Abstract
Internet-wide scanning is indispensable for security research and network measurement, yet its efficacy remains limited by significant visibility heterogeneity across global networks. Traditional centralized scanners suffer from single-point failures and offer a constrained perspective, while naive distributed approaches fail to intelligently leverage visibility variations, leading to redundant effort and incomplete coverage. This paper presents VistaScan, a novel distributed scanning system based on node visibility awareness, demonstrating that the visibility pattern among IP addresses is highly consistent within CIDR blocks, enabling a lightweight method for efficient and scalable quantification of per-node visibility. It first constructs a Visibility Matrix through efficient anchor probing, then employs a load-aware task allocation mechanism that assigns each block to the most capable node while filtering out entirely invisible blocks. Evaluation across global, regional, and challenging Special-Block tasks demonstrates that VistaScan consistently outperforms five baseline methods. It achieves near-optimal coverage (97.95%, 99.05%, and 97.58%, respectively), reduces probe volume by 64-93%, and shortens completion time by 13-19× compared to conventional centralized and distributed scanners. Furthermore, the visibility matrix derived from one port (TCP/80) effectively generalizes to other TCP ports (TCP/22, TCP/53), achieving coverages of 91.09% and 87.95%-preliminarily validating the practical generalizability of our approach. VistaScan provides both a highly efficient solution for Internet-scale distributed measurement and a new theoretical foundation based on visibility consistency, advancing the field from brute-force probing toward intelligent, low-overhead, and sustainable scanning practices.