Internet-wide measurements and scans have become an essential tool of today’s research for large-scale phenomena. For example, in respect to security research, we might want to study how the Internet’s overall security posture is, to focus our attention on mitigating large-scale threats. While we are able to perform large-scale scans for the IPv4 address space of today’s Internet, we are currently lacking the techniques and tools to do so for its IPv6 counterpart. Yet, understanding and measuring how the IPv6 Internet is deployed and scanning IPv6-connected devices is similarly important as it is for IPv4, and it will only become more important in the future with its increased adoption.

As part our research, we develop techniques to enumerate part of the IPv6 Internet that is (supposedly) actively being used. To empower other researchers, we aim to make the corresponding source code available as open source, and we publish resulting datasets available as open data. Currently, however, the IPv6 Internet cannot yet be considered stable, which means that the benefit of a single point-in-time IPv6 snapshot will be ever-decreasing. Therefore, we will publish regularly updated versions of our datasets.

The use of the published datasets requires agreeing to the terms of the license below. Specifically, it is a common open data license with special requirements on academic attribution.

Publications

Datasets

March 2022 Update: Public download links have been temporarily disabled because of an absence of available hosting infrastructure. Please reach out to us directly for the time being. Our contact details are below.

Please note that the format of our datasets will likely change in the future. Please follow the collaborators on Twitter for announcements about new data (see Twitter handles below).

Current versions of our dataset are (all times UTC):

IPv6 NXDOMAIN based

IPv4 NXDOMAIN based

IPv4 Bruteforce

License

The datasets are licensed under Creative Commons Attribution 4.0 International License with the additional requirement that the corresponding publications should be cited alongside the website. The respective BibTeX is:

BibTeX

@inproceedings{sp2018-dnssec-ipv6,
  title     = {{Enumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones}},
  author    = {Borgolte, Kevin and Hao, Shuang and Fiebig, Tobias and Vigna, Giovanni},
  booktitle = {Proceedings of the 39th IEEE Symposium on Security \& Privacy},
  series    = {S\&P},
  month     = {May},
  year      = {2018}
}

@inproceedings{pam2018-rdns,
  title     = {{In rDNS We Trust: Revisiting a Common Data-Source's Reliability}},
  author    = {Fiebig, Tobias and Borgolte, Kevin and Hao, Shuang and Kruegel, Christopher and Vigna, Giovanni and Feldmann, Anja},
  booktitle = {Proceedings of the 19th Passive and Active Measurement Conference},
  series    = {PAM},
  month     = {March},
  year      = {2018}
}

@inproceedings{pam2017-nxdomain,
  title     = {{Something From Nothing (There): Collecting Global IPv6 Datasets From DNS}},
  author    = {Fiebig, Tobias and Borgolte, Kevin and Hao, Shuang and Kruegel, Christopher and Vigna, Giovanni},
  booktitle = {Proceedings of the 18th Passive and Active Measurement Conference},
  series    = {PAM},
  month     = {March},
  year      = {2017}
}

Main Collaborators

Kevin Borgolte Kevin Borgolte
Ruhr University Bochum
@caovc
Tobias Fiebig Tobias Fiebig
Max Planck Institute for Informatics (MPI-INF)
@chelloway

Current Institutions

Ruhr University Bochum Logo

Max Planck Institute for Informatics