GINO

Global INternet Observatory

Motivation

Internet measurements have long been a research priority at our chair. These measurements help us better understand the Internet and its security.

Over the years, we acquired vast knowledge in the area of large scale network measurements. This helps us to understand the current network state and its development. We seek to be harmless and conduct all measurements in an ethical manner.

If you are an interested researcher or students who wants to cooperate with us or if you have any questions, feel free to contact us. GINO is a research group for exchanging ongoing research, concepts, and ideas in the Internet measurement domain.

Internet-wide scans

We conduct various regular and ad-hoc Internet-wide scans for protocols such as HTTPS, DNS, and BACnet. These are purely scientific and we never attempt to intrude into any system. We follow best practices laid out by the scientific community such as by Dittrich et al. 1, and Partridge and Allman 2.
If you are affected by these, e.g., because of IDS alerts, please contact us and we will be happy to blacklist you immediately. Futher information can be found on Scans.

The involved machines are:

Host IPv6 address IPv4 address
planetlabX.net.in.tum.de 2001:4ca0:108:42::X 138.246.253.X
dallas 2600:3c00::f03c:91ff:fe3b:d2d 45.33.5.55
singapore 2400:8901::f03c:91ff:fe3b:d08 139.162.29.117

For a brief time in February 2018, the rDNS pointer for planetlab19.net.in.tum.de. points to researchscan19.netintum.umbrellastudy.com.

IPv6 Hitlist

We provide a daily updated IPv6 hitlist which can be downloaded by interested researchers. Find more information on our dedicated IPv6 hitlist page.

Toplists

We provide a daiy-to-day analysis of regularly used toplists. Find more information on our github Toplist page.

SMB Scans

In cooperation with the Chair of IT Security, SMB scans to detect honeypots are conducted at our chair. Find more information on SMB Scans.

PTP Scans

From time to time, we execute PTP scans, searching for unicast capable PTP master clocks in the Internet. We send a UDP Request Unicast PTP probe to port 320. This probe request a unicast transmission with 1 packet per second for a duration of 1 second.

Contact

If this sounds interesting to you, feel free to contact us:

References

  1. D. Dittrich, E. Kenneally et al., “The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research,” US Department of Homeland Security, 2012. 

  2. C. Partridge and M. Allman, “Ethical Considerations in Network Measurement Papers”, Communications of the ACM, 2016. 

Related publications

2022-06-01 Markus Sosnowski, Johannes Zirngibl, Patrick Sattler, Georg Carle, Claas Grohnfeldt, Michele Russo, Daniele Sgandurra, “Active TLS Stack Fingerprinting: Characterizing TLS Server Deployments at Scale,” in Proc. Network Traffic Measurement and Analysis Conference (TMA), Jun. 2022. Best Paper Award [Pdf] [Slides] [Homepage] [Rawdata] [Bib]
2022-06-01 Johannes Zirngibl, Steffen Deusch, Patrick Sattler, Juliane Aulbach, Georg Carle, Mattijs Jonker, “Domain Parking: Largely Present, Rarely Considered!,” in Proc. Network Traffic Measurement and Analysis Conference (TMA) 2022, Jun. 2022. [Pdf] [Bib]
2022-06-01 Fabian Franzen, Lion Steger, Johannes Zirngibl, Patrick Sattler, “Looking for Honey Once Again: Detecting RDP and SMB Honeypots on the Internet,” in International Workshop on Traffic Measurements for Cybersecurity 2022, Jun. 2022. [Pdf] [Slides] [Sourcecode] [Bib]
2021-11-01 Johannes Zirngibl, Philippe Buschmann, Patrick Sattler, Benedikt Jaeger, Juliane Aulbach, Georg Carle, “It’s over 9000: Analyzing early QUIC Deployments with the Standardization on the Horizon,” in Proceedings of the 2021 Internet Measurement Conference, New York, NY, USA, Nov. 2021. [Preprint] [Homepage] [Rawdata] [Recording] [DOI] [Bib]
2019-10-01 Johannes Naab, Patrick Sattler, Jonas Jelten, Oliver Gasser, Georg Carle, “Prefix Top Lists: Gaining Insights with Prefixes from Domain-based Top Lists on DNS Deployment,” in Proceedings of the Internet Measurement Conference, New York, NY, USA, Oct. 2019, pp. 351–357. [Pdf] [Slides] [Homepage] [DOI] [Bib]
2019-10-01 Pawel Foremski, Oliver Gasser, Giovane Moura, “DNS Observatory: The Big Picture of the DNS,” in Proceedings of the 2019 Internet Measurement Conference, New York, NY, USA, Oct. 2019. [Pdf] [Slides] [DOI] [Bib]
2019-03-01 Wouter B. de Vries, Quirin Scheitle, Moritz Müller, Willem Toorop, Ralph Dolmans, Roland van Rijswijk-Deij, “A First Look at QNAME Minimization in the Domain Name System,” in Proceedings of the Passive and Active Measurement Conference (PAM 2019), Best Dataset Award, Puerto Varas, Chile, Mar. 2019. [Url] [Bib]
2018-11-01 Oliver Gasser, Quirin Scheitle, Pawel Foremski, Qasim Lone, Maciej Korczynski, Stephen D. Strowes, Luuk Hendriks, Georg Carle, “Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists,” in Proceedings of the 2018 Internet Measurement Conference, New York, NY, USA, Nov. 2018. [Pdf] [Slides] [Homepage] [Rawdata] [Arxiv] [Blog] [DOI] [Bib]
2018-11-01 Quirin Scheitle, Oliver Gasser, Theodor Nolte, Johanna Amann, Lexi Brent, Georg Carle, Ralph Holz, Thomas C. Schmidt, Matthias Wählisch, “The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem,” in Internet Measurement Conference (2018), Boston, USA, Nov. 2018, pp. 343–349. [Rawdata] [Arxiv] [DOI] [Bib]
2018-11-01 Quirin Scheitle, Oliver Hohlfeld, Julien Gamba, Jonas Jelten, Torsten Zimmermann, Stephen D. Strowes, Narseo Vallina-Rodriguez, “A Long Way to the Top: Significance, Structure, and Stability of Internet Top Lists,” in Internet Measurement Conference (IMC’18), IMC’18 Community Contribution Award, Boston, USA, Nov. 2018, pp. 478–493. [Homepage] [Rawdata] [Arxiv] [DOI] [Bib]
2018-10-01 Paul Emmerich, Maximilian Pudelko, Quirin Scheitle, Georg Carle, “Efficient Dynamic Flow Tracking for Packet Analyzers,” in CloudNet, Tokyo, Japan, Oct. 2018. [Pdf] [Bib]
2018-04-01 Quirin Scheitle, Taejoong Chung, Jens Hiller, Oliver Gasser, Johannes Naab, Roland van Rijswijk-Deij, Oliver Hohlfeld, Ralph Holz, Dave Choffnes, Alan Mislove, Georg Carle, “A First Look at Certification Authority Authorization (CAA),” ACM SIGCOMM Computer Communications Review (CCR), Apr. 2018. [Url] [Pdf] [Preprint] [Homepage] [Rawdata] [Bib]
2018-03-01 Tobias Brunnwieser, Oliver Gasser, Sree Harsha Totakura, Georg Carle, “Live Detection and Analysis of HTTPS Interceptions,” in Passive and Active Measurement Conference (PAM), Poster, Berlin, Germany, Mar. 2018. [Pdf] [Poster] [Bib]
2018-03-01 Oliver Gasser, Benjamin Hof, Max Helm, Maciej Korczynski, Ralph Holz, Georg Carle, “In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements,” in Proceedings of the Passive and Active Measurement Conference (PAM 2018), Best Paper Award, Berlin, Germany, Mar. 2018. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Blog] [Bib]
2018-03-01 Quirin Scheitle, Jonas Jelten, Oliver Hohlfeld, Luca Ciprian, Georg Carle, “Structure and Stability of Internet Top Lists,” in PAM’18 Poster, Berlin, Mar. 2018. [Arxiv] [Bib]
2017-11-01 Johanna Amann*, Oliver Gasser*, Quirin Scheitle*, Lexi Brent, Georg Carle, Ralph Holz, “Mission Accomplished? HTTPS Security after DigiNotar,” in Proceedings of the Internet Measurement Conference (IMC 2017), IMC’17 Community Contribution Award, IRTF Applied Networking Research Prize (ANRP) 2018, London, UK, Nov. 2017. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]
2017-11-01 Patricia Callejo, Connor Kelton, Narseo Vallina-Rodriguez, Rubén Cuevas, Oliver Gasser, Christian Kreibich, Florian Wohlfart, Ángel Cuevas, “Opportunities and Challenges of Ad-based Measurements from the Edge of the Network,” in Proc. of the 16th ACM Workshop on Hot Topics in Networks, Nov. 2017. [Pdf] [Bib]
2017-10-01 Oliver Gasser, Quirin Scheitle, Benedikt Rudolph, Carl Denis, Nadja Schricker, Georg Carle, “The Amplification Threat Posed by Publicly Reachable BACnet Devices,” Journal of Cyber Security and Mobility, Oct. 2017. [Url] [Pdf] [Bib]
2017-08-01 Quirin Scheitle, Matthias Wählisch, Oliver Gasser, Thomas C. Schmidt, Georg Carle, “Towards an Ecosystem for Reproducible Research in Computer Networking,” in ACM SIGCOMM Reproducibility Workshop, Los Angeles, USA, Aug. 2017. [Pdf] [Slides] [Bib]
2017-06-01 Matthias Wachs, Quirin Scheitle, Georg Carle, “Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication,” in Network Traffic Measurement and Analysis Conference (TMA), Best Paper Award TMA’17, IEEE ComSoc ITC Best Paper Award 2017, Jun. 2017. [Pdf] [Slides] [Recording] [Bib]
2017-06-01 Quirin Scheitle, Oliver Gasser, Minoo Rouhi, Georg Carle, “Large-Scale Classification of IPv6-IPv4 Siblings with Variable Clock Skew,” in Network Traffic Measurement and Analysis Conference (TMA), Jun. 2017. [Pdf] [Slides] [Rawdata] [Recording] [Arxiv] [Bib]
2017-06-01 Quirin Scheitle, Oliver Gasser, Patrick Sattler, Georg Carle, “HLOC: Hints-Based Geolocation Leveraging Multiple Measurement Frameworks,” in Network Traffic Measurement and Analysis Conference (TMA), Best Dataset Award, Dublin, Ireland, Jun. 2017. [Pdf] [Slides] [Rawdata] [Arxiv] [Bib]
2017-05-01 Oliver Gasser, Quirin Scheitle, Carl Denis, Nadja Schricker, Georg Carle, “Security Implications of Publicly Reachable Building Automation Systems,” in Proc. 2nd Int. Workshop on Traffic Measurements for Cybersecurity, San Jose, CA, USA, May 2017. [Pdf] [Bib]
2017-02-01 Oliver Gasser, Quirin Scheitle, Carl Denis, Nadja Schricker, Georg Carle, “Öffentlich erreichbare Gebäudeautomatisierung: Amplification-Anfälligkeit von BACnet und Deployment-Analyse im Internet und DFN,” in 24. DFN-Konferenz Sicherheit in vernetzten Systemen, Hamburg, Germany, Feb. 2017. [Pdf] [Bib]
2016-04-01 Oliver Gasser, Quirin Scheitle, Sebastian Gebhard, Georg Carle, “Scanning the IPv6 Internet: Towards a Comprehensive Hitlist,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Url] [Pdf] [Slides] [Bib]
2016-03-01 Quirin Scheitle, Matthias Wachs, Johannes Zirngibl, Georg Carle, “Analyzing Locality of Mobile Messaging Traffic using the MATAdOR Framework,” in Passive and Active Measurements Conference (PAM) 2016 , Heraklion, Greece, Mar. 2016, pp. 190–202. [Pdf] [Preprint] [Slides] [Homepage] [Rawdata] [DOI] [Bib]

Finished student theses

Author Title Type Advisors Year Links
Raphael Schmid ROV + IRR: Are Authorized Routes Registered? BA Johannes Zirngibl, Patrick Sattler, Juliane Aulbach 2021 Pdf
Pascal Henschke Analyzing BGP as a Graph BA Johannes Zirngibl, Patrick Sattler, Juliane Aulbach 2021 Pdf
Steffen Deusch Analyzing the Effect of Domain Parking on DNS Based Research BA Johannes Zirngibl, Patrick Sattler, Juliane Aulbach 2021 Pdf
Felix Myhsok Blocklists: Who is blocked? BA Johannes Zirngibl, Patrick Sattler, Markus Sosnowski 2021 Pdf
Daniel Hegedüs The First Year of QUIC v1 Deployment BA Johannes Zirngibl, Patrick Sattler, Benedikt Jaeger, Juliane Aulbach 2021 Pdf
Patryk Brzoza KPI Analysis of Webserver Traffic through Active Measurements MA Simon Bauer, Benedikt Jaeger, Patrick Sattler, Christoph Schwarzenberg 2021
Yannik Gehring Revealing Organizational Structures in an Internet-wide TLS Graph MA Markus Sosnowski, Patrick Sattler, Juliane Aulbach 2021 Pdf
Tim Betzer A Systematic TLS Scanning Approach Minimizing the Used Requests and Comparison with other TLS Scanners GR Markus Sosnowski, Patrick Sattler 2021
Tobias Wothge Industrial Control Systems (ICS) Protocol Detection BA Patrick Sattler, Lars Wüstrich, Johannes Zirngibl 2021
Karoline Ilse IPv6 Deployment Analysis using BGP Announcements BA Patrick Sattler, Johannes Zirngibl, Juliane Aulbach 2021 Pdf
Roland Bernhard Reif Detecting BGP Hijacking in Real Time IDP Patrick Sattler, Johannes Zirngibl 2020
Christian Wahl Analyzing the Stability and Expressiveness of Large-Scale DNS Scans MA Patrick Sattler, Johannes Zirngibl, Juliane Aulbach 2020
Jasper von der Heidt Analyzing PTP Master Clocks in the Wild BA Johannes Zirngibl, Max Helm, Henning Stubbe 2020 Pdf
Philippe Buschmann Analyzing Quic in the wild MA Johannes Zirngibl, Patrick Sattler, Benedikt Jaeger, Juliane Aulbach 2020 Pdf
Christian Kilb Blocklists: What is blocked and why? IDP Johannes Zirngibl, Patrick Sattler, Markus Sosnowski 2020 Pdf
Sebastian Heinrich Kappes An Analysis of the Development and Early Deployment of Encrypted SNI BA Johannes Zirngibl, Max Helm, Patrick Sattler 2020
Lennart Keller Packet Pacing with the QUIC Protocol BA Benedikt Jaeger, Johannes Zirngibl 2020 Pdf
Robert Dillitz Uncovering PTP Master Clocks in the Wild BA Johannes Zirngibl, Max Helm, Henning Stubbe 2020 Pdf
Roland Bernhard Reif Analysis of EDNS Client-Subnet Load Balancing BA Patrick Sattler, Johannes Zirngibl 2019
Leo Schedelbeck rDNS Leaks - Disclosing the Real Infrastructure of Shadowed Services BA, MA, IDP Johannes Zirngibl, Patrick Sattler 2019 Pdf
Dominik Kreutzer Nameserver Rate Limits - Dynamic Adjustment of Scan Behavior BA, MA, IDP Johannes Zirngibl, Johannes Naab 2019 Pdf
Johannes Zirngibl Extensive Analysis of IPv6 Address Assignment and its rDNS Special Domain ip6.arpa. MA Johannes Naab, Quirin Scheitle 2018
Johannes Zirngibl Creating IPv6 Hitlists through Rigorous and Deterministic rDNS Walking IDP Johannes Naab, Quirin Scheitle 2018
Hamza Zafar Amplification Attack Detection using Active Measurements MA Simon Bauer, Oliver Gasser, Stefan Metzger 2018 Pdf
Felix Beil Long Term Analysis of HTTP Strict Transport Security BA Quirin Scheitle, Oliver Gasser 2018
Ralf Baun Performance and Security Analysis of Alternative DNS Transports BA Quirin Scheitle, Johannes Naab 2018 Pdf
Glenn Skjong Internet Toplists: Creating an Alternative Internet Top List Service MA Quirin Scheitle, Jonas Jelten 2018
Johannes Schleger Detection and Characterization of TLS Interception in Access Networks MA Jonas Jelten, Florian Wohlfart, Quirin Scheitle 2018
Alexander Schulz Identification of IPv6-IPv4 Sibling Pairs from Passive Observations BA Quirin Scheitle, Oliver Gasser, Minoo Rouhi 2017 Pdf
Samy el Deib Detecting IPv6-IPv4 Sibling Pairs Based on few Data Points BA Quirin Scheitle, Oliver Gasser, Minoo Rouhi 2017 Pdf
Florens Werner Finding Active IPv6 Addresses BA Quirin Scheitle, Oliver Gasser, Johannes Naab 2017 Pdf
Fabian Raab Influence of BGP Community Attributes on Routing and Internet Traffic IDP Oliver Gasser, Quirin Scheitle, Christoph Dietzel 2017 Pdf
Tobias Brunnwieser A Framework for Detection and Analysis of HTTPS Interception MA Oliver Gasser, Sree Harsha Totakura, Florian Wohlfart 2017
Max Helm Traceable Measurement Result Publication in Append-only Ledgers MA Oliver Gasser, Benjamin Hof, Quirin Scheitle 2017 Pdf
Emanuel Vintila Continuous Development of Open Source C++ Flow Toolkit HiWi Oliver Gasser, Johannes Naab 2017 Pdf
Jan-Philipp Lauinger Evaluating Client Discrimination in Anonymization Networks Using Active Network Scans Forschungspraxis Oliver Gasser, Sree Harsha Totakura 2017 Pdf
Hendrik Eichner Revisiting SSH Security in the Internet BA Oliver Gasser, Minoo Rouhi 2017 Pdf
Max Helm Evaluating TLS Certificate Transparency Logs using Active Scans IDP Oliver Gasser, Benjamin Hof 2017 Pdf
Maximilian Pudelko Payload Extraction for Flows with Anomalous TTL Behaviour IDP Quirin Scheitle, Paul Emmerich 2017 Pdf
Markus Sosnowski Internet-Wide Assessment of TCP Options BA Quirin Scheitle, Oliver Gasser, Minoo Rouhi, Paul Emmerich, Dominik Scholz 2017 Pdf
Thomas Bachmaier Scanning for TCP SYN Proxy Implementations BA Dominik Scholz, Paul Emmerich, Quirin Scheitle, Minoo Rouhi 2017 Pdf
Johannes Fischer Browser-based Internet connection testing MA Florian Wohlfart, Oliver Gasser 2016 Pdf
Jonas Heintzenberg Browser-based Internet connection testing BA Florian Wohlfart, Oliver Gasser 2016 Pdf
Sven Hertle Analysis of cellular ISP networks MA Florian Wohlfart 2016 Pdf
Patrick Sattler Parsing geographical locations from DNS names GR Quirin Scheitle, Oliver Gasser 2016
Frank Schmidt Large Scale DNS Scanner in Go MA Johannes Naab, Oliver Gasser 2016
Pirmin Blanz IPv6 TLS Security Scanning MA Oliver Gasser, Quirin Scheitle 2016
Michael Köpferl Evaluation of amplification attacks in large-scale networks to improve detection performance IDP Oliver Gasser, Stefan Metzger 2016

Open and running student theses

Author Title Type Advisors Year Links
Rene Jung Capturing the Internet presence of Organizations with the help of a TLS Graph BA Markus Sosnowski, Patrick Sattler 2022 Pdf
Christian Benedikt Dietze Setup and Deployment of a Resilient Internet Scanning Infrastructure IDP Patrick Sattler, Johannes Zirngibl 2022 Pdf
Robert Dillitz Transformation and Evaluation of TLS Behavior Graphs MA Johannes Zirngibl, Benedikt Jaeger, Markus Sosnowski 2022 Pdf
Yudhistira Wibowo Analysis of Blocklisted TLS Servers BA Johannes Zirngibl, Patrick Sattler 2022
offen Analysis of Aliased Prefixes in the Internet BA, MA Patrick Sattler, Johannes Zirngibl, Juliane Aulbach 2022 Pdf
offen Evaluating Different QUIC Scan Approaches BA, MA, IDP Johannes Zirngibl, Patrick Sattler 2022 Pdf
Zeynep Sonkaya Development of an Efficient Large Scale DNS Scanning Pipeline IDP Patrick Sattler, Johannes Zirngibl 2021 Pdf