Global INternet Observatory


Internet measurements have long been a research priority at our chair. These measurements help us better understand the Internet and its security.

GINO is a research group for exchanging ongoing research, concepts, and ideas in the Internet measurement domain. Researchers and students meet once every month to discuss current topics, advancements, tools, and best practices in measurements.

Internet-wide scans

We conduct various regular and ad-hoc Internet-wide scans for protocols such as HTTPS, DNS, and BACnet. These are purely scientific and we never attempt to intrude into any system. We follow best practices laid out by the scientific community such as by Dittrich et al. 1, and Partridge and Allman 2.
If you are affected by these, e.g., because of IDS alerts, please contact us and we will be happy to blacklist you immediately. The involved machines are:

Host IPv6 address IPv4 address 2001:4ca0:108:42::X 138.246.253.X
dallas 2600:3c00::f03c:91ff:fe3b:d2d
singapore 2400:8901::f03c:91ff:fe3b:d08

IPv6 Hitlist

We provide a daily updated IPv6 hitlist which can be downloaded by interested researchers. Find more information on our dedicated IPv6 hitlist page.

Monthly GINO meeting

We meet every month for about one hour. The audience of the monthly meetings are:

  • Interested researchers from the chair
  • Interested researchers from other chairs
  • Students currently doing a thesis or project in the area of Internet-wide measurements
  • Students who are interested in doing a thesis in the Internet-measurement domain


If this sounds interesting to you, feel free to contact us:


  1. D. Dittrich, E. Kenneally et al., “The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research,” US Department of Homeland Security, 2012.

  2. C. Partridge and M. Allman, “Ethical Considerations in Network Measurement Papers”, Communications of the ACM, 2016.

Related publications

2017-11-01 Patricia Callejo, Connor Kelton, Narseo Vallina-Rodriguez, Rubén Cuevas, Oliver Gasser, Christian Kreibich, Florian Wohlfart, Ángel Cuevas, “Opportunities and Challenges of Ad-based Measurements from the Edge of the Network,” in Proc. of the 16th ACM Workshop on Hot Topics in Networks, Nov. 2017. [Url] [Pdf] [Bib]
2017-11-01 Johanna Amann, Oliver Gasser, Quirin Scheitle, Lexi Brent, Georg Carle, Ralph Holz, “Mission Accomplished? HTTPS Security after DigiNotar,” in Proceedings of the Internet Measurement Conference (IMC 2017), Community Contribution Award, London, UK, Nov. 2017. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]
2017-08-01 Quirin Scheitle, Matthias Wählisch, Oliver Gasser, Thomas C. Schmidt, Georg Carle, “Towards an Ecosystem for Reproducible Research in Computer Networking,” in ACM SIGCOMM Reproducibility Workshop, Los Angeles, USA, Aug. 2017. [Pdf] [Slides] [Bib]
2017-06-01 Matthias Wachs, Quirin Scheitle, Georg Carle, “Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication,” in Network Traffic Measurement and Analysis Conference (TMA), Best Paper Award, Jun. 2017. [Pdf] [Slides] [Recording] [Bib]
2017-06-01 Quirin Scheitle, Oliver Gasser, Minoo Rouhi, Georg Carle, “Large-Scale Classification of IPv6-IPv4 Siblings with Variable Clock Skew,” in Network Traffic Measurement and Analysis Conference (TMA), Jun. 2017. [Pdf] [Slides] [Rawdata] [Recording] [Arxiv] [Bib]
2017-06-01 Quirin Scheitle, Oliver Gasser, Patrick Sattler, Georg Carle, “HLOC: Hints-Based Geolocation Leveraging Multiple Measurement Frameworks,” in Network Traffic Measurement and Analysis Conference (TMA), Best Dataset Award, Dublin, Ireland, Jun. 2017. [Pdf] [Slides] [Rawdata] [Arxiv] [Bib]
2017-05-01 Oliver Gasser, Quirin Scheitle, Carl Denis, Nadja Schricker, Georg Carle, “Security Implications of Publicly Reachable Building Automation Systems,” in Proc. 2nd Int. Workshop on Traffic Measurements for Cybersecurity, San Jose, CA, USA, May 2017. [Pdf] [Bib]
2017-02-01 Oliver Gasser, Quirin Scheitle, Carl Denis, Nadja Schricker, Georg Carle, “Öffentlich erreichbare Gebäudeautomatisierung: Amplification-Anfälligkeit von BACnet und Deployment-Analyse im Internet und DFN,” in 24. DFN-Konferenz Sicherheit in vernetzten Systemen, Hamburg, Germany, Feb. 2017. [Pdf] [Bib]
2017-01-01 Quirin Scheitle, Taejoong Chung, Jens Hiller, Oliver Gasser, Johannes Naab, Roland van Rijswijk-Deij, Oliver Hohlfeld, Ralph Holz, Dave Choffnes, Alan Mislove, Georg Carle, “A First Look at Certification Authority Authorization (CAA),” in Technical Report, not peer-reviewed, 2017. [Pdf] [Bib]
2017-01-01 Oliver Gasser, Quirin Scheitle, Benedikt Rudolph, Carl Denis, Nadja Schricker, Georg Carle, “The Amplification Threat Posed by Publicly Reachable BACnet Devices,” Journal of Cyber Security and Mobility, Jan. 2017. [Url] [Pdf] [Bib]
2016-04-01 Oliver Gasser, Quirin Scheitle, Sebastian Gebhard, Georg Carle, “Scanning the IPv6 Internet: Towards a Comprehensive Hitlist,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Url] [Pdf] [Slides] [Bib]
2016-03-01 Quirin Scheitle, Matthias Wachs, Johannes Zirngibl, Georg Carle, “Analyzing Locality of Mobile Messaging Traffic using the MATAdOR Framework,” in Passive and Active Measurements Conference (PAM) 2016 , Heraklion, Greece, Mar. 2016. [Pdf] [Preprint] [Slides] [Homepage] [DOI] [Bib]

Finished student theses

Author Title Type Advisors Links
Thomas Bachmaier Scanning for TCP SYN Proxy Implementations BA Dominik Scholz, Paul Emmerich, Quirin Scheitle, Minoo Rouhi Pdf
Markus Sosnowski Internet-Wide Assessment of TCP Options BA Quirin Scheitle, Oliver Gasser, Minoo Rouhi, Paul Emmerich, Dominik Scholz Pdf
Max Helm Evaluating TLS Certificate Transparency Logs using Active Scans IDP Oliver Gasser, Benjamin Hof Pdf
Alexander Schulz Identification of IPv6-IPv4 Sibling Pairs from Passive Observations BA Quirin Scheitle, Oliver Gasser, Minoo Rouhi Pdf
Samy el Deib Detecting IPv6-IPv4 Sibling Pairs Based on few Data Points BA Quirin Scheitle, Oliver Gasser, Minoo Rouhi Pdf
Hendrik Eichner Revisiting SSH Security in the Internet BA Oliver Gasser, Minoo Rouhi Pdf
Jan-Philipp Lauinger Evaluating Client Discrimination in Anonymization Networks Using Active Network Scans Forschungspraxis Oliver Gasser, Sree Harsha Totakura Pdf
Frank Schmidt Large Scale DNS Scanner in Go MA Johannes Naab, Oliver Gasser
Patrick Sattler Parsing geographical locations from DNS names GR Quirin Scheitle, Oliver Gasser
Pirmin Blanz IPv6 TLS Security Scanning MA Oliver Gasser, Quirin Scheitle
Sven Hertle Analysis of cellular ISP networks MA Florian Wohlfart Pdf
Jonas Heintzenberg Browser-based Internet connection testing BA Florian Wohlfart, Oliver Gasser Pdf
Johannes Fischer Browser-based Internet connection testing MA Florian Wohlfart, Oliver Gasser Pdf

Open and running student theses

Author Title Type Advisors Links
open A First Look at DNS over HTTPS BA, MA, GR Quirin Scheitle, Johannes Naab Pdf
Max Helm Traceable Measurement Result Publication in Append-only Ledgers MA Oliver Gasser, Benjamin Hof, Quirin Scheitle Pdf
Emanuel Vintila Continuous Development of Open Source C++ Flow Toolkit HiWi Oliver Gasser, Johannes Naab Pdf
Fabian Raab Influence of BGP Community Attributes on Routing and Internet Traffic IDP Oliver Gasser, Quirin Scheitle, Christoph Dietzel Pdf
Tobias Brunnwieser A Framework for Detection and Analysis of HTTPS Interception MA Oliver Gasser, Sree Harsha Totakura, Florian Wohlfart
Maximilian Pudelko Payload Extraction for Flows with Anomalous TTL Behaviour IDP Quirin Scheitle, Oliver Gasser, Paul Emmerich Pdf
Offen Comparing IPv4 and IPv6 Paths in the Internet MA Quirin Scheitle, Oliver Gasser, Minoo Rouhi Vejdani Pdf
Michael Köpferl Evaluation of amplification attacks in large-scale networks to improve detection performance IDP Oliver Gasser, Stefan Metzger