GINO
Global INternet Observatory
| Scientists: | Dr. Johannes Zirngibl, Patrick Sattler, Markus Sosnowski, M.Sc., Lion Steger, Christian Dietze, M.Sc., Tim Betzer, Dr. Oliver Gasser, Johannes Naab, M.Sc. |
| Since: | 01.11.2016 |
Contact
If you want to get in touch with our research group, feel free to contact us:
For questions and complaints on our scanning activity use the following mail address:
Motivation
Internet measurements have long been a research priority at our chair. These measurements help us better understand the Internet and its security.
Over the years, we acquired vast knowledge in the area of large scale network measurements and set up a variety of regular Internet-wide measurements. This helps us to understand the current network state and its development. GINO has supported over 30 papers and was honored with multiple Best Paper and Community Contribution awards. We seek to be harmless and conduct all measurements in an ethical manner.
If you are an interested researcher or student who wants to cooperate with us or if you have any questions, feel free to contact us. GINO is an initiative for exchanging ongoing research, concepts, and ideas in the Internet measurement domain. We are happy to talk about collaborations sharing data and insights based on our scans and work.
Internet-wide scans
We conduct various regular and ad-hoc Internet-wide scans for protocols such as HTTPS, DNS, QUIC and IPv6. These are purely scientific, and we never attempt to intrude into any system (more information on our ethical guidelines).
IPv6 Hitlist
We provide a regularly updated IPv6 Hitlist service which collects IPv6 address candidates from different sources, identifies fully responsive prefixes and tests addresses for their responsiveness. You can find more information about the service and get access to all data (historic and new) on our dedicated IPv6 Hitlist Service page. The service was established in 2018 and improved in 2022.
You can find more information about preliminary work on our dedicated IPv6 hitlist page.
DNS Scans
We conduct regular large-scale DNS scans. We collect domains from full zone files (e.g., .com, .net, .org), toplists, CT log and static domain lists. All sources combined cover more than 500M domains. We resolve all domains on a daily basis to their A, AAAA, NS and MX records. Furthermore, we resolve all domains to their SVCB and HTTPS records on a weakly basis. You can find a first overview about these records in our study A First Look at SVCB and HTTPS DNS Resource Records in the Wild.
Domain Parking
We analyzed the prevalence of domain parking on the DNS ecosystem based on active DNS scans. Parked domains can be identified using DNS indicators referring to A/AAAA/CNAME or NS values. We published the list of indicators on a github page. If you are interested in domain parking, a list of parked domains or any further information, we are happy to share our insights or data.
TLS and QUIC Scans
We conduct weekly TLS and QUIC scans. Both scans rely on ZMap to identify targets. Afterwards, stateful scanners are used to conduct full handshakes, to extract protocol, TLS and certificate information, and to send an HTTP request. We scan all identified IP addresses supporting either TLS over TCP or QUIC without SNI but also join all domains with our DNS scans and use an SNI value if possible.
Our TLS scans are based on the Goscanner. It can conduct full TLS over TCP handshakes and additional HTTP requests. It supports all TLS versions including TLS 1.3. Furthermore, methodologies to send different Client Hellos and to fingerprint servers exist (TMA'22, PAM'23, TNSM'24).
We conduct regular QUIC discovery scans based on ZMap but also complete QUIC application layer handshakes using the QScanner. Furthermore, we implemented test environment for QUIC scanners and developed a methodology to identify used QUIC libraries. For more information take a look at our papers (IMC'21, PAM'24) and published code. Feel free to contact us for further information regarding the scans, insight and available data.
Mature Studies
Toplists
We provided a day-to-day analysis of regularly used toplists. Find more information on our github Toplist page.
SMB Scans
In cooperation with the Chair of IT Security, SMB scans to detect honeypots were conducted at our chair. Find more information on SMB Scans.
Ethics
We follow best practices laid out by the scientific community such as by Dittrich et al. 1, and Partridge and Allman 2. If you are affected by these, e.g., because of IDS alerts, please contact us and we will be happy to blacklist you immediately. Further information can be found on Scans.
The involved machines are:
| Host | IPv6 address | IPv4 address |
|---|---|---|
| planetlabX.gino-research.net.in.tum.de | 2001:4ca0:108:42::X | 138.246.253.X |
| dallas | 2600:3c00::f03c:91ff:fe3b:d2d | 45.33.5.55 |
| singapore | 2400:8901::f03c:91ff:fe3b:d08 | 139.162.29.117 |
References
Related publications
| 2025-10-01 | Patrick Sattler, Matthias Kirstein, Lars Wüstrich, Johannes Zirngibl, Georg Carle, “Lazy Eye Inspection: Capturing the State of Happy Eyeballs Implementations,” in Proceedings of the 2025 Internet Measurement Conference, Oct. 2025. [Pdf] [Homepage] [Bib] |
| 2025-06-01 | Patrick Sattler, Johannes Zirngibl, Fahad Hilal, Oliver Gasser, Kevin Vermeulten, Georg Carle, Mattijs Jonker, “ECSeptional DNS Data: Evaluating Nameserver ECS Deployments with Response-Aware Scanning,” Proc. ACM Netw., vol. 3, no. CoNEXT2, Jun. 2025. [Pdf] [Homepage] [DOI] [Bib] |
| 2024-07-01 | Markus Sosnowski, Johannes Zirngibl, Patrick Sattler, Juliane Aulbach, Jonas Lang, Georg Carle, “An Internet-wide View on HTTPS Certificate Revocations: Observing the Revival of CRLs via Active TLS Scans,” in Proc. IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Jul. 2024. [Pdf] [DOI] [Bib] |
| 2024-06-01 | Fahad Hilal, Patrick Sattler, Kevin Vermeulen, Oliver Gasser, “A First Look At IPv6 Hypergiant Infrastructure,” Proc. ACM Netw., vol. 2, no. CoNEXT2, Jun. 2024. [Url] [Pdf] [DOI] [Bib] |
| 2024-06-01 | Markus Sosnowski, Johannes Zirngibl, Patrick Sattler, Georg Carle, Claas Grohnfeldt, Michele Russo, Daniele Sgandurra, “EFACTLS: Effective Active TLS Fingerprinting for Large-scale Server Deployment Characterization,” IEEE Transactions on Network and Service Management, vol. 21, no. 3, pp. 2582–2595, Jun. 2024. [Homepage] [Rawdata] [DOI] [Bib] |
| 2024-05-01 | Markus Sosnowski, Patrick Sattler, Johannes Zirngibl, Tim Betzer, Georg Carle, “Propagating Threat Scores With a TLS Ecosystem Graph Model Derived by Active Measurements,” in Proc. Network Traffic Measurement and Analysis Conference (TMA), May 2024. [Pdf] [Slides] [Homepage] [DOI] [Bib] |
| 2024-03-01 | Johannes Zirngibl, Florian Gebauer, Patrick Sattler, Markus Sosnowski, Georg Carle, “QUIC Hunter: Finding QUIC Deployments and Identifying Server Libraries Across the Internet,” in Passive and Active Measurement Conference (PAM), Mar. 2024. [Homepage] [DOI] [Bib] |
| 2023-12-01 | Patrick Sattler, Johannes Zirngibl, Mattijs Jonker, Oliver Gasser, Georg Carle, Ralph Holz, “Packed to the Brim: Investigating the Impact of Highly Responsive Prefixes on Internet-wide Measurement Campaigns,” Proc. ACM Netw., vol. 1, no. CoNEXT3, Dec. 2023. [Url] [Pdf] [Homepage] [DOI] [Bib] |
| 2023-07-01 | Simon Bauer, Patrick Sattler, Johannes Zirngibl, Christoph Schwarzenberg, Georg Carle, “Evaluating the Benefits: Quantifying the Effects of TCP Options, QUIC, and CDNs on Throughput,” in Proceedings of the Applied Networking Research Workshop, Jul. 2023. [Pdf] [Sourcecode] [Bib] |
| 2023-07-01 | Johannes Naab, Patrick Sattler, Johannes Zirngibl, Stephan Günther, Georg Carle, “Gotta Query ’Em All, Again! Repeatable Name Resolution with Full Dependency Provenance,” in Proceedings of the Applied Networking Research Workshop, Jul. 2023. [Pdf] [Rawdata] [Bib] |
| 2023-07-01 | Johannes Zirngibl, Patrick Sattler, Georg Carle, “A First Look at SVCB and HTTPS DNS Resource Records in the Wild,” in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Jul. 2023. [Pdf] [DOI] [Bib] |
| 2023-06-01 | Lion Steger, Liming Kuang, Johannes Zirngibl, Georg Carle, Oliver Gasser, “Target Acquired? Evaluating Target Generation Algorithms for IPv6,” in Proceedings of the Network Traffic Measurement and Analysis Conference (TMA), Jun. 2023. Best Paper Award [Pdf] [Bib] |
| 2023-05-01 | Simon Bauer, Janluka Janelidze, Benedikt Jaeger, Patrick Sattler, Patrick Brzoza, Georg Carle, “On the Accuracy of Active Capacity Estimation in the Internet,” in 2023 IEEE/IFIP Network Operations and Management Symposium (NOMS 2023), Miami, USA, May 2023. [Pdf] [Bib] |
| 2023-03-01 | Markus Sosnowski, Johannes Zirngibl, Patrick Sattler, Georg Carle, “DissecTLS: A Scalable Active Scanner for TLS Server Configurations, Capabilities, and TLS Fingerprinting,” in Passive and Active Measurement, Mar. 2023, pp. 110–126. [Pdf] [Homepage] [Rawdata] [DOI] [Bib] |
| 2023-01-01 | Florian Streibelt, Patrick Sattler, Franziska Lichtblau, Carlos H. Gañán, Anja Feldmann, Oliver Gasser, Tobias Fiebig, “How Ready is DNS for an IPv6-Only World?,” in Passive and Active Measurement, Cham, 2023. Best Paper Award [Pdf] [DOI] [Bib] |
| 2022-10-01 | Patrick Sattler, Juliane Aulbach, Johannes Zirngibl, Georg Carle, “Towards a Tectonic Traffic Shift? Investigating Apple’s New Relay Network,” in Proceedings of the 2022 Internet Measurement Conference, Oct. 2022. [Pdf] [Homepage] [Rawdata] [Bib] |
| 2022-10-01 | Johannes Zirngibl, Lion Steger, Patrick Sattler, Oliver Gasser, Georg Carle, “Rusty Clusters? Dusting an IPv6 Research Foundation,” in Proceedings of the 2022 Internet Measurement Conference, Oct. 2022. [Pdf] [Homepage] [Rawdata] [DOI] [Bib] |
| 2022-06-01 | Markus Sosnowski, Johannes Zirngibl, Patrick Sattler, Georg Carle, Claas Grohnfeldt, Michele Russo, Daniele Sgandurra, “Active TLS Stack Fingerprinting: Characterizing TLS Server Deployments at Scale,” in Proc. Network Traffic Measurement and Analysis Conference (TMA), Jun. 2022. Best Paper Award [Pdf] [Slides] [Homepage] [Rawdata] [Bib] |
| 2022-06-01 | Johannes Zirngibl, Steffen Deusch, Patrick Sattler, Juliane Aulbach, Georg Carle, Mattijs Jonker, “Domain Parking: Largely Present, Rarely Considered!,” in Proc. Network Traffic Measurement and Analysis Conference (TMA) 2022, Jun. 2022. [Pdf] [Bib] |
| 2022-06-01 | Fabian Franzen, Lion Steger, Johannes Zirngibl, Patrick Sattler, “Looking for Honey Once Again: Detecting RDP and SMB Honeypots on the Internet,” in International Workshop on Traffic Measurements for Cybersecurity 2022, Jun. 2022. [Pdf] [Slides] [Sourcecode] [Bib] |
| 2021-11-01 | Johannes Zirngibl, Philippe Buschmann, Patrick Sattler, Benedikt Jaeger, Juliane Aulbach, Georg Carle, “It’s over 9000: Analyzing early QUIC Deployments with the Standardization on the Horizon,” in Proceedings of the 2021 Internet Measurement Conference, New York, NY, USA, Nov. 2021. [Preprint] [Homepage] [Rawdata] [Recording] [DOI] [Bib] |
| 2019-10-01 | Johannes Naab, Patrick Sattler, Jonas Jelten, Oliver Gasser, Georg Carle, “Prefix Top Lists: Gaining Insights with Prefixes from Domain-based Top Lists on DNS Deployment,” in Proceedings of the Internet Measurement Conference, New York, NY, USA, Oct. 2019, pp. 351–357. [Pdf] [Slides] [Homepage] [DOI] [Bib] |
| 2019-10-01 | Pawel Foremski, Oliver Gasser, Giovane Moura, “DNS Observatory: The Big Picture of the DNS,” in Proceedings of the 2019 Internet Measurement Conference, New York, NY, USA, Oct. 2019. [Pdf] [Slides] [DOI] [Bib] |
| 2019-03-01 | Wouter B. de Vries, Quirin Scheitle, Moritz Müller, Willem Toorop, Ralph Dolmans, Roland van Rijswijk-Deij, “A First Look at QNAME Minimization in the Domain Name System,” in Proceedings of the Passive and Active Measurement Conference (PAM 2019), Best Dataset Award, Puerto Varas, Chile, Mar. 2019. [Url] [Bib] |
| 2018-11-01 | Oliver Gasser, Quirin Scheitle, Pawel Foremski, Qasim Lone, Maciej Korczynski, Stephen D. Strowes, Luuk Hendriks, Georg Carle, “Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists,” in Proceedings of the 2018 Internet Measurement Conference, New York, NY, USA, Nov. 2018. [Pdf] [Slides] [Homepage] [Rawdata] [Arxiv] [Blog] [DOI] [Bib] |
| 2018-11-01 | Quirin Scheitle, Oliver Gasser, Theodor Nolte, Johanna Amann, Lexi Brent, Georg Carle, Ralph Holz, Thomas C. Schmidt, Matthias Wählisch, “The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem,” in Internet Measurement Conference (2018), Boston, USA, Nov. 2018, pp. 343–349. [Rawdata] [Arxiv] [DOI] [Bib] |
| 2018-11-01 | Quirin Scheitle, Oliver Hohlfeld, Julien Gamba, Jonas Jelten, Torsten Zimmermann, Stephen D. Strowes, Narseo Vallina-Rodriguez, “A Long Way to the Top: Significance, Structure, and Stability of Internet Top Lists,” in Internet Measurement Conference (IMC’18), IMC’18 Community Contribution Award, Boston, USA, Nov. 2018, pp. 478–493. [Homepage] [Rawdata] [Arxiv] [DOI] [Bib] |
| 2018-10-01 | Paul Emmerich, Maximilian Pudelko, Quirin Scheitle, Georg Carle, “Efficient Dynamic Flow Tracking for Packet Analyzers,” in CloudNet, Tokyo, Japan, Oct. 2018. [Pdf] [Bib] |
| 2018-04-01 | Quirin Scheitle, Taejoong Chung, Jens Hiller, Oliver Gasser, Johannes Naab, Roland van Rijswijk-Deij, Oliver Hohlfeld, Ralph Holz, Dave Choffnes, Alan Mislove, Georg Carle, “A First Look at Certification Authority Authorization (CAA),” ACM SIGCOMM Computer Communications Review (CCR), Apr. 2018. [Url] [Pdf] [Preprint] [Homepage] [Rawdata] [Bib] |
| 2018-03-01 | Tobias Brunnwieser, Oliver Gasser, Sree Harsha Totakura, Georg Carle, “Live Detection and Analysis of HTTPS Interceptions,” in Passive and Active Measurement Conference (PAM), Poster, Berlin, Germany, Mar. 2018. [Pdf] [Poster] [Bib] |
| 2018-03-01 | Oliver Gasser, Benjamin Hof, Max Helm, Maciej Korczynski, Ralph Holz, Georg Carle, “In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements,” in Proceedings of the Passive and Active Measurement Conference (PAM 2018), Best Paper Award, Berlin, Germany, Mar. 2018. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Blog] [Bib] |
| 2018-03-01 | Quirin Scheitle, Jonas Jelten, Oliver Hohlfeld, Luca Ciprian, Georg Carle, “Structure and Stability of Internet Top Lists,” in PAM’18 Poster, Berlin, Mar. 2018. [Arxiv] [Bib] |
| 2017-11-01 | Johanna Amann*, Oliver Gasser*, Quirin Scheitle*, Lexi Brent, Georg Carle, Ralph Holz, “Mission Accomplished? HTTPS Security after DigiNotar,” in Proceedings of the Internet Measurement Conference (IMC 2017), IMC’17 Community Contribution Award, IRTF Applied Networking Research Prize (ANRP) 2018, London, UK, Nov. 2017. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib] |
| 2017-11-01 | Patricia Callejo, Connor Kelton, Narseo Vallina-Rodriguez, Rubén Cuevas, Oliver Gasser, Christian Kreibich, Florian Wohlfart, Ángel Cuevas, “Opportunities and Challenges of Ad-based Measurements from the Edge of the Network,” in Proc. of the 16th ACM Workshop on Hot Topics in Networks, Nov. 2017. [Pdf] [Bib] |
| 2017-10-01 | Oliver Gasser, Quirin Scheitle, Benedikt Rudolph, Carl Denis, Nadja Schricker, Georg Carle, “The Amplification Threat Posed by Publicly Reachable BACnet Devices,” Journal of Cyber Security and Mobility, Oct. 2017. [Url] [Pdf] [Bib] |
| 2017-08-01 | Quirin Scheitle, Matthias Wählisch, Oliver Gasser, Thomas C. Schmidt, Georg Carle, “Towards an Ecosystem for Reproducible Research in Computer Networking,” in ACM SIGCOMM Reproducibility Workshop, Los Angeles, USA, Aug. 2017. [Pdf] [Slides] [Bib] |
| 2017-06-01 | Matthias Wachs, Quirin Scheitle, Georg Carle, “Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication,” in Network Traffic Measurement and Analysis Conference (TMA), Best Paper Award TMA’17, IEEE ComSoc ITC Best Paper Award 2017, Jun. 2017. [Pdf] [Slides] [Recording] [Bib] |
| 2017-06-01 | Quirin Scheitle, Oliver Gasser, Minoo Rouhi, Georg Carle, “Large-Scale Classification of IPv6-IPv4 Siblings with Variable Clock Skew,” in Network Traffic Measurement and Analysis Conference (TMA), Jun. 2017. [Pdf] [Slides] [Rawdata] [Recording] [Arxiv] [Bib] |
| 2017-06-01 | Quirin Scheitle, Oliver Gasser, Patrick Sattler, Georg Carle, “HLOC: Hints-Based Geolocation Leveraging Multiple Measurement Frameworks,” in Network Traffic Measurement and Analysis Conference (TMA), Best Dataset Award, Dublin, Ireland, Jun. 2017. [Pdf] [Slides] [Rawdata] [Arxiv] [Bib] |
| 2017-05-01 | Oliver Gasser, Quirin Scheitle, Carl Denis, Nadja Schricker, Georg Carle, “Security Implications of Publicly Reachable Building Automation Systems,” in Proc. 2nd Int. Workshop on Traffic Measurements for Cybersecurity, San Jose, CA, USA, May 2017. [Pdf] [Bib] |
| 2017-02-01 | Oliver Gasser, Quirin Scheitle, Carl Denis, Nadja Schricker, Georg Carle, “Öffentlich erreichbare Gebäudeautomatisierung: Amplification-Anfälligkeit von BACnet und Deployment-Analyse im Internet und DFN,” in 24. DFN-Konferenz Sicherheit in vernetzten Systemen, Hamburg, Germany, Feb. 2017. [Pdf] [Bib] |
| 2016-04-01 | Oliver Gasser, Quirin Scheitle, Sebastian Gebhard, Georg Carle, “Scanning the IPv6 Internet: Towards a Comprehensive Hitlist,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Url] [Pdf] [Slides] [Bib] |
| 2016-03-01 | Quirin Scheitle, Matthias Wachs, Johannes Zirngibl, Georg Carle, “Analyzing Locality of Mobile Messaging Traffic using the MATAdOR Framework,” in Passive and Active Measurements Conference (PAM) 2016 , Heraklion, Greece, Mar. 2016, pp. 190–202. [Pdf] [Preprint] [Slides] [Homepage] [Rawdata] [DOI] [Bib] |
Finished student theses
| Author | Title | Type | Advisors | Year | Links |
| Matthias Kirstein | Happy Eyeballs: A Comprehensive Analysis of the Deployment and Configuration Across Various Versions and Implementations | BA | Patrick Sattler, Johannes Zirngibl, Lars Wüstrich | 2024 | |
| Dimitar Vasilev | Sourcing Service-Specific IPv6-Hitlists using IPv4 Port Scans and Subdomain Analysis | BA | Patrick Sattler, Lion Steger, Johannes Zirngibl | 2024 | |
| Tobias Wothge | ASQ-GINO: Answering Scoped Queries with the Global INternet Observatory | MA | Patrick Sattler, Lion Steger, Johannes Zirngibl | 2024 | |
| Jenna Gudehege | Analysis of IPv6 Hitlist sources | BA | Lion Steger, Patrick Sattler, Johannes Zirngibl | 2024 |
|
| Louis Pydde | Efficient x509 Certificate Metadata Store | IDP | Patrick Sattler, Lion Steger, Christian Dietze | 2024 | |
| Tim Betzer | Graph-based Modeling and Analysis of the TLS Ecosystem | MA | Markus Sosnowski | 2024 | |
| Ben Asam | Evaluating Methods for Increasing AS Coverage of IPv6 Hitlists | BA | Lion Steger, Michael Oberrauch, Tim Betzer | 2024 | |
| Saloni Mordekar | Analysis and Measurement of Internet Security Best Practices | BA | Tim Betzer, Christian Dietze | 2024 | |
| Andreas Cselovsyky | Exploring the Physical Locations of iCloud Private Relay Egress Nodes | BA | Patrick Sattler, Johannes Zirngibl, Lion Steger | 2023 | |
| Christian Benedikt Dietze | Tracking the Lifetime of Domains | MA | Johannes Zirngibl, Patrick Sattler | 2023 |
|
| Franz Bauernschmitt | Evalution of Network Categorization Strategies | BA | Lion Steger, Johannes Zirngibl, Patrick Sattler | 2023 |
|
| Lukas Schröder | Clustering Autonomous System Prefixes using BGP Data | IDP | Max Helm, Patrick Sattler | 2023 | |
| Iñigo Varas | Autonomous System Models using BGP Data and GNNs | BA | Max Helm, Benedikt Jaeger, Johannes Zirngibl, Patrick Sattler | 2023 |
|
| Niklas Beck | Root Cause Analysis for Throughput Limitations of QUIC Connections | MA | Simon Bauer, Johannes Zirngibl | 2023 | |
| Lukas Bernwald | Towards Consistency in Distributed REST API Caching | MA | Markus Sosnowski, Richard von Seck | 2023 | |
| Dan Bachar | Enhancing Distributed REST APIs on the Fly | BA | Markus Sosnowski, Florian Wiedner | 2023 | |
| David Weissmann | The Impact of iCloud Private Relay on Networks | BA | Patrick Sattler, Johannes Zirngibl | 2023 | |
| Tobias Wothge | Egress Node Behavior in iCloud Private Relay | IDP | Patrick Sattler, Johannes Zirngibl, Lars Wüstrich, Lion Steger | 2023 | |
| Louis Pydde | TLS Certificate Usage Evaluation | BA | Patrick Sattler, Johannes Zirngibl | 2023 |
|
| Tobias Zierl | Evaluating Domain Presence in Certificate Transparency Logs | BA | Patrick Sattler, Johannes Zirngibl | 2023 | |
| Benedikt Ruben Schaschko | Inferring AS Links from a Tier 1 Dataset | BA | Patrick Sattler, Johannes Zirngibl | 2023 | |
| Tobias Wasner | Continuous Monitoring and Quality Assessment of Internet-wide Scans | IDP | Patrick Sattler, Johannes Zirngibl | 2023 | |
| Simon Karan Guayana | Analyzing the Effect of Transport Parameters on QUIC’s Performance | BA | Johannes Zirngibl, Benedikt Jaeger | 2022 |
|
| Marcel Kempf | Analysis of Performance Limitations in QUIC Implementations | MA | Benedikt Jaeger, Johannes Zirngibl | 2022 |
|
| Florian Gebauer | Evaluating Different QUIC Scan Approaches | BA | Johannes Zirngibl, Patrick Sattler | 2022 |
|
| Yudhistira Wibowo | Analysis of Blocklisted TLS Servers | BA | Johannes Zirngibl, Patrick Sattler | 2022 | |
| Robert Dillitz | Transformation and Evaluation of TLS Behavior Graphs | MA | Johannes Zirngibl, Benedikt Jaeger, Markus Sosnowski | 2022 |
|
| Zhou Lu | Structural Analysis of Internet Measurement Anomalies | MA | Lion Steger, Johannes Zirngibl | 2022 |
|
| Liming Kuang | Target Generation for IPv6 Hitlists | BA | Lion Steger, Johannes Zirngibl | 2022 |
|
| Christian Benedikt Dietze | Setup and Deployment of a Resilient Internet Scanning Infrastructure | IDP | Patrick Sattler, Johannes Zirngibl | 2022 |
|
| Mohammad Shaharyar Shaukat | Measuring the Impact of Transport Layer Protocols and Their Configuration on the Performance of Connections | MA | Simon Bauer, Patrick Sattler, Johannes Zirngibl | 2022 | |
| Rene Jung | Detecting the Internet Presence of Organizations Utilizing the Graph Structure of the TLS Ecosystem | BA | Markus Sosnowski, Patrick Sattler | 2022 |
|
| Patrick Großmann | Extended Usage Analysis of EDNS Client Subnet | BA | Patrick Sattler, Johannes Zirngibl, Lion Steger | 2022 | |
| Theresa Gräbner | Setup and Deployment of a Large Scale Certificate Scan Database | BA | Patrick Sattler, Johannes Zirngibl | 2022 | |
| Tim Betzer | Propagate Distrust Among Servers Utilizing the Graph Structure of the TLS Ecosystem | IDP | Markus Sosnowski | 2022 | |
| Jonas Lang | Towards an Internet-Wide Certificate Revocation Observatory | IDP | Juliane Aulbach, Markus Sosnowski, Patrick Sattler | 2022 | |
| Lion Steger | State of the IPv6 Internet: Revisiting IPv6 Hitlists | BA | Johannes Zirngibl, Patrick Sattler, Juliane Aulbach, Oliver Gasser | 2021 | |
| Raphael Schmid | ROV + IRR: Are Authorized Routes Registered? | BA | Johannes Zirngibl, Patrick Sattler, Juliane Aulbach | 2021 |
|
| Pascal Henschke | Analyzing BGP as a Graph | BA | Johannes Zirngibl, Patrick Sattler, Juliane Aulbach | 2021 |
|
| Steffen Deusch | Analyzing the Effect of Domain Parking on DNS Based Research | BA | Johannes Zirngibl, Patrick Sattler, Juliane Aulbach | 2021 |
|
| Felix Myhsok | Blocklists: Who is blocked? | BA | Johannes Zirngibl, Patrick Sattler, Markus Sosnowski | 2021 |
|
| Daniel Hegedüs | The First Year of QUIC v1 Deployment | BA | Johannes Zirngibl, Patrick Sattler, Benedikt Jaeger, Juliane Aulbach | 2021 |
|
| Ben Riegel | Assessing Link Utilization From Passive Datasets | BA | Simon Bauer, Johannes Zirngibl | 2021 | |
| Patryk Brzoza | KPI Analysis of Webserver Traffic through Active Measurements | MA | Simon Bauer, Benedikt Jaeger, Patrick Sattler, Christoph Schwarzenberg | 2021 | |
| Yannik Gehring | Revealing Organizational Structures in an Internet-wide TLS Graph | MA | Markus Sosnowski, Patrick Sattler, Juliane Aulbach | 2021 |
|
| Tim Betzer | A Systematic TLS Scanning Approach Minimizing the Used Requests and Comparison with other TLS Scanners | GR | Markus Sosnowski, Patrick Sattler | 2021 | |
| Zeynep Sonkaya | Development of an Efficient Large Scale DNS Scanning Pipeline | IDP | Patrick Sattler, Johannes Zirngibl | 2021 |
|
| Tobias Wothge | Industrial Control Systems (ICS) Protocol Detection | BA | Patrick Sattler, Lars Wüstrich, Johannes Zirngibl | 2021 | |
| Karoline Ilse | IPv6 Deployment Analysis using BGP Announcements | BA | Patrick Sattler, Johannes Zirngibl, Juliane Aulbach | 2021 |
|
| Roland Bernhard Reif | Detecting BGP Hijacking in Real Time | IDP | Patrick Sattler, Johannes Zirngibl | 2020 | |
| Christian Wahl | Analyzing the Stability and Expressiveness of Large-Scale DNS Scans | MA | Patrick Sattler, Johannes Zirngibl, Juliane Aulbach | 2020 | |
| Jasper von der Heidt | Analyzing PTP Master Clocks in the Wild | BA | Johannes Zirngibl, Max Helm, Henning Stubbe | 2020 |
|
| Philippe Buschmann | Analyzing Quic in the wild | MA | Johannes Zirngibl, Patrick Sattler, Benedikt Jaeger, Juliane Aulbach | 2020 |
|
| Christian Kilb | Blocklists: What is blocked and why? | IDP | Johannes Zirngibl, Patrick Sattler, Markus Sosnowski | 2020 |
|
| Sebastian Heinrich Kappes | An Analysis of the Development and Early Deployment of Encrypted SNI | BA | Johannes Zirngibl, Max Helm, Patrick Sattler | 2020 | |
| Lennart Keller | Packet Pacing with the QUIC Protocol | BA | Benedikt Jaeger, Johannes Zirngibl | 2020 |
|
| Robert Dillitz | Uncovering PTP Master Clocks in the Wild | BA | Johannes Zirngibl, Max Helm, Henning Stubbe | 2020 |
|
| Roland Bernhard Reif | Analysis of EDNS Client-Subnet Load Balancing | BA | Patrick Sattler, Johannes Zirngibl | 2019 | |
| Leo Schedelbeck | rDNS Leaks - Disclosing the Real Infrastructure of Shadowed Services | BA, MA, IDP | Johannes Zirngibl, Patrick Sattler | 2019 |
|
| Dominik Kreutzer | Nameserver Rate Limits - Dynamic Adjustment of Scan Behavior | BA, MA, IDP | Johannes Zirngibl, Johannes Naab | 2019 |
|
| Johannes Zirngibl | Extensive Analysis of IPv6 Address Assignment and its rDNS Special Domain ip6.arpa. | MA | Johannes Naab, Quirin Scheitle | 2018 | |
| Johannes Zirngibl | Creating IPv6 Hitlists through Rigorous and Deterministic rDNS Walking | IDP | Johannes Naab, Quirin Scheitle | 2018 | |
| Hamza Zafar | Amplification Attack Detection using Active Measurements | MA | Simon Bauer, Oliver Gasser, Stefan Metzger | 2018 |
|
| Felix Beil | Long Term Analysis of HTTP Strict Transport Security | BA | Quirin Scheitle, Oliver Gasser | 2018 | |
| Ralf Baun | Performance and Security Analysis of Alternative DNS Transports | BA | Quirin Scheitle, Johannes Naab | 2018 |
|
| Glenn Skjong | Internet Toplists: Creating an Alternative Internet Top List Service | MA | Quirin Scheitle, Jonas Jelten | 2018 | |
| Johannes Schleger | Detection and Characterization of TLS Interception in Access Networks | MA | Jonas Jelten, Florian Wohlfart, Quirin Scheitle | 2018 | |
| Alexander Schulz | Identification of IPv6-IPv4 Sibling Pairs from Passive Observations | BA | Quirin Scheitle, Oliver Gasser, Minoo Rouhi | 2017 |
|
| Samy el Deib | Detecting IPv6-IPv4 Sibling Pairs Based on few Data Points | BA | Quirin Scheitle, Oliver Gasser, Minoo Rouhi | 2017 |
|
| Florens Werner | Finding Active IPv6 Addresses | BA | Quirin Scheitle, Oliver Gasser, Johannes Naab | 2017 |
|
| Fabian Raab | Influence of BGP Community Attributes on Routing and Internet Traffic | IDP | Oliver Gasser, Quirin Scheitle, Christoph Dietzel | 2017 |
|
| Tobias Brunnwieser | A Framework for Detection and Analysis of HTTPS Interception | MA | Oliver Gasser, Sree Harsha Totakura, Florian Wohlfart | 2017 | |
| Max Helm | Traceable Measurement Result Publication in Append-only Ledgers | MA | Oliver Gasser, Benjamin Hof, Quirin Scheitle | 2017 |
|
| Emanuel Vintila | Continuous Development of Open Source C++ Flow Toolkit | HiWi | Oliver Gasser, Johannes Naab | 2017 |
|
| Jan-Philipp Lauinger | Evaluating Client Discrimination in Anonymization Networks Using Active Network Scans | Forschungspraxis | Oliver Gasser, Sree Harsha Totakura | 2017 |
|
| Hendrik Eichner | Revisiting SSH Security in the Internet | BA | Oliver Gasser, Minoo Rouhi | 2017 |
|
| Max Helm | Evaluating TLS Certificate Transparency Logs using Active Scans | IDP | Oliver Gasser, Benjamin Hof | 2017 |
|
| Maximilian Pudelko | Payload Extraction for Flows with Anomalous TTL Behaviour | IDP | Quirin Scheitle, Paul Emmerich | 2017 |
|
| Markus Sosnowski | Internet-Wide Assessment of TCP Options | BA | Quirin Scheitle, Oliver Gasser, Minoo Rouhi, Paul Emmerich, Dominik Scholz | 2017 |
|
| Thomas Bachmaier | Scanning for TCP SYN Proxy Implementations | BA | Dominik Scholz, Paul Emmerich, Quirin Scheitle, Minoo Rouhi | 2017 |
|
| Johannes Fischer | Browser-based Internet connection testing | MA | Florian Wohlfart, Oliver Gasser | 2016 |
|
| Jonas Heintzenberg | Browser-based Internet connection testing | BA | Florian Wohlfart, Oliver Gasser | 2016 |
|
| Sven Hertle | Analysis of cellular ISP networks | MA | Florian Wohlfart | 2016 |
|
| Patrick Sattler | Parsing geographical locations from DNS names | GR | Quirin Scheitle, Oliver Gasser | 2016 | |
| Frank Schmidt | Large Scale DNS Scanner in Go | MA | Johannes Naab, Oliver Gasser | 2016 | |
| Pirmin Blanz | IPv6 TLS Security Scanning | MA | Oliver Gasser, Quirin Scheitle | 2016 | |
| Michael Köpferl | Evaluation of amplification attacks in large-scale networks to improve detection performance | IDP | Oliver Gasser, Stefan Metzger | 2016 |
Open and running student theses
| Author | Title | Type | Advisors | Year | Links |
| Neo Yang | Analysis and Evaluation of Test Methods for the Automated Verification of Device Cybersecurity | BA | Tim Betzer | 2025 | |
| Valentin Linhardt | Searching Patterns in Simulated Network Attacks | BA | Tim Betzer, Lion Steger | 2025 | |
| Kempec Halk | Detecting Network Latency Anomalies using regular Traceroute Measurements | MA | Tim Betzer, Michael Oberrauch | 2025 | |
| Jay Neubrand | Implementing a Monitoring System for Internet Scans | IDP | Tim Betzer, Christian Dietze | 2025 |
|
| Oliver Dürer | Leveraging RO-Crates with Internet Scan Data | BA | Christian Dietze, Tim Betzer | 2025 |
|
| Christian Junginger | Design and Implementation of a TGA Evaluation Platform | BA, IDP | Lion Steger, Johannes Zirngibl | 2025 |
|
| Lazlo Jäger | Optimization of IPv6 Aliased Prefix Detection | MA | Lion Steger, Johannes Zirngibl | 2025 |
|
| Max Reimann | Identifying Trends in Aftermarket Domain Sales | MA | Christian Dietze, Patrick Sattler | 2024 | |
| Eduard Rupp | Improving Efficiency of IPv6 Measurements | IDP | Lion Steger, Patrick Sattler, Johannes Zirngibl | 2024 |