MENU 
Why am I receiving connection attempts from the University of Michigan?
These connections are part of computer science research projects that have been conducted by the University of Michigan since 2013. This research involves making a small number of harmless connection attempts to every publicly accessible computer worldwide each day. This allows scientists to measure the global Internet and analyze trends in technology deployment and security.
As part of this research, every public IP address receives a number of packets per day on a selection of common ports. These consist of standard connection attempts followed by RFC-compliant protocol handshakes with responsive hosts. We never attempt to exploit security problems, guess passwords, or change device configurations. We only receive data that is publicly visible to anyone who connects to a particular address and port.
Why are you collecting this data?
The data collected through these connections consists only of information that is already publicly visible on the Internet. It helps computer scientists study the deployment and configuration of network protocols and security technologies. For example, we use it to help web browser developers and other software developers understand the impact of proposed protocol changes and security improvements, and to detect website availability. For example, we use the data to infer which websites are accessible from certain geolocations. In some cases, we are able to detect vulnerable systems and report the problems to the system operators.
We publish much of the data we collect for use by researchers worldwide, which you can find here and here. This data has been the foundation of dozens of peer-reviewed research studies, including:
- Censored Planet: An Internet-wide, Longitudinal Censorship Observatory
- Augur: Internet-Wide Detection of Connectivity Disruptions
- Satellite: Joint Analysis of CDNs and Network-Level Interference
- Quack: Scalable Remote Measurement of Application-Layer Censorship
- Measuring the Deployment of Network Censorship Filters at Global Scale
- Throttling Twitter: An Emerging Censorship Technique in Russia
- OpenVPN is Open to VPN Fingerprinting
- Network measurement methods for locating and examining censorship devices
- DROWN: Breaking TLS using SSLv2
- You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications
- Neither Snow Nor Rain Nor MITM… An Empirical Analysis of Email Delivery Security
- Forward Secrecy: How Diffie-Hellman Fails in Practice
- The Matter of Heartbleed
- Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
- ZMap: Fast Internet-wide Scanning and its Security Applications
- Censored Planet: A Global Observatory for Network Interference
Can I opt-out of these measurements?
This research helps the scientific community accurately study the Internet. The data is sometimes used to detect security problems and to inform operators of vulnerable systems so that they can be fixed. If you opt-out of the research, you might not receive these important security notifications. However, if you wish to opt-out, you can configure your firewall to drop traffic from the subnets we use for the measurements: 141.212.120.0/24, 141.212.121.0/24, 141.212.122.0/24, 141.212.124.0/24, 141.212.125.0/24, and 141.212.123.0/24.
If you have further questions about this research, please contact [email protected].
Last updated: February 13, 2024