Home > About > Resources > Connection attempts Connection attempts

Why am I receiving connection attempts from the University of Michigan?

These connections are part of computer science research projects that have been conducted by the University of Michigan since 2013. This research involves making a small number of harmless connection attempts to every publicly accessible computer worldwide each day. This allows scientists to measure the global Internet and analyze trends in technology deployment and security.

As part of this research, every public IP address receives a handful of packets per day on a selection of common ports. These consist of standard connection attempts followed by RFC-compliant protocol handshakes with responsive hosts. We never attempt to exploit security problems, guess passwords, or change device configurations. We only receive data that is publicly visible to anyone who connects to a particular address and port.

Why are you collecting this data?

The data collected through these connections consists only of information that is already publicly visible on the Internet. It helps computer scientists study the deployment and configuration of network protocols and security technologies. For example, we use it to help web browser developers and other software developers understand the impact of proposed protocol changes and security improvements. In some cases, we are able to detect vulnerable systems and report the problems to the system operators.

We publish much of the data we collect for use by researchers worldwide. This data has been the foundation of dozens of peer-reviewed research studies, including:

Can I opt-out of these measurements?

This research helps the scientific community accurately study the Internet. The data is sometimes used to detect security problems and to inform operators of vulnerable systems so that they can fixed. If you opt-out of the research, you might not receive these important security notifications. However, if you wish to opt-out, you can configure your firewall to drop traffic from the subnets we use for the measurements: 141.212.120.0/24, 141.212.121.0/24, 141.212.122.0/24, 141.212.124.0/24, 141.212.125.0/24, and 141.212.123.0/24.

If you have further questions about this research, please contact scan-admin@umich.edu.

Last updated: July 8, 2019