Recently, Internet Census 2012 was published
which contains a lot of data related to the Internet (e.g., traceroutes, open services etc.).
In an ethical hacking point of view, there is an associated moral dilemma - is
it acceptable to give access via web service to the data? Obviously, anyone
can download it through torrent now; one can easily unpack data and make
a few "interesting" greps out of it. Though, it will take a lot of effort and motivation to do it in the first place.
Anyway, we picked the most harmless chunks of data: traceroutes and icmp pings. Those sets do not pose any risk, but still can be nice addition to network recon.
Traceroute data is the simplest for us; we already have 61 million records, and we just have to push data from census. There is not much of new records, however it improves average ping time values. Our visual traceroute tool is still available here.
ICMP pings data is still in progress, and we will need some time to download, unpack and process the data.
As for rest of data, technically, there is no problem plugging it in, but we think that this is not a good idea from ethical point of view. Basically, now we know that such large-scale enumeration (and most likely attack) is possible and can be done by anyone. But there is no point in making it easier for scriptkiddies. Best thing to do is to find new ways to improve security and safety from new threat.
Subscribe to our RSS/Atom feed to get interesting news about our future experiments.