370 research outputs found
A Graph Theoretic Perspective on Internet Topology Mapping
Understanding the topological characteristics of the Internet is an important research issue as the Internet grows with no central authority. Internet topology mapping studies help better understand the structure and dynamics of the Internet backbone. Knowing the underlying topology, researchers can better develop new protocols and services or fine-tune existing ones. Subnet-level Internet topology measurement studies involve three stages: topology collection, topology construction, and topology analysis. Each of these stages contains challenging tasks, especially when large-scale backbone topologies of millions of nodes are studied. In this dissertation, I first discuss issues in subnet-level Internet topology mapping and review state-of-the-art approaches to handle them. I propose a novel graph data indexing approach to to efficiently process large scale topology data. I then conduct an experimental study to understand how the responsiveness of routers has changed over the last decade and how it differs based on the probing mechanism. I then propose an efficient unresponsive resolution approach by incorporating our structural graph indexing technique. Finally, I introduce Cheleby, an integrated Internet topology mapping system. Cheleby first dynamically probes observed subnetworks using a team of PlanetLab nodes around the world to obtain comprehensive backbone topologies. Then, it utilizes efficient algorithms to resolve subnets, IP aliases, and unresponsive routers in the collected data sets to construct comprehensive subnet-level topologies. Sample topologies are provided at http://cheleby.cse.unr.edu
Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists
Network measurements are an important tool in understanding the Internet. Due
to the expanse of the IPv6 address space, exhaustive scans as in IPv4 are not
possible for IPv6. In recent years, several studies have proposed the use of
target lists of IPv6 addresses, called IPv6 hitlists.
In this paper, we show that addresses in IPv6 hitlists are heavily clustered.
We present novel techniques that allow IPv6 hitlists to be pushed from quantity
to quality. We perform a longitudinal active measurement study over 6 months,
targeting more than 50 M addresses. We develop a rigorous method to detect
aliased prefixes, which identifies 1.5 % of our prefixes as aliased, pertaining
to about half of our target addresses. Using entropy clustering, we group the
entire hitlist into just 6 distinct addressing schemes. Furthermore, we perform
client measurements by leveraging crowdsourcing.
To encourage reproducibility in network measurement research and to serve as
a starting point for future IPv6 studies, we publish source code, analysis
tools, and data.Comment: See https://ipv6hitlist.github.io for daily IPv6 hitlists, historical
data, and additional analyse
Characterizing ICMP Rate Limitation on Routers
International audienceIn the last decade, path discovery has been extensively covered in the literature. In its simplest form, it generally works by sending probes that expire along the path from a host to a destination. It is also known that network administrators often configure their routers to limit the amount of ICMP replies sent, a common practice typically referred to as ICMP rate limitation. In this paper we attempt to characterize the responsiveness of routers to expiring ICMP echo-request packets. Our contribution is twofold: first, we provide a detailed analysis of how routers are most commonly configured to respond to expiring packets; next, we show that for the vast majority of routers, the measured round-trip time is not affected by the probing rate
Rusty Clusters? Dusting an IPv6 Research Foundation
The long-running IPv6 Hitlist service is an important foundation for IPv6
measurement studies. It helps to overcome infeasible, complete address space
scans by collecting valuable, unbiased IPv6 address candidates and regularly
testing their responsiveness. However, the Internet itself is a quickly
changing ecosystem that can affect longrunning services, potentially inducing
biases and obscurities into ongoing data collection means. Frequent analyses
but also updates are necessary to enable a valuable service to the community.
In this paper, we show that the existing hitlist is highly impacted by the
Great Firewall of China, and we offer a cleaned view on the development of
responsive addresses. While the accumulated input shows an increasing bias
towards some networks, the cleaned set of responsive addresses is well
distributed and shows a steady increase.
Although it is a best practice to remove aliased prefixes from IPv6 hitlists,
we show that this also removes major content delivery networks. More than 98%
of all IPv6 addresses announced by Fastly were labeled as aliased and
Cloudflare prefixes hosting more than 10M domains were excluded. Depending on
the hitlist usage, e.g., higher layer protocol scans, inclusion of addresses
from these providers can be valuable.
Lastly, we evaluate different new address candidate sources, including target
generation algorithms to improve the coverage of the current IPv6 Hitlist. We
show that a combination of different methodologies is able to identify 5.6M
new, responsive addresses. This accounts for an increase by 174% and combined
with the current IPv6 Hitlist, we identify 8.8M responsive addresses
Saving Brian's Privacy: the Perils of Privacy Exposure through Reverse DNS
Given the importance of privacy, many Internet protocols are nowadays
designed with privacy in mind (e.g., using TLS for confidentiality). Foreseeing
all privacy issues at the time of protocol design is, however, challenging and
may become near impossible when interaction out of protocol bounds occurs. One
demonstrably not well understood interaction occurs when DHCP exchanges are
accompanied by automated changes to the global DNS (e.g., to dynamically add
hostnames for allocated IP addresses). As we will substantiate, this is a
privacy risk: one may be able to infer device presence and network dynamics
from virtually anywhere on the Internet -- and even identify and track
individuals -- even if other mechanisms to limit tracking by outsiders (e.g.,
blocking pings) are in place.
We present a first of its kind study into this risk. We identify networks
that expose client identifiers in reverse DNS records and study the relation
between the presence of clients and said records. Our results show a strong
link: in 9 out of 10 cases, records linger for at most an hour, for a selection
of academic, enterprise and ISP networks alike. We also demonstrate how client
patterns and network dynamics can be learned, by tracking devices owned by
persons named Brian over time, revealing shifts in work patterns caused by
COVID-19 related work-from-home measures, and by determining a good time to
stage a heist
- …