thats one word when you describe CARNA botnet, which is a single handed attempt to map the entire Internet by a researcher, which makes it a single most herculean feat I have witnessed in digital domain which both grips me with mixed feelings of astonishment and Deja Vu.
As the paper states, the basic theory behind CARNA was
After completing the scan of roughly one hundred thousand IP addresses, we realized the number of insecure devices must be at least one hundred thousand. Starting with one device and assuming a scan speed of ten IP addresses per second, it should find the next open device within one hour. The scan rate would be doubled if we deployed a scanner to the newly found device. After doubling the scan rate in this way about 16.5 times, all unprotected devices would be found; this would take only 16.5 hours. Additionally, with one hundred thousand devices scanning at ten probes per second we would have a distributed port scanner to port scan the entire IPv4 Internet within one hour.
Impressive.. and the payload they devised was small, surgical and targeted routers with insecure logins.
The binary on the router was written in plain C. It was compiled for 9 different architectures using the OpenWRT Buildroot. In its latest and largest version this binary was between 46 and 60 kb in size depending on the target architecture.
Well, the end results ? ~ 420,000 infected routers are identified with 1,300,000,000 geolocated IPV4 devices with about one-third of those responding directly to pings.
Incredible..as I earlier said. Sceptics will say that It can be a hoax, as its difficult to verify with a 586GB bittorrent file compressed with ZPAQ which will decompress to 9TB , it needs somewhat of super human effort to download, unpack and analyze data if it really exists. But again, if its true, Its .. its awesome.
Like I said, prepare to be amazed.