Internet-Scale Measurement of Public gRPC Deployments

Affiliation: Bad Data Lab – University of Maryland, College Park

Contact: baddatalab@umd.edu

We are a research group at University of Maryland, College Park conducting an academic Internet measurement study on the public deployment of gRPC services. The purpose of this work is purely scientific. We understand that many IDS/IPS systems may classify Internet-wide scanning as suspicious activity, and we are providing this page to ensure transparency and make it easy to contact us or opt out.

1. Research Objective

This academic study measures the global deployment of publicly accessible gRPC-based services. Our goal is to understand the security risks of these services and propose actionable improvements (e.g. use of TLS or authentication mechanisms where appropriate). Similar Internet-wide measurement scans have been conducted in prior academic work 3.

2. Opt-Out Requests

The following hosts and IP addresses are used for this study:

If you are a network operator and wish to exclude your IP ranges from our measurements, please email baddatalab@umd.edu and include the relevant IP range(s). We honor opt-out requests promptly. If you have any further questions or recommendations, we would be happy to hear from you.

3. Methodology & Ethical Safeguards

This study follows widely used ethical guidance for Internet measurement research, including the Menlo Report1 and Partridge & Allman2. Our scope is limited to IPv4 address space; selected ports are probed to identify potential gRPC services. We send limited protocol requests (such as ServerReflection where enabled) solely to classify services. Probing is rate-limited and designed to avoid operational impact.

4. Responsible Disclosure

If we identify configurations that may pose security risks, we make reasonable efforts to notify affected parties responsibly.

References

  1. D. Dittrich and E. Kenneally, The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research, U.S. Department of Homeland Security, 2012.
  2. C. Partridge and M. Allman, “Ethical Considerations in Network Measurement Papers,” Communications of the ACM, 2016.
  3. Z. Durumeric, E. Wustrow, and J. A. Halderman, “ZMap: Fast Internet-wide Scanning and Its Security Applications,” in Proceedings of the 22nd USENIX Security Symposium , 2013.