NordVPN Promotion

Home / News

First Broad Internet Census Since 1982 Reveals Surprising Number of Unused IPv4 Addresses

In the upcoming Internet Measurement Conference being held next week in Vouliagmeni, Greece, a team of six researchers will be presenting a paper called “Census and Survey of the Visible Internet,” based on a comprehensive census of more 2.8 billion allocated IP addresses on the Internet. The research is claimed to be the first comprehensive census of its kind in more than two decades.

The study, which has found a surprising number of unused IPv4 addresses, took 62 days to send 3 billion probes (commonly called “ping”) from four machines. “An Internet census is just that: every single assigned address in the entire Internet was sent a probe,” said John Heidemann, a research associate professor in the department of computer science at the University of Southern California (USC) and the paper’s lead author. “Our data suggests that maybe there are better things we should be doing in managing the IPv4 address space.”

The colors in the Internet map above represent census of all allocated addresses where each address was sent an ICMP ping message and results were recorded. Brighter colors indicate more replies, darker, fewer. Greener means more positive replies (“yes, I’m here”), redder indicates more negative replies (“not allowed”, “router but no host”, etc.). Yellow indicates a mix of positive and negative replies. Blue indicates areas that were not probed because they were not public, allocated, unicast address space. (Source: University of Southern California’s Information Sciences Institute)

Related Links:
Internet Measurement Conference (IMC)
62 Days + Almost 3 Billion Pings + New Visualization Scheme = the First Internet Census Since 1982
ANT Censuses of the Internet Address Space
Census and Survey of the Visible Internet
Probe Sees Unused Internet (Technology Review, Oct 15, 2008)

 

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

ping is not a mesurement of use Stephane Bortzmeyer  –  Oct 16, 2008 8:33 AM

I have not read the full paper, not yet published, but I hope they know that a lack of reply to ping is not a proof of non-use. Msot used IP addresses do not reply to ping (typically because of a firewall).

ICMP Really?? Brett Carr  –  Oct 16, 2008 12:57 PM

This is the second time I have seen this reported in the last couple of days. ICMP as a measure of use, I don’t think so, a very large percentage of the networks I work on and have worked on in the past 10 years will of been counted as dormant by this survey, needless to say those IP addresses are very very much in use.

Brett (Amused)

Hmmmm.... Dan Campbell  –  Oct 16, 2008 2:46 PM

Yeah, this really isn’t the right technique.  Many PINGs will be blocked by firewalls even though the hosts are indeed alive.  And many addresses within live subnets won’t actually be assigned to hosts, but they are still “in use” because the subnet is configured.  Even in cases where firewalls are allowing PINGs through, subnetting always uses more space than is actually needed for hosts that may respond to PINGs.  That space is only wasted if the subnet is sized too liberally.  There are also many differences in security policy that dictate what types of ICMP messages are allowed in or sent back out, e.g., block inbound ICMP and send no reply at all; allow echo and echo reply only; allow echo / echo reply / time exceeded / source quench / fragementation needed, etc.  If they were trying to map out what the title of the paper implies, what is the “visible” Internet, then fine, that is interesting data and speaks more to the variations in security policy.  But if they are trying to determine what IP addresses are actually in use, that is close to impossible to do.  The only decent ways are (a.) to look at the Internet routing table and see what prefixes are there, aggregates or specifics or (b.) to look at the RIR databases to see what addresses have been allocated by RIRs and re-assigned by ISPs, and sum them all up.  Even if the addresses are not PINGable or visible in the Internet routing table, it does not mean they are not in use.

fyodor has some more interesting data... Peter Bell  –  Oct 30, 2008 12:30 AM

Saw a presentation from Fyodor at defecon this year.  I hope he’s already seen this paper, because he’s got a beautiful extension to add to the data - in the course of working on some improvements to nmap, he nmapped ipv4 last year. 

He had interesting data on top open ports and rate of diminishment of return, that is, if you scan 20 ports, and then 300, you see more systems up in the more exhaustive scan.  But how many ports do you need to hit to argue that you’ve seen X percent of systems which are discoverable by more exhaustive scans using his tool? 

Oh, top open port?  Telnet then SMTP, or vice versa.  Telnet was embarrasingly high ranking.

We can also compare the unused IP Tim Ruth  –  Dec 28, 2008 3:11 AM

We can also compare the unused IP range with the total IP address allocated by country.

http://www.ip2location.com/ip2location-internet-ip-address-2009-report.aspx

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

NordVPN Promotion