{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T23:12:23Z","timestamp":1772147543419,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":63,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,27]],"date-time":"2020-10-27T00:00:00Z","timestamp":1603756800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,27]]},"DOI":"10.1145\/3419394.3424214","type":"proceedings-article","created":{"date-parts":[[2020,10,22]],"date-time":"2020-10-22T20:30:22Z","timestamp":1603398622000},"page":"662-679","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":46,"title":["On the Origin of Scanning"],"prefix":"10.1145","author":[{"given":"Gerry","family":"Wan","sequence":"first","affiliation":[{"name":"Stanford University"}]},{"given":"Liz","family":"Izhikevich","sequence":"additional","affiliation":[{"name":"Stanford University"}]},{"given":"David","family":"Adrian","sequence":"additional","affiliation":[{"name":"Censys, Inc."}]},{"given":"Katsunari","family":"Yoshioka","sequence":"additional","affiliation":[{"name":"Yokohama National University"}]},{"given":"Ralph","family":"Holz","sequence":"additional","affiliation":[{"name":"University of Twente, University of Sydney"}]},{"given":"Christian","family":"Rossow","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security"}]},{"given":"Zakir","family":"Durumeric","sequence":"additional","affiliation":[{"name":"Stanford University"}]}],"member":"320","published-online":{"date-parts":[[2020,10,27]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813707"},{"key":"e_1_3_2_2_2_1","volume-title":"8th USENIX Workshop on Offensive Technologies","author":"Adrian D.","year":"2014","unstructured":"D. Adrian, Z. Durumeric, G. Singh, and J. A. Halderman. Zippier ZMap: Internet-Wide Scanning at 10 Gbps. In 8th USENIX Workshop on Offensive Technologies, 2014."},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298316"},{"key":"e_1_3_2_2_4_1","volume-title":"ACM Internet Measurement Conference","author":"Amann J.","year":"2017","unstructured":"J. Amann, O. Gasser, Q. Scheitle, L. Brent, G. Carle, and R. Holz. Mission Accomplished? HTTPS Security after DigiNotar. In ACM Internet Measurement Conference, 2017."},{"key":"e_1_3_2_2_5_1","volume-title":"Understanding the Mirai Botnet. In USENIX Security Symposium","author":"Antonakakis M.","year":"2017","unstructured":"M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, and Y. Zhou. Understanding the Mirai Botnet. In USENIX Security Symposium, 2017."},{"key":"e_1_3_2_2_6_1","volume-title":"25th USENIX Security Symposium","author":"Aviram N.","year":"2016","unstructured":"N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J. A. Halderman, V. Dukhovni, et al. DROWN: Breaking TLS using SSLv2. In 25th USENIX Security Symposium, 2016."},{"key":"e_1_3_2_2_7_1","volume":"201","author":"Bano S.","unstructured":"S. Bano, P. Richter, M. Javed, S. Sundaresan, Z. Durumeric, S. Murdoch, R. Mortier, and V. Paxson. Scanning the Internet for Liveness. In ACM Computer Communication Review, 2018.","journal-title":"Liveness. In ACM Computer Communication Review"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.39"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-15509-8_10"},{"key":"e_1_3_2_2_10_1","volume-title":"Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL\/TLS Implementations. In IEEE Symposium on Security and Privacy","author":"Brubaker C.","year":"2014","unstructured":"C. Brubaker, S. Jana, B. Ray, S. Khurshid, and V. Shmatikov. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL\/TLS Implementations. In IEEE Symposium on Security and Privacy, 2014."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644923"},{"key":"e_1_3_2_2_12_1","volume":"201","author":"Cai X.","unstructured":"X. Cai and J. Heidemann. Understanding Block-Level Address Usage in the Visible Internet. ACM SIGCOMM Computer Communication Review, 2011.","journal-title":"Visible Internet. ACM SIGCOMM Computer Communication Review"},{"key":"e_1_3_2_2_13_1","volume-title":"On the Practical Exploitability of Dual EC in TLS Implementations. In 23rd USENIX Security Symposium","author":"Checkoway S.","year":"2014","unstructured":"S. Checkoway, R. Niederhagen, A. Everspaugh, M. Green, T. Lange, T. Ristenpart, D. J. Bernstein, J. Maskiewicz, H. Shacham, and M. Fredrikson. On the Practical Exploitability of Dual EC in TLS Implementations. In 23rd USENIX Security Symposium, 2014."},{"key":"e_1_3_2_2_14_1","volume-title":"23rd USENIX Security Symposium","author":"Costin A.","year":"2014","unstructured":"A. Costin, J. Zaddach, A. Francillon, and D. Balzarotti. A Large-Scale Analysis of the Security of Embedded Firmwares. In 23rd USENIX Security Symposium, 2014."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23047"},{"key":"e_1_3_2_2_16_1","volume-title":"Proceedings of the 2007 ACM CoNEXT Conference","author":"Dhamdhere A.","year":"2007","unstructured":"A. Dhamdhere, R. Teixeira, C. Dovrolis, and C. Diot. Net-Diagnoser: Troubleshooting Network Unreachabilities Using End-to-End Probes and Routing Data. In Proceedings of the 2007 ACM CoNEXT Conference, 2007."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813703"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815695"},{"key":"e_1_3_2_2_19_1","volume-title":"An Internet-Wide View of Internet-Wide Scanning. In USENIX Security Symposium","author":"Durumeric Z.","year":"2014","unstructured":"Z. Durumeric, M. Bailey, and J. A. Halderman. An Internet-Wide View of Internet-Wide Scanning. In USENIX Security Symposium, 2014."},{"key":"e_1_3_2_2_20_1","volume-title":"Analysis of the HTTPS Certificate Ecosystem. In ACM Internet Measurement Conference","author":"Durumeric Z.","year":"2013","unstructured":"Z. Durumeric, J. Kasten, M. Bailey, and J. A. Halderman. Analysis of the HTTPS Certificate Ecosystem. In ACM Internet Measurement Conference, 2013."},{"key":"e_1_3_2_2_21_1","volume-title":"The Matter of Heartbleed. In ACM Internet Measurement Conference","author":"Durumeric Z.","year":"2014","unstructured":"Z. Durumeric, F. Li, J. Kasten, J. Amann, J. Beekman, M. Payer, N. Weaver, D. Adrian, V. Paxson, M. Bailey, et al. The Matter of Heartbleed. In ACM Internet Measurement Conference, 2014."},{"key":"e_1_3_2_2_22_1","volume-title":"USENIX Security Symposium","author":"Durumeric Z.","year":"2014","unstructured":"Z. Durumeric, E. Wustrow, and J. A. Halderman. ZMap: Fast Internet-Wide Scanning and its Security Applications. In USENIX Security Symposium, 2014."},{"key":"e_1_3_2_2_23_1","volume-title":"Inferring BGP Blackholing Activity in the Internet. In ACM Internet Measurement Conference","author":"Giotsas V.","year":"2017","unstructured":"V. Giotsas, G. Smaragdakis, C. Dietzel, P. Richter, A. Feldmann, and A. Berger. Inferring BGP Blackholing Activity in the Internet. In ACM Internet Measurement Conference, 2017."},{"key":"e_1_3_2_2_24_1","volume-title":"MASSCAN: Mass IP port scanner. https:\/\/github.com\/robertdavidgraham\/masscan","author":"Graham R. D.","year":"2014","unstructured":"R. D. Graham. MASSCAN: Mass IP port scanner. https:\/\/github.com\/robertdavidgraham\/masscan, 2014."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00975-4_3"},{"key":"e_1_3_2_2_26_1","volume-title":"Detecting ICMP Rate Limiting in the Internet. In Conference on Passive and Active Network Measurement","author":"Guo H.","year":"2018","unstructured":"H. Guo and J. Heidemann. Detecting ICMP Rate Limiting in the Internet. In Conference on Passive and Active Network Measurement, 2018."},{"key":"e_1_3_2_2_27_1","volume-title":"Census and Survey of the Visible Internet. In ACM Internet Measurement Conference","author":"Heidemann J.","year":"2008","unstructured":"J. Heidemann, Y. Pradkin, R. Govindan, C. Papadopoulos, G. Bartlett, and J. Bannister. Census and Survey of the Visible Internet. In ACM Internet Measurement Conference, 2008."},{"key":"e_1_3_2_2_28_1","volume-title":"USENIX Security Symposium","author":"Heilman E.","year":"2015","unstructured":"E. Heilman, A. Kendler, A. Zohar, and S. Goldberg. Eclipse Attacks on Bitcoin's Peer-to-Peer Network. In USENIX Security Symposium, 2015."},{"key":"e_1_3_2_2_29_1","volume-title":"Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In USENIX Security Symposium","author":"Heninger N.","year":"2012","unstructured":"N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In USENIX Security Symposium, 2012."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106328.3106334"},{"key":"e_1_3_2_2_31_1","volume-title":"TLS in the Wild: An Internet-Wide Analysis of TLS-based Protocols for Electronic Communication. Symposium on Network and Distributed System Security (NDSS)","author":"Holz R.","year":"2016","unstructured":"R. Holz, J. Amann, O. Mehani, M. Wachs, and M. A. Kaafar. TLS in the Wild: An Internet-Wide Analysis of TLS-based Protocols for Electronic Communication. Symposium on Network and Distributed System Security (NDSS), 2016."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/637201.637238"},{"key":"e_1_3_2_2_33_1","volume-title":"NSDI","author":"Katz-Bassett E.","year":"2008","unstructured":"E. Katz-Bassett, H. V. Madhyastha, J. P. John, A. Krishnamurthy, D. Wetherall, and T. E. Anderson. Studying Black Holes in the Internet with Hubble. In NSDI, 2008."},{"key":"e_1_3_2_2_34_1","volume-title":"Differential Treatment of Anonymous Users. In Symposium on Network and Distributed System Security","author":"Khattak S.","year":"2016","unstructured":"S. Khattak, D. Fifield, S. Afroz, M. Javed, S. Sundaresan, V. Paxson, S. J. Murdoch, and D. McCoy. Do You See What I See? Differential Treatment of Anonymous Users. In Symposium on Network and Distributed System Security, 2016."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987457"},{"key":"e_1_3_2_2_36_1","volume-title":"Location: The Impact of Geolocation on Web Search Personalization. In Internet Measurement Conference","author":"Kliman-Silver C.","year":"2015","unstructured":"C. Kliman-Silver, A. Hannak, D. Lazer, C. Wilson, and A. Mislove. Location, Location, Location: The Impact of Geolocation on Web Search Personalization. In Internet Measurement Conference, 2015."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815683"},{"key":"e_1_3_2_2_38_1","volume-title":"All Things Considered: An Analysis of IoT Devices on Home Networks. In USENIX Security Symposium","author":"Kumar D.","year":"2019","unstructured":"D. Kumar, K. Shen, B. Case, D. Garg, G. Alperovich, D. Kuznetsov, R. Gupta, and Z. Durumeric. All Things Considered: An Analysis of IoT Devices on Home Networks. In USENIX Security Symposium, 2019."},{"key":"e_1_3_2_2_39_1","unstructured":"R. Lawshae. Hunting Botnets with ZMap. http:\/\/h30499.www3.hp.com\/t5\/HP-Security-Research-Blog\/Hunting-Botnets-with-ZMap\/ba-p\/6320865#.UvzzgkJdXw1."},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879156"},{"key":"e_1_3_2_2_41_1","volume-title":"25th USENIX Security Symposium","author":"Li F.","year":"2016","unstructured":"F. Li, Z. Durumeric, J. Czyz, M. Karami, M. Bailey, D. McCoy, S. Savage, and V. Paxson. You've Got Vulnerability: Exploring Effective Vulnerability Notifications. In 25th USENIX Security Symposium, 2016."},{"key":"e_1_3_2_2_42_1","volume-title":"24th USENIX Security Symposium","author":"Liu Y.","year":"2015","unstructured":"Y. Liu, A. Sarabi, J. Zhang, P. Naghizadeh, M. Karir, M. Bailey, and M. Liu. Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In 24th USENIX Security Symposium, 2015."},{"key":"e_1_3_2_2_43_1","volume-title":"23rd USENIX Security Symposium","author":"Marczak W. R.","year":"2014","unstructured":"W. R. Marczak, J. Scott-Railton, M. Marquis-Boire, and V. Paxson. When Governments Hack Opponents: A Look at Actors and Technology. In 23rd USENIX Security Symposium, 2014."},{"key":"e_1_3_2_2_44_1","unstructured":"Maxmind GeoLite2 Database. https:\/\/dev.maxmind.com\/geoip\/geoip2\/geolite2\/."},{"key":"e_1_3_2_2_45_1","volume-title":"An Internet-Wide View of ICS Devices. In 14th IEEE Conference on Privacy, Security and Trust","author":"Mirian A.","year":"2016","unstructured":"A. Mirian, Z. Ma, D. Adrian, M. Tischer, T. Chuenchujit, T. Yardley, R. Berthier, J. Mason, Z. Durumeric, J. A. Halderman, et al. An Internet-Wide View of ICS Devices. In 14th IEEE Conference on Privacy, Security and Trust, 2016."},{"key":"e_1_3_2_2_46_1","volume-title":"Reasons Dynamic Addresses Change. In ACM Internet Measurement Conference. ACM","author":"Padmanabhan R.","year":"2016","unstructured":"R. Padmanabhan, A. Dhamdhere, E. Aben, N. Spring, et al. Reasons Dynamic Addresses Change. In ACM Internet Measurement Conference. ACM, 2016."},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3341302.3342084"},{"key":"e_1_3_2_2_48_1","volume":"199","author":"Paxson V.","unstructured":"V. Paxson. End-to-end Internet Packet Dynamics. In ACM SIGCOMM Computer Communication Review, 1997.","journal-title":"Internet Packet Dynamics. In ACM SIGCOMM Computer Communication Review"},{"key":"e_1_3_2_2_49_1","volume-title":"Augur: Internet-Wide Detection of Connectivity Disruptions","author":"Pearce P.","year":"2017","unstructured":"P. Pearce, R. Ensafi, F. Li, N. Feamster, and V. Paxson. Augur: Internet-Wide Detection of Connectivity Disruptions. In IEEE Security and Privacy, 2017."},{"key":"e_1_3_2_2_50_1","volume-title":"Global Measurement of DNS Manipulation. In USENIX Security Symposium","author":"Pearce P.","year":"2017","unstructured":"P. Pearce, B. Jones, F. Li, R. Ensafi, N. Feamster, N. Weaver, and V. Paxson. Global Measurement of DNS Manipulation. In USENIX Security Symposium, 2017."},{"key":"e_1_3_2_2_51_1","unstructured":"Project Sonar. https:\/\/www.rapid7.com\/research\/project-sonar."},{"key":"e_1_3_2_2_52_1","unstructured":"Psychz Networks Forum - ssh_exchange_identification connection closed by remote host. https:\/\/www.psychz.net\/client\/question\/en\/sshexchangeidentification-connection-closed-by-remote-host.html."},{"key":"e_1_3_2_2_53_1","volume-title":"Ng. Back-office Web Traffic on the Internet. In ACM Internet Measurement Conference","author":"Pujol E.","year":"2014","unstructured":"E. Pujol, P. Richter, B. Chandrasekaran, G. Smaragdakis, A. Feldmann, B. M. Maggs, and K.-C. Ng. Back-office Web Traffic on the Internet. In ACM Internet Measurement Conference, 2014."},{"key":"e_1_3_2_2_54_1","volume-title":"Citeseer","author":"Quan L.","year":"2011","unstructured":"L. Quan and J. Heidemann. Detecting Internet Outages with Active Probing. Technical report, Citeseer, 2011."},{"key":"e_1_3_2_2_55_1","volume":"201","author":"Quan L.","unstructured":"L. Quan, J. Heidemann, and Y. Pradkin. Trinocular: Understanding Internet Reliability through Adaptive Probing. ACM SIGCOMM Computer Communication Review, 2013.","journal-title":"Adaptive Probing. ACM SIGCOMM Computer Communication Review"},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663721"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987473"},{"key":"e_1_3_2_2_58_1","volume-title":"Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In Symposium on Network and Distributed Systems Security (NDSS)","author":"Rossow C.","year":"2014","unstructured":"C. Rossow. Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In Symposium on Network and Distributed Systems Security (NDSS), 2014."},{"key":"e_1_3_2_2_59_1","volume-title":"Quantifying the Importance of Vantage Point Distribution in Internet Topology Mapping","author":"Shavitt Y.","year":"2011","unstructured":"Y. Shavitt and U. Weinsberg. Quantifying the Importance of Vantage Point Distribution in Internet Topology Mapping. In IEEE Journal on Selected Areas in Communications, 2011."},{"key":"e_1_3_2_2_60_1","volume-title":"FTP: The Forgotten Cloud. In IEEE\/IFIP International Conference on Dependable Systems and Networks","author":"Springall D.","year":"2016","unstructured":"D. Springall, Z. Durumeric, and J. A. Halderman. FTP: The Forgotten Cloud. In IEEE\/IFIP International Conference on Dependable Systems and Networks, 2016."},{"key":"e_1_3_2_2_61_1","unstructured":"Linux Manual Page - sshdconfig. https:\/\/linux.die.net\/man\/5\/sshd_config."},{"key":"e_1_3_2_2_62_1","unstructured":"TIM Brasil. https:\/\/www.tim.com.br\/sp\/para-voce."},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3393691.3394180"}],"event":{"name":"IMC '20: ACM Internet Measurement Conference","location":"Virtual Event USA","acronym":"IMC '20","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication","SIGMETRICS ACM Special Interest Group on Measurement and Evaluation"]},"container-title":["Proceedings of the ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3419394.3424214","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3419394.3424214","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T23:35:57Z","timestamp":1765841757000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3419394.3424214"}},"subtitle":["The Impact of Location on Internet-Wide Scans"],"short-title":[],"issued":{"date-parts":[[2020,10,27]]},"references-count":63,"alternative-id":["10.1145\/3419394.3424214","10.1145\/3419394"],"URL":"https:\/\/doi.org\/10.1145\/3419394.3424214","relation":{},"subject":[],"published":{"date-parts":[[2020,10,27]]},"assertion":[{"value":"2020-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}