, interesting solutions to engineering. Development of new or improved fabrication or manufacturing techniques. Reviews or survey articles of new or evolving fields oriented to assist others in understanding the new area.