9 comments

[ 3.8 ms ] story [ 28.9 ms ] thread
The very premise of this article is a huge technical error that misreads the Internet Census report. for eg.

> The map is further limited to Linux-based computers with a certain amount of processing power. And finally, because of the parameters of the hack, it shows some amount of bias towards naive users who don't put passwords on their computers.

The author is confusing the machines that were taken over as part of the botnet in order to scale the mapping, as opposed to the machines that were actually mapped (the entire IPv4 space) [1].

Again:

> the researcher hacked into nearly half a million computers so that he could ping each one

He hacked the machines so he could ping other machines. This error is made throughout the article:

> But on a general, half-a-million-computer level, this is what the Internet looks

The map below this statement is the map of the entire IPv4 space, not just the botnet.

> but IPv4 is still pretty common.

Right, ya think? That is all that was mapped, IPv4.

> Because at the end of the day, there's a fair amount of debate over what the real state of play on the Internet looks like. Some say it's a map of connections, others say it's a Tootsie Roll Pop made up of layer upon layer of activity.

Here he is comparing a geographic map of IPv4 addresses and a routing map, and in the second analogy confuses a geographic IPv4 map with a link map across popular websites.

[1] Mapping the entire IPv4 space from a single machine would take decades. What the researcher did, which as far as I know hasn't been done before, is he created a botnet of 400,000 machines to help him in the task. The task of pinging and probing the internet was divided up across the botnet. With the large botnet he could not only ping scan the entire IPv4 space, but he could probe the most common service ports at each responding machine and get it done in hours, rather than decades. The article confuses the botnet with the survey results.

Well, firstly it's vice. I wouldn't place too much stock in the fact-checking capabilities of that organisation.

Having mined the data, it's not the entire IPv4 space and there are substantial duplicates and missing parts. That's not to say it's not an interesting project (albeit shadily done) but the accuracy of the data is suspect (as things change over time and this was done over around a 6 month period).

If you have the space I do highly recommend downloading it though, there's some fantastic insights in there.

I don't think mapping the entire IPv4 space would take decades from a single machine (unless I misunderstand what you mean by that).

The founder of metasploit did this and then gave a talk about defcon about it. http://www.esecurityplanet.com/network-security/rsa-2013-out...

Note that this map shows which nodes are up with respect to time. He pinged all the addresses periodically and noted how many responded at what time.
Finally a botnet being used for something not destructive or spammy