Why am I receiving connection attempts from this machine?

These connections are part of an Internet-wide research study being conducted by computer scientists at the University of Michigan. The research involves making benign connection attempts to every public IP address. By measuring the entire public address space, we are able to analyze global patterns and trends in protocol deployment and security.

As part of this study, every public IP address receives a handful of packets per day on a selection of common ports. These consist of regular TCP connection attempts followed by RFC-compliant protocol handshakes with responsive hosts. We never attempt to exploit security problems, guess passwords, or change device configuration. We only receive data that is publicly visible to anyone who connects to a particular address and port.

Why are you collecting this data?

The data collected through these connections helps computer scientists study the deployment and configuration of network protocols and security technologies. For example, we use it to help web browser makers and other software developers understand the impact of proposed protocol changes and security improvements. In some cases, we are able to detect vulnerable systems and report the problems to the system operators. This data also powers real-time reports on the security of the web, such as the Heartbleed Bug Health Report.

This data has been the foundation of more than a dozen peer-reviewed research publications, including:

Can I request that my server be excluded?

To have your host or network excluded from future scans conducted by the University of Michigan, please contact scan-admin@umich.edu with your IP address or CIDR block. Alternatively, you can configure your firewall to drop traffic from the subnets we use for scanning: 141.212.121.0/24 and 141.212.122.0/24.