Please Stop Knocking on My Door: An Empirical Study on Opt-Out of Internet-Wide Scanning

IF 3.6 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Access Pub Date : 2025-03-17 DOI:10.1109/ACCESS.2025.3551691

Takahiro Kasama;Yukiko Endo;Masaki Kubo;Daisuke Inoue

{"title":"Please Stop Knocking on My Door: An Empirical Study on Opt-Out of Internet-Wide Scanning","authors":"Takahiro Kasama;Yukiko Endo;Masaki Kubo;Daisuke Inoue","doi":"10.1109/ACCESS.2025.3551691","DOIUrl":null,"url":null,"abstract":"Internet-wide scanning is prevalent due to the availability and widespread adoption of high-speed scanning tools, e.g., ZMap and Masscan, which can be used to perform Internet census tasks. However, benign scanning traffic can create undesirable noise for network administrators or researchers monitoring network traffic for security-related events. To mitigate the negative effects, previous studies have proposed best practices to guide ethical and well-regulated Internet-wide scans. In this paper, we are the first to shed light on the practicality of these best practices, with a primary focus on opt-out practices. By analyzing large-scale darknet traffic, we identify 46 scan organizations, including some that have not been reported in previous studies. We found that nearly 70% of the scanners we considered to be for survey purposes did not reveal their identity. In addition, we demonstrated that among scanners with identifiable identities, approximately 50% did not implement effective opt-out measures, which suggests that the effectiveness of opt-out practices is limited. Furthermore, only seven scanners confirmed that an opt-out request was sent from a legitimate administrator, indicating a challenge in terms of verifying the authenticity of opt-out requests. Based on these findings and reactions from scanning organizations, we revisit best practices for scanning organizations and recipients to facilitate effective and sustainable Internet-wide scanning practices.","PeriodicalId":13079,"journal":{"name":"IEEE Access","volume":"13 ","pages":"48416-48430"},"PeriodicalIF":3.6000,"publicationDate":"2025-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10928993","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Access","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10928993/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Internet-wide scanning is prevalent due to the availability and widespread adoption of high-speed scanning tools, e.g., ZMap and Masscan, which can be used to perform Internet census tasks. However, benign scanning traffic can create undesirable noise for network administrators or researchers monitoring network traffic for security-related events. To mitigate the negative effects, previous studies have proposed best practices to guide ethical and well-regulated Internet-wide scans. In this paper, we are the first to shed light on the practicality of these best practices, with a primary focus on opt-out practices. By analyzing large-scale darknet traffic, we identify 46 scan organizations, including some that have not been reported in previous studies. We found that nearly 70% of the scanners we considered to be for survey purposes did not reveal their identity. In addition, we demonstrated that among scanners with identifiable identities, approximately 50% did not implement effective opt-out measures, which suggests that the effectiveness of opt-out practices is limited. Furthermore, only seven scanners confirmed that an opt-out request was sent from a legitimate administrator, indicating a challenge in terms of verifying the authenticity of opt-out requests. Based on these findings and reactions from scanning organizations, we revisit best practices for scanning organizations and recipients to facilitate effective and sustainable Internet-wide scanning practices.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

请不要再敲我的门了：选择退出全互联网扫描的实证研究

由于高速扫描工具的可用性和广泛采用，例如ZMap和Masscan，可用于执行互联网普查任务，因此互联网范围内的扫描非常普遍。然而，良性扫描流量可能会给网络管理员或研究人员监控网络流量以获取与安全相关的事件带来不必要的噪音。为了减轻负面影响，之前的研究提出了指导道德和监管良好的互联网扫描的最佳做法。在本文中，我们首先阐明了这些最佳实践的实用性，主要关注选择退出实践。通过分析大规模的暗网流量，我们确定了46个扫描组织，包括一些在以前的研究中没有报道的组织。我们发现，我们认为用于调查目的的近70%的扫描仪没有透露其身份。此外，我们证明，在具有可识别身份的扫描仪中，大约50%没有实施有效的选择退出措施，这表明选择退出实践的有效性是有限的。此外，只有7个扫描器确认选择退出请求是由合法管理员发送的，这表明在验证选择退出请求的真实性方面存在挑战。基于这些发现和扫描组织的反应，我们重新审视了扫描组织和接收者的最佳实践，以促进有效和可持续的互联网范围内的扫描实践。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Access COMPUTER SCIENCE, INFORMATION SYSTEMSENGIN-ENGINEERING, ELECTRICAL & ELECTRONIC

CiteScore

9.80

自引率

7.70%

发文量

6673

审稿时长

6 weeks

期刊介绍： IEEE Access® is a multidisciplinary, open access (OA), applications-oriented, all-electronic archival journal that continuously presents the results of original research or development across all of IEEE''s fields of interest. IEEE Access will publish articles that are of high interest to readers, original, technically correct, and clearly presented. Supported by author publication charges (APC), its hallmarks are a rapid peer review and publication process with open access to all readers. Unlike IEEE''s traditional Transactions or Journals, reviews are "binary", in that reviewers will either Accept or Reject an article in the form it is submitted in order to achieve rapid turnaround. Especially encouraged are submissions on: Multidisciplinary topics, or applications-oriented articles and negative results that do not fit within the scope of IEEE''s traditional journals. Practical articles discussing new experiments or measurement techniques, interesting solutions to engineering. Development of new or improved fabrication or manufacturing techniques. Reviews or survey articles of new or evolving fields oriented to assist others in understanding the new area.