About Genome crawling
What is Deepfield Secure Genome?
Deepfield Secure Genome® is a "security map" of the internet that provides context for IP addresses, applications, and services.
This data feed is used for real-time network traffic analysis, Distributed Denial of Service (DDoS) detection and mitigation as part of Nokia Deepfield Defender solution.
Up-to-date information from Secure Genome ensures that:
- Devices and services that can be abused for DDoS attacks (such as vulnerable IoT devices or misconfigured DNS servers) are tracked over time.
- Legitimate hosts are known as well so their traffic is much less likely to be affected during active DDoS event mitigation.
Deepfield Defender is used in many large networks that connect hundreds of millions of Internet users, and significantly contributes to reducing the impact of DDoS attacks so connectivity, applications and services remain available for all.
Deepfield Genome crawling
Deepfield Genome systematically crawls the global IPv4 and active IPv6 address spaces, focusing on specific port ranges. Crawling hosts configured to accept connections might lead to protocol handshake completions to elaborate on the types of services provided by the host.
Our crawling activity strictly adheres to:
- Respecting security measures—no attempts at unauthorized access (e.g., using known passwords).
- Conforming to Nokia’s privacy principles, limiting data collection to publicly-accessible information based on the protocol and port interaction.
Genome crawlers operate from the following address ranges, which you can choose to allowlist or blocklist according to your preferences:
- 104.234.115.0/24
- 2620:ce:e000::/48
Occasionally, follow-up connections may originate from IP addresses outside these dedicated ranges.