MASSCAN: Mass IP port scanner (opens in new tab)

(github.com)

61 pointsntumlin9y ago33 comments

33 comments

21 comments · 6 top-level

rocgf9y ago· 5 in thread

Don't get me wrong, I think this is some great coding, but I'm just wondering... what might be a legal/ethical use this? I'm thinking that most companies own at most a couple thousand machines, so something more traditional like nmap might do just fine.

zimbatm9y ago

Vulnerable devices are vulnerable. It doesn't matter if this tool exists they are eventually going to found out. Just look at shodan.io to get an idea.

What this does is allow security researchers to better assess the vulnerability of the Internet as a whole. We need a better understanding of what's going on.

You could be a white knight and patch vulnerable devices using that very same security hole. In fact I would really enjoy having our governments offering this as a service instead of spending so much energy on attacking the others (or at least notify the owner).

zorked9y ago

There's nothing unethical in port scanning.

Intermernet9y ago

I agree with you, although many years ago I got an official warning from the head of IT security at the university I was attending (and working at the computer labs) for allowing a friend of mine to run a port scanning script across a large portion of the allocated IPv4 address space. Apparently they'd had complaints... They saw the ethics of port scanning as a grey area, tending towards black.

1 more reply

cmdrfred9y ago

If knowing that a certain port is open at a certian ip address compromises your security, you have already lost in my opinion. Anything that deofuscates secuity though obscurity is a good thing.

stevekemp9y ago

Agreed.

The last time I was involved in anything like this I used zmap to scan for open rsync shares. Without wanting to be click-baity the results shocked me!

https://blog.steve.fi/Secure_your_rsync_shares__please_.html

dannypgh9y ago· 4 in thread

Entire IPv4 Internet, I think they mean.

coldcode9y ago

Is it even possible to scan IPv6 internet? Or simply too many IPs (theoretically) to try?

ranger2079y ago

Although I think it's practically infeasible to scan the entire IPv6 range, it is possible to see who's on v6 through other methods, like when Shodan added a bunch of its servers to the NTP pool to find v6 users.

http://arstechnica.com/security/2016/02/using-ipv6-with-linu...

chatmasta9y ago

Since IPv6 addresses are allocated in large blocks, and organizations tend to assign IP addresses sequentially, you could probably scan a decent portion of the IPv6 space by doing a binary search on the addresses within each block of a certain size to identify the max active address in each block.

cmdrfred9y ago

On its face I believe not but, now I'm not positive on the specifics but I believe there are ip4 to ip6 bridges that index ip6 addresses and allow you to only scan active addresses.

1 more reply

libeclipse9y ago· 3 in thread

Why is this just making its way to HN front page right now?

jaytaylor9y ago

It's probably been submitted again now on the heels of DefCon and Blackhat, where Robert Graham usually gives cool talks and presentations about his security research and work, e.g. MASSCAN.

ntumlinOP9y ago

That might explain the popularity of it, but I actually found it from poking around on jvns.ca from the recent post about how gdb works.

el_duderino9y ago

https://news.ycombinator.com/item?id=8803498

https://news.ycombinator.com/item?id=6391266

erelde9y ago· 2 in thread

I love the pull requests and the messages in data/exclude.conf

voltagex_9y ago

Yep, worth a read, especially if you're considering doing this kind of scan for yourself.

https://github.com/robertdavidgraham/masscan/blob/master/dat...

Kephael9y ago

I don't understand why anyone bothers to send abuse emails for port scans. Just block the scanning source and move on, they are far too frequent to be concerned about.

RIMR9y ago· 1 in thread

Been using this software as well as Zmap for Internet-wide scans for the past three years. This kind of software is scary powerful.

billmalarky9y ago

What do you use it for? Academic research?

CSDude9y ago

It is great. My mobile career exposed a huge /8 network and we could even scan it to find some lonely IoT devices with default root passwords with masscan in minutes.

j / k navigate · click thread line to collapse

33 comments

21 comments · 6 top-level

rocgf9y ago· 5 in thread

zimbatm9y ago

Vulnerable devices are vulnerable. It doesn't matter if this tool exists they are eventually going to found out. Just look at shodan.io to get an idea.

What this does is allow security researchers to better assess the vulnerability of the Internet as a whole. We need a better understanding of what's going on.

zorked9y ago

There's nothing unethical in port scanning.

Intermernet9y ago

1 more reply

cmdrfred9y ago

If knowing that a certain port is open at a certian ip address compromises your security, you have already lost in my opinion. Anything that deofuscates secuity though obscurity is a good thing.

stevekemp9y ago

Agreed.

The last time I was involved in anything like this I used zmap to scan for open rsync shares. Without wanting to be click-baity the results shocked me!

https://blog.steve.fi/Secure_your_rsync_shares__please_.html

dannypgh9y ago· 4 in thread

Entire IPv4 Internet, I think they mean.

coldcode9y ago

Is it even possible to scan IPv6 internet? Or simply too many IPs (theoretically) to try?

ranger2079y ago

http://arstechnica.com/security/2016/02/using-ipv6-with-linu...

chatmasta9y ago

cmdrfred9y ago

On its face I believe not but, now I'm not positive on the specifics but I believe there are ip4 to ip6 bridges that index ip6 addresses and allow you to only scan active addresses.

1 more reply

libeclipse9y ago· 3 in thread

Why is this just making its way to HN front page right now?

jaytaylor9y ago

It's probably been submitted again now on the heels of DefCon and Blackhat, where Robert Graham usually gives cool talks and presentations about his security research and work, e.g. MASSCAN.

ntumlinOP9y ago

That might explain the popularity of it, but I actually found it from poking around on jvns.ca from the recent post about how gdb works.

el_duderino9y ago

https://news.ycombinator.com/item?id=8803498

https://news.ycombinator.com/item?id=6391266

erelde9y ago· 2 in thread

I love the pull requests and the messages in data/exclude.conf

voltagex_9y ago

Yep, worth a read, especially if you're considering doing this kind of scan for yourself.

https://github.com/robertdavidgraham/masscan/blob/master/dat...

Kephael9y ago

I don't understand why anyone bothers to send abuse emails for port scans. Just block the scanning source and move on, they are far too frequent to be concerned about.

RIMR9y ago· 1 in thread

Been using this software as well as Zmap for Internet-wide scans for the past three years. This kind of software is scary powerful.

billmalarky9y ago

What do you use it for? Academic research?

CSDude9y ago

It is great. My mobile career exposed a huge /8 network and we could even scan it to find some lonely IoT devices with default root passwords with masscan in minutes.

j / k navigate · click thread line to collapse