IEEE Access (Jan 2025)
Please Stop Knocking on My Door: An Empirical Study on Opt-Out of Internet-Wide Scanning
Abstract
Internet-wide scanning is prevalent due to the availability and widespread adoption of high-speed scanning tools, e.g., ZMap and Masscan, which can be used to perform Internet census tasks. However, benign scanning traffic can create undesirable noise for network administrators or researchers monitoring network traffic for security-related events. To mitigate the negative effects, previous studies have proposed best practices to guide ethical and well-regulated Internet-wide scans. In this paper, we are the first to shed light on the practicality of these best practices, with a primary focus on opt-out practices. By analyzing large-scale darknet traffic, we identify 46 scan organizations, including some that have not been reported in previous studies. We found that nearly 70% of the scanners we considered to be for survey purposes did not reveal their identity. In addition, we demonstrated that among scanners with identifiable identities, approximately 50% did not implement effective opt-out measures, which suggests that the effectiveness of opt-out practices is limited. Furthermore, only seven scanners confirmed that an opt-out request was sent from a legitimate administrator, indicating a challenge in terms of verifying the authenticity of opt-out requests. Based on these findings and reactions from scanning organizations, we revisit best practices for scanning organizations and recipients to facilitate effective and sustainable Internet-wide scanning practices.
Keywords
