GINO

Global INternet Observatory

Scientists:	Johannes Zirngibl, M.Sc., Patrick Sattler, M.Sc., Dr.-Ing. Quirin Scheitle, Dr. Oliver Gasser, Minoo Rouhi, M. Sc., Johannes Naab, M.Sc., Edwin Cordeiro, M.Sc., Dr. Heiko Niedermayer, Florian Wohlfart, M.Sc.
Since:	01.11.2016

Motivation

Internet measurements have long been a research priority at our chair. These measurements help us better understand the Internet and its security.

Over the years, we acquired vast knowledge in the area of large scale network measurements. This helps us to understand the current network state and its development. We seek to be harmless and conduct all measurements in an ethical manner.

If you are an interested researcher or students who wants to cooperate with us or if you have any questions, feel free to contact us. GINO is a research group for exchanging ongoing research, concepts, and ideas in the Internet measurement domain.

Internet-wide scans

We conduct various regular and ad-hoc Internet-wide scans for protocols such as HTTPS, DNS, and BACnet. These are purely scientific and we never attempt to intrude into any system. We follow best practices laid out by the scientific community such as by Dittrich et al. ¹, and Partridge and Allman ².
If you are affected by these, e.g., because of IDS alerts, please contact us and we will be happy to blacklist you immediately. Futher information can be found on Scans.

The involved machines are:

Host	IPv6 address	IPv4 address
planetlabX.net.in.tum.de	2001:4ca0:108:42::X	138.246.253.X
dallas	2600:3c00::f03c:91ff:fe3b:d2d	45.33.5.55
singapore	2400:8901::f03c:91ff:fe3b:d08	139.162.29.117

For a brief time in February 2018, the rDNS pointer for planetlab19.net.in.tum.de. points to researchscan19.netintum.umbrellastudy.com.

IPv6 Hitlist

We provide a daily updated IPv6 hitlist which can be downloaded by interested researchers. Find more information on our dedicated IPv6 hitlist page.

Toplists

We provide a daiy-to-day analysis of regularly used toplists. Find more information on our github Toplist page.

SMB Scans

In cooperation with the Chair of IT Security, SMB scans to detect honeypots are conducted at our chair. Find more information on SMB Scans.

Contact

If this sounds interesting to you, feel free to contact us:

Johannes Zirngibl
Patrick Sattler

References

D. Dittrich, E. Kenneally et al., “The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research,” US Department of Homeland Security, 2012. ↩
C. Partridge and M. Allman, “Ethical Considerations in Network Measurement Papers”, Communications of the ACM, 2016. ↩

Related publications

2019-10-01	Johannes Naab, Patrick Sattler, Jonas Jelten, Oliver Gasser, Georg Carle, “Prefix Top Lists: Gaining Insights with Prefixes from Domain-based Top Lists on DNS Deployment,” in Proceedings of the Internet Measurement Conference, New York, NY, USA, Oct. 2019, pp. 351–357. [Pdf] [Slides] [Homepage] [DOI] [Bib]
2019-03-01	Wouter B. de Vries, Quirin Scheitle, Moritz Müller, Willem Toorop, Ralph Dolmans, Roland van Rijswijk-Deij, “A First Look at QNAME Minimization in the Domain Name System,” in Proceedings of the Passive and Active Measurement Conference (PAM 2019), Best Dataset Award, Puerto Varas, Chile, Mar. 2019. [Url] [Bib]
2018-11-01	Oliver Gasser, Quirin Scheitle, Pawel Foremski, Qasim Lone, Maciej Korczynski, Stephen D. Strowes, Luuk Hendriks, Georg Carle, “Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists,” in Proceedings of the 2018 Internet Measurement Conference, New York, NY, USA, Nov. 2018. [Pdf] [Slides] [Homepage] [Rawdata] [Arxiv] [Blog] [DOI] [Bib]
2018-11-01	Quirin Scheitle, Oliver Gasser, Theodor Nolte, Johanna Amann, Lexi Brent, Georg Carle, Ralph Holz, Thomas C. Schmidt, Matthias Wählisch, “The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem,” in Internet Measurement Conference (2018), Boston, USA, Nov. 2018, pp. 343–349. [Rawdata] [Arxiv] [DOI] [Bib]
2018-11-01	Quirin Scheitle, Oliver Hohlfeld, Julien Gamba, Jonas Jelten, Torsten Zimmermann, Stephen D. Strowes, Narseo Vallina-Rodriguez, “A Long Way to the Top: Significance, Structure, and Stability of Internet Top Lists,” in Internet Measurement Conference (IMC’18), IMC’18 Community Contribution Award, Boston, USA, Nov. 2018, pp. 478–493. [Homepage] [Rawdata] [Arxiv] [DOI] [Bib]
2018-10-01	Paul Emmerich, Maximilian Pudelko, Quirin Scheitle, Georg Carle, “Efficient Dynamic Flow Tracking for Packet Analyzers,” in CloudNet, Tokyo, Japan, Oct. 2018. [Pdf] [Bib]
2018-04-01	Quirin Scheitle, Taejoong Chung, Jens Hiller, Oliver Gasser, Johannes Naab, Roland van Rijswijk-Deij, Oliver Hohlfeld, Ralph Holz, Dave Choffnes, Alan Mislove, Georg Carle, “A First Look at Certification Authority Authorization (CAA),” ACM SIGCOMM Computer Communications Review (CCR), Apr. 2018. [Url] [Pdf] [Preprint] [Homepage] [Rawdata] [Bib]
2018-03-01	Tobias Brunnwieser, Oliver Gasser, Sree Harsha Totakura, Georg Carle, “Live Detection and Analysis of HTTPS Interceptions,” in Passive and Active Measurement Conference (PAM), Poster, Berlin, Germany, Mar. 2018. [Pdf] [Poster] [Bib]
2018-03-01	Oliver Gasser, Benjamin Hof, Max Helm, Maciej Korczynski, Ralph Holz, Georg Carle, “In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements,” in Proceedings of the Passive and Active Measurement Conference (PAM 2018), Best Paper Award, Berlin, Germany, Mar. 2018. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Blog] [Bib]
2018-03-01	Quirin Scheitle, Jonas Jelten, Oliver Hohlfeld, Luca Ciprian, Georg Carle, “Structure and Stability of Internet Top Lists,” in PAM’18 Poster, Berlin, Mar. 2018. [Arxiv] [Bib]
2017-11-01	Johanna Amann, Oliver Gasser, Quirin Scheitle*, Lexi Brent, Georg Carle, Ralph Holz, “Mission Accomplished? HTTPS Security after DigiNotar,” in Proceedings of the Internet Measurement Conference (IMC 2017), IMC’17 Community Contribution Award, IRTF Applied Networking Research Prize (ANRP) 2018, London, UK, Nov. 2017. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]
2017-11-01	Patricia Callejo, Connor Kelton, Narseo Vallina-Rodriguez, Rubén Cuevas, Oliver Gasser, Christian Kreibich, Florian Wohlfart, Ángel Cuevas, “Opportunities and Challenges of Ad-based Measurements from the Edge of the Network,” in Proc. of the 16th ACM Workshop on Hot Topics in Networks, Nov. 2017. [Pdf] [Bib]
2017-10-01	Oliver Gasser, Quirin Scheitle, Benedikt Rudolph, Carl Denis, Nadja Schricker, Georg Carle, “The Amplification Threat Posed by Publicly Reachable BACnet Devices,” Journal of Cyber Security and Mobility, Oct. 2017. [Url] [Pdf] [Bib]
2017-08-01	Quirin Scheitle, Matthias Wählisch, Oliver Gasser, Thomas C. Schmidt, Georg Carle, “Towards an Ecosystem for Reproducible Research in Computer Networking,” in ACM SIGCOMM Reproducibility Workshop, Los Angeles, USA, Aug. 2017. [Pdf] [Slides] [Bib]
2017-06-01	Matthias Wachs, Quirin Scheitle, Georg Carle, “Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication,” in Network Traffic Measurement and Analysis Conference (TMA), Best Paper Award TMA’17, IEEE ComSoc ITC Best Paper Award 2017, Jun. 2017. [Pdf] [Slides] [Recording] [Bib]
2017-06-01	Quirin Scheitle, Oliver Gasser, Minoo Rouhi, Georg Carle, “Large-Scale Classification of IPv6-IPv4 Siblings with Variable Clock Skew,” in Network Traffic Measurement and Analysis Conference (TMA), Jun. 2017. [Pdf] [Slides] [Rawdata] [Recording] [Arxiv] [Bib]
2017-06-01	Quirin Scheitle, Oliver Gasser, Patrick Sattler, Georg Carle, “HLOC: Hints-Based Geolocation Leveraging Multiple Measurement Frameworks,” in Network Traffic Measurement and Analysis Conference (TMA), Best Dataset Award, Dublin, Ireland, Jun. 2017. [Pdf] [Slides] [Rawdata] [Arxiv] [Bib]
2017-05-01	Oliver Gasser, Quirin Scheitle, Carl Denis, Nadja Schricker, Georg Carle, “Security Implications of Publicly Reachable Building Automation Systems,” in Proc. 2nd Int. Workshop on Traffic Measurements for Cybersecurity, San Jose, CA, USA, May 2017. [Pdf] [Bib]
2017-02-01	Oliver Gasser, Quirin Scheitle, Carl Denis, Nadja Schricker, Georg Carle, “Öffentlich erreichbare Gebäudeautomatisierung: Amplification-Anfälligkeit von BACnet und Deployment-Analyse im Internet und DFN,” in 24. DFN-Konferenz Sicherheit in vernetzten Systemen, Hamburg, Germany, Feb. 2017. [Pdf] [Bib]
2016-04-01	Oliver Gasser, Quirin Scheitle, Sebastian Gebhard, Georg Carle, “Scanning the IPv6 Internet: Towards a Comprehensive Hitlist,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Url] [Pdf] [Slides] [Bib]
2016-03-01	Quirin Scheitle, Matthias Wachs, Johannes Zirngibl, Georg Carle, “Analyzing Locality of Mobile Messaging Traffic using the MATAdOR Framework,” in Passive and Active Measurements Conference (PAM) 2016 , Heraklion, Greece, Mar. 2016, pp. 190–202. [Pdf] [Preprint] [Slides] [Homepage] [Rawdata] [DOI] [Bib]

Finished student theses

Author	Title	Type	Advisors	Year	Links
Johannes Zirngibl	Extensive Analysis of IPv6 Address Assignment and its rDNS Special Domain ip6.arpa.	MA	Johannes Naab, Quirin Scheitle	2018
Johannes Zirngibl	Creating IPv6 Hitlists through Rigorous and Deterministic rDNS Walking	IDP	Johannes Naab, Quirin Scheitle	2018
Hamza Zafar	Amplification Attack Detection using Active Measurements	MA	Simon Bauer, Oliver Gasser, Stefan Metzger	2018
Felix Beil	Long Term Analysis of HTTP Strict Transport Security	BA	Quirin Scheitle, Oliver Gasser	2018
Ralf Baun	Performance and Security Analysis of Alternative DNS Transports	BA	Quirin Scheitle, Johannes Naab	2018
Glenn Skjong	Internet Toplists: Creating an Alternative Internet Top List Service	MA	Quirin Scheitle, Jonas Jelten	2018
Johannes Schleger	Detection and Characterization of TLS Interception in Access Networks	MA	Jonas Jelten, Florian Wohlfart, Quirin Scheitle	2018
Alexander Schulz	Identification of IPv6-IPv4 Sibling Pairs from Passive Observations	BA	Quirin Scheitle, Oliver Gasser, Minoo Rouhi	2017
Samy el Deib	Detecting IPv6-IPv4 Sibling Pairs Based on few Data Points	BA	Quirin Scheitle, Oliver Gasser, Minoo Rouhi	2017
Florens Werner	Finding Active IPv6 Addresses	BA	Quirin Scheitle, Oliver Gasser, Johannes Naab	2017
Fabian Raab	Influence of BGP Community Attributes on Routing and Internet Traffic	IDP	Oliver Gasser, Quirin Scheitle, Christoph Dietzel	2017
Tobias Brunnwieser	A Framework for Detection and Analysis of HTTPS Interception	MA	Oliver Gasser, Sree Harsha Totakura, Florian Wohlfart	2017
Max Helm	Traceable Measurement Result Publication in Append-only Ledgers	MA	Oliver Gasser, Benjamin Hof, Quirin Scheitle	2017
Emanuel Vintila	Continuous Development of Open Source C++ Flow Toolkit	HiWi	Oliver Gasser, Johannes Naab	2017
Jan-Philipp Lauinger	Evaluating Client Discrimination in Anonymization Networks Using Active Network Scans	Forschungspraxis	Oliver Gasser, Sree Harsha Totakura	2017
Hendrik Eichner	Revisiting SSH Security in the Internet	BA	Oliver Gasser, Minoo Rouhi	2017
Max Helm	Evaluating TLS Certificate Transparency Logs using Active Scans	IDP	Oliver Gasser, Benjamin Hof	2017
Maximilian Pudelko	Payload Extraction for Flows with Anomalous TTL Behaviour	IDP	Quirin Scheitle, Paul Emmerich	2017
Markus Sosnowski	Internet-Wide Assessment of TCP Options	BA	Quirin Scheitle, Oliver Gasser, Minoo Rouhi, Paul Emmerich, Dominik Scholz	2017
Thomas Bachmaier	Scanning for TCP SYN Proxy Implementations	BA	Dominik Scholz, Paul Emmerich, Quirin Scheitle, Minoo Rouhi	2017
Johannes Fischer	Browser-based Internet connection testing	MA	Florian Wohlfart, Oliver Gasser	2016
Jonas Heintzenberg	Browser-based Internet connection testing	BA	Florian Wohlfart, Oliver Gasser	2016
Sven Hertle	Analysis of cellular ISP networks	MA	Florian Wohlfart	2016
Patrick Sattler	Parsing geographical locations from DNS names	GR	Quirin Scheitle, Oliver Gasser	2016
Frank Schmidt	Large Scale DNS Scanner in Go	MA	Johannes Naab, Oliver Gasser	2016
Pirmin Blanz	IPv6 TLS Security Scanning	MA	Oliver Gasser, Quirin Scheitle	2016
Michael Köpferl	Evaluation of amplification attacks in large-scale networks to improve detection performance	IDP	Oliver Gasser, Stefan Metzger	2016

Open and running student theses

Author	Title	Type	Advisors	Year	Links
Dominik Kreutzer	Nameserver Rate Limits - Dynamic Adjustment of Scan Behavior	BA, MA, IDP	Johannes Zirngibl, Johannes Naab	2019
Leo Schedelbeck	rDNS Leaks - Disclosing the Real Infrastructure of Shadowed Services	BA, MA, IDP	Johannes Zirngibl, Patrick Sattler	2019