This story at the University of Southern California's Information Sciences Institute Web site offers no definitive information on precisely how the Internet census the group recently completed will be used. A couple of intriguing possibilities are offered, however.
The description of the project is complex, and a link is provided to an even fuller explanation. Over the course of about two months, the scientists used three machines to ping every known Internet protocol (IP) address. Sixty-one percent of the 3 billion or so messages went unanswered. Millions of sites did respond, the story says. It describes how the information generated by the responses will be configured.
The scientists provide two prospective uses for the data: helping map the way in which worms propagate and illustrating the need for Internet protocol version 6 (IPv6).
Following worms will most likely be a function of the next phase of the project, which the story says will be "a dynamic movie of Internet evolution." The idea, apparently, is to devise malware protections that corral worms before they have the chance to cause widespread damage. Such a step could aid in derailing debilitating distributed denial of service (DDoS) attacks and cordoning off the botnet armies with which criminals mount these attacks.
The importance of being able to track attacks in real time can't be overstated. This Wired column by analyst Bruce Schneier describes Storm, which he calls a combination worm, Trojan horse and bot. The details are quite frightening: An estimated 1 million to 50 million machines are infected, it is far harder to detect than older worms, and it is likely that its creators are holding back and planning a massive attack of some sort. The scariest takeaway from the column is how little seems to be known about Storm. That is something with which the ISI project probably can help.
The other use is in creating a new generation of addresses. For years, experts have warned that the current reservoir of Internet addresses -- supplied by Internet protocol version 4 (IPv4) -- is running low. Engineers, however, have used clever workarounds, such as Network Address Translation (NAT), to stretch the soup and largely avoid the expense and trouble of upgrading to the new scheme.
The explosion of demand for IP addresses caused by wireless and home networks means that such stopgaps may soon exhaust themselves. IPv6 -- a system that will multiply available addresses exponentially -- will solve the problem. However, take-up has been low. The sponsors of the project apparently feel that this could be a valuable tool in driving home the need for a more aggressive transition. There is a security angle to IPv6 as well, since it is considered to be safer than IPv4.
This Network World column by Johna Till Johnson says "address exhaustion" is an issue for carriers -- especially those who work with the government and are therefore mandated to make the transition -- and countries that didn't get their fair share of IPv4 addresses. Enterprises, Johnson says, don't have to worry as much. The reluctance to adopt the new addressing scheme is understandable if there is an absence of an overriding need. Since IPv6 addresses are longer, a bandwidth price tag comes with the transition. The ISI study may shed light on the issue of the real need for IPv6.
Clearly, the project will be just one of many assets brought to bear in both IPv6 and worm-tracking efforts. There likely are many other ways in which this cyber age cartographical project ultimately is utilized, even if they are not apparent today.