An anonymous researcher (one person though they use “we” throughout their documentation) has released the results of an extraordinary study. By temporarily constructing a botnet on openly available devices around the world, they were able to map usage of the global internet over IPv4 at a scope and level of detail that has no rival outside of proprietary network operations databases.
The project’s abstract:
While playing around with the Nmap Scripting Engine (NSE) we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. We used these devices to build a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage.
Rather than exploit this information, obtained through legally dubious methods, for personal or financial gain, they have released their full results into the public domain.
Their conclusion to the study overview:
This was a fun project and there are many more things we could have done, but this concludes our work. The binary stops itself after some time and most of the deployed versions have already done that by now. All of our initial goals as well as some extras like traceroute were achieved, we have completed, to our knowledge, the largest and most comprehensive IPv4 census ever. With a growing number of IPv6 hosts on the Internet, 2012 may have been the last time a census like this was possible.
Worth a glance for its incredible visuals (such as the heatmap of activity shown above), not to mention a closer read for the many issues of internet research it opens, both technical and epistemological.