Healing Heartbleed: Vulnerability Mitigation with Internet-wide Scanning

No ratings

Presented at Dimva 2014 by

Alex Halderman

Internet-wide network scanning has powerful security applications, including exposing vulnerabilities and tracking their mitigation. Unfortunately, probing the entire Internet with standard tools like Nmap requires months of time or large clusters of machines. In this talk, I'll demonstrate ZMap, an open-source network scanner developed by my research group that is designed from the ground up to perform Internet-wide scans efficiently. We've used ZMap with a gigabit Ethernet uplink to survey the entire IPv4 address space in under 45 minutes from a single machine, more than 1300 times faster than Nmap. Data from more than 400 Internet-wide scans conducted over the past 2 years has allowed us to work towards the mitigation of several widespread vulnerabilities, including most recently the OpenSSL Heartbleed bug. By tracking Heartbleed mitigation and notifying users and operators about unpatched systems, we were able to increase the rate of patching and gain unique insights into the world's response to the vulnerability.