« OneAndOne / 1&1 Suck.
An Honest Dreamhost Review »

Portscanning the Internet

I’ve often wondered about portscanning the entire Internet.

There are 4,294,967,296 possible I.P. addresses, I know that a lot of these are unused or reserved for things like private networks (around 19,000,000 according to Wikipedia) but I think were I to scan the Internet I would want to try them all. Just for good measure.

After much deliberation I decided I wouldn’t be able to scan all 65,535 ports. I believe I would stick to port numbers 21, 22, 23 and 80. Just the four, to get an idea of what’s going on. It would be tempting to throw in 135, 139 and 445 just to see how many people still have publicly accessable Windows shares but that would almost double the amount of ports I would scan. I think that four would be perfect.

So after a bit of fiddling with nmap I settled on this, simple command:

nmap -P0 -p 21,22,23,80

I think it might require a bit of tweaking but that would probably just about do it. This would at least give me an idea of just how long this would take me. I tried google.com as my first target, to get an idea of how long responsive servers would take to scan

lag:~# time nmap -P0 -p 21,22,23,80 google.com

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-04-11 17:25 BST
Interesting ports on 72.14.207.99:
PORT STATE SERVICE
21/tcp filtered ftp
22/tcp filtered ssh
23/tcp filtered telnet
80/tcp open http

Nmap finished: 1 IP address (1 host up) scanned in 11.724 seconds

real 0m11.731s
user 0m0.010s
sys 0m0.000s

11 Seconds. Oh dear.

I then tried an I.P. that I knew wouldn’t exist

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-04-11 17:27 BST
Interesting ports on 123.4.5.6:
PORT STATE SERVICE
21/tcp filtered ftp
22/tcp filtered ssh
23/tcp filtered telnet
80/tcp filtered http

Nmap finished: 1 IP address (1 host up) scanned in 3.417 seconds

real 0m3.424s
user 0m0.010s
sys 0m0.000s

3 seconds, not too bad.

Now let’s assume we have the 19,000,000 non-existant/network I.Ps

19,000,000 * 3

Added to oh, let’s say that half of the I.P. addresses that aren’t reserved for private networks are active

1/2(4,294,967,296-19,000,00) * 11

And the remaining

1/2(4,294,967,296-19,000,00) * 3

It’s some seriously rought estimating, but it could give us a decent ball park figure.
O.K., I make that: 30,108,471,072 seconds

Which apparently works out a a whopping 3767~ years.

And by then IPv6 will almost certainly be in place. Crap.

This entry was posted on Tuesday, April 11th, 2006 at 11:34 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply