Skip to content

Errors & Artifacts

Jump to bottom Edit New page
Jon Hart edited this page Feb 19, 2016 · 5 revisions

Over the course of the project things have inevitably gone wrong. This page documents quality issues in the Project Sonar datasets.

ALL

No scans were conducted for several days (TBD) around 02/08/2016, causing (at least) the ssl_443 study from being skipped.

UDP

  • The zmap UDP probe module was dropping UDP probe replies that returned from a different UDP port than the one they were sent to. This had a major impact on the number of responses captured, resulting in missing data from 2014-06 to 2015-02. All UDP scans from after 2015-02-01 have corrected this issue and should show significantly higher numbers of results. The change to not drop packets coming from other sources ports will increase the noise level as well, due to previous scans triggering continuous slow replies to the scanning system. For example, the VxWorks WDBRPC and NATPMP probes can both trigger continuous replies from certain devices and these replies may now show up in unrelated scan results, such as SIP.

  • The zmap UDP probe module output was including some of its own outbound traffic. This resulted in ~1000 bogus replies per scan from 2015-02-01 through 2015-02-18. These bogus replies can be filtered from the dataset by excluding packets with a TTL of 255.

  • Incorrect BGP announcements caused a subset of the scanning traffic to be mishandled, resulting in a noticeable drop in discovered endpoints across almost all Sonar datasets derived from scanning.

Reverse DNS

  • A small number of RDNS jobs are missing from the published dataset due to operational issues. In the case of 2014-11-05 and 2014-11-19, broken datasets had been published that were missing most of the results, and these have since been removed. Between 2014-12-17 and 2015-01-28, two RDNS jobs did not run due to a scheduling issue.
Add a custom footer

Introduction

Dataset Information

Help

Clone this wiki locally