Why am I receiving connection attempts from the observatory?

To obtain an up-to-date picture of the current Internet development, we need to probe a large set of the public Internet infrastructure. The research involves making benign connection attempts to every public IP address. By measuring the entire public address space, we are able to analyze global patterns and trends in protocol deployment and security.

As part of this study, every public IP address receives a handful of packets per day on a selection of common ports. These consist of regular UDP probes and TCP connection attempts followed by RFC-compliant protocol handshakes with responsive hosts. We never attempt to exploit security problems, guess passwords, or change device configuration. We only receive data that is publicly visible to anyone who connects to a particular address and port.

Can I request that my server be excluded?

To have your host or network excluded from future scans conducted by RWTH Aachen University, please contact researchscan AT comsys.rwth-aachen.de with your IP address or CIDR block.

Can I block your traffic?

You can configure your firewall to drop traffic from the subnet we use for scanning: