Far and wide: This map was created using data from the researchers’ census. About a quarter of the address space is still unassigned (blue), a quarter appears to be relatively densely populated (green), and nearly half of the space has few servers or did not respond to queries (red).
The new map of the Internet suggests that there is room for more hosts even if addresses are running out. The map reveals that, while roughly a quarter of all blocks of network addresses are heavily populated and therefore efficiently used, about half of the Internet is either used lightly or is located behind firewalls blocking responses to the survey. The last quarter of network blocks consists of addresses that can still be assigned in the future.
The USC research group used the most innocuous type of network packet to probe the farthest reaches of the Internet. Known as the Internet Control Message Protocol, or ICMP, this packet is typically used to send error messages between servers and other network hardware. Sending an ICMP packet to another host (an action known as pinging) is generally not seen as hostile, Heidemann says. “There are certainly people who misunderstand what we are doing,” and interpret it as the prelude to an attack, he says. “By request, we remove them from the survey, but its fewer people than you might think. Pings are pretty innocuous.”
The researchers found that ICMP pings stack up well against another method of host detection, the Internet’s main means of transmitting data: the Transmission Control Protocol, or TCP. TCP-probing is a common technique used by network scanners, but it tends to take longer and is considered more aggressive than ICMP pings, so it may be blocked. To compare the effectiveness of each technique, the team probed a million random Internet addresses using both ICMP and TCP, finding a total of 54,297 active hosts. ICMP pings elicited a response from approximately three-quarters of visible hosts, while TCP probes garnered a response slightly less than two-thirds of the time.
In total, the researchers estimate that there are 112 million responsive addresses, with between 52 million and 60 million addresses assigned to hosts that are contactable 95 percent of the time.
The survey may miss computers behind firewalls or computers that do not respond to pings, but the overall conclusion–that the Internet has room to grow–is spot on, says Gordon Lyon, a security researcher who created the popular network scanning tool NMAP.
“There are huge chunks of IP space which are not allocated yet, and also giant swaths which are inefficiently allocated,” Lyon says. “For example, Xerox, GE, IBM, HP, Apple, and Ford each have more than 16 million IP addresses to themselves because they were allocated when the Internet was just starting.”
Hear more from IBM at EmTech 2014.