Multilevel MDA-Lite Paris Traceroute

Since its introduction in 2006-2007, Paris Traceroute and its Multipath Detection Algorithm (MDA) have been used to conduct well over a billion IP level multipath route traces from platforms such as M-Lab. Unfortunately, the MDA requires a large number of packets in order to trace an entire topology of load balanced paths between a source and a destination, which makes it undesirable for platforms that otherwise deploy Paris Traceroute, such as RIPE Atlas. In this paper we present a major update to the Paris Traceroute tool. Our contributions are: (1) MDA-Lite, an alternative to the MDA that significantly cuts overhead while maintaining a low failure probability; (2) Fakeroute, a simulator that enables validation of a multipath route tracing tool's adherence to its claimed failure probability bounds; (3) multilevel multipath route tracing, with, for the first time, a Traceroute tool that provides a router-level view of multipath routes; and (4) surveys at both the IP and router levels of multipath routing in the Internet, showing, among other things, that load balancing topologies have increased in size well beyond what has been previously reported as recently as 2016. The data and the software underlying these results are publicly available.Comment: Preprint. To appear in Proc. ACM Internet Measurement Conference 201

In the IP of the Beholder: Strategies for Active IPv6 Topology Discovery

Existing methods for active topology discovery within the IPv6 Internet largely mirror those of IPv4. In light of the large and sparsely populated address space, in conjunction with aggressive ICMPv6 rate limiting by routers, this work develops a different approach to Internet-wide IPv6 topology mapping. We adopt randomized probing techniques in order to distribute probing load, minimize the effects of rate limiting, and probe at higher rates. Second, we extensively analyze the efficiency and efficacy of various IPv6 hitlists and target generation methods when used for topology discovery, and synthesize new target lists based on our empirical results to provide both breadth (coverage across networks) and depth (to find potential subnetting). Employing our probing strategy, we discover more than 1.3M IPv6 router interface addresses from a single vantage point. Finally, we share our prober implementation, synthesized target lists, and discovered IPv6 topology results

Reverse Traceroute

Tato práce se zabývá problematikou zjišťování zpětných cest v Internetu. Nástroj, který by byl schopen určit zpětnou cestu, by mohl být cenný v například v případech, kdy určitá část zákazníků pozoruje zvýšenou latenci při využívání služby. Klasickým nástrojem pro analýzu cesty k cílovému počítači je traceroute. Práce se detailně zabývá diagnostickým nástrojem traceroute a jsou diskutovány nejen jeho rozšíření, ale také nedostatky v sítích, kde se vyskytuje vyvažování provozu, a jejich možná řešení. Nicméně, pokud se problém nachází ve směru od zákazníků k poskytovateli služby, pak odhalení problému může být problematické. Dále je studován existující výzkum v oblasti zjišťování zpětných tras v Internetu a nástroje pro diagnostiku sítě. Součástí práce je navržení a implementace nástroje, který je schopen aproximovat zpětnou cestu s využitím vhodné RIPE Atlas sondy a získaná data dále analyzovat. Implementovaný nástroj byl testován na vytvořené topologii i v reálném provozu s využitím referenčního virtuálního serveru.This thesis deals with finding a reverse path between two hosts in the Internet. A tool providing information about reverse path could be priceless in situations in which some customers experience high latency when accessing a service. The standard tool for forward path discovery is traceroute. Traceroute is described in a great detail along with its extensions and limitations, especially in load-balanced environment. However, if the problem is on the path from customers to a service provider, it may not be a trivial task to find it from the provider's side. Related projects dealing with packet tracing and network diagnostic tools are studied. Integral part of this thesis is the design and implementation of a tool that is able to approximate return path from an arbitrary host. Implemented tool is evaluated using deployed test network as well as in real world conditions using a virtual private server as a reference.

Efficient IP-level network topology capture

International audienceLarge-scale distributed traceroute-based measurement sys- tems are used to obtain the topology of the internet at the IP-level and can be used to monitor and understand the behavior of the net- work. However, existing approaches to measuring the public IPv4 net- work space often require several days to obtain a full graph, which is too slow to capture much of the network's dynamics. This paper presents a new network topology capture algorithm, NTC, which aims to bet- ter capture network dynamics through accelerated probing, reducing the probing load while maintaining good coverage. There are two novel as- pects to our approach: it focuses on obtaining the network graph rather than a full set of individual traces, and it uses past probing results in a new, adaptive, way to guide future probing. We study the performance of our algorithm on real traces and demonstrate outstanding improved performance compared to existing work.Les systèmes de mesure distribué à grande échelle basés sur l'outil Traceroute sont utilisés pour obtenir la topologie de l'internet au niveau IP et peuvent être utilisés pour surveiller et comprendre le comportement du réseau sous-jascent. Cependant, les approches existantes pour mesurer l'espace public IPv4 du réseau Internet nécessitent souvent plusieurs jours pour obtenir un graphe complet, ce qui est trop lent pour capturer une grande partie de la dynamique du réseau. Cet article présente un nouvel algorithme pour la capture de la topologie du réseau, NTC, visant à cibler la dynamique du réseau à travers l'accélération de sondage, ce qui réduit la charge de la mesure, tout en maintenant une bonne couverture. Il ya deux nouveaux aspects à notre approche: l'algorithme se concentre sur l'obtention du graphe du réseau plutôt que d'effectuer un ensemble complet de traces individuelles, et il utilise les résultats de sondage précédentes de façon à adapter la mesure et de réduire les sondes envoyées. Nous étudions les performances de notre algorithme sur des traces réelles et démontrons la performance accrue de notre approche par rapport aux travaux existants

Sibyl:A Practical Internet Route Oracle

Network operators measure Internet routes to troubleshoot problems, and researchers measure routes to characterize the Internet. However, they still rely on decades-old tools like traceroute, BGP route collectors, and Looking Glasses, all of which permit only a single query about Internet routes—what is the path from here to there? This limited interface complicates answering queries about routes such as "find routes traversing the Level3/AT&T peering in Atlanta," to understand the scope of a reported problem there. This paper presents Sibyl, a system that takes rich queries that researchers and operators express as regular expressions, then issues and returns traceroutes that match even if it has never measured a matching path in the past. Sibyl achieves this goal in three steps. First, to maximize its coverage of Internet routing, Sibyl integrates together diverse sets of traceroute vantage points that provide complementary views, measuring from thousands of networks in total. Second, because users may not know which measurements will traverse paths of interest, and because vantage point resource constraints keep Sibyl from tracing to all destinations from all sources, Sibyl uses historical measurements to predict which new ones are likely to match a query. Finally, based on these predictions, Sibyl optimizes across concurrent queries to decide which measurements to issue given resource constraints. We show that Sibyl provides researchers and operators with the routing information they need—in fact, it matches 76% of the queries that it could match if an oracle told it which measurements to issue

On the Experimental Evaluation of Vehicular Networks: Issues, Requirements and Methodology Applied to a Real Use Case

One of the most challenging fields in vehicular communications has been the experimental assessment of protocols and novel technologies. Researchers usually tend to simulate vehicular scenarios and/or partially validate new contributions in the area by using constrained testbeds and carrying out minor tests. In this line, the present work reviews the issues that pioneers in the area of vehicular communications and, in general, in telematics, have to deal with if they want to perform a good evaluation campaign by real testing. The key needs for a good experimental evaluation is the use of proper software tools for gathering testing data, post-processing and generating relevant figures of merit and, finally, properly showing the most important results. For this reason, a key contribution of this paper is the presentation of an evaluation environment called AnaVANET, which covers the previous needs. By using this tool and presenting a reference case of study, a generic testing methodology is described and applied. This way, the usage of the IPv6 protocol over a vehicle-to-vehicle routing protocol, and supporting IETF-based network mobility, is tested at the same time the main features of the AnaVANET system are presented. This work contributes in laying the foundations for a proper experimental evaluation of vehicular networks and will be useful for many researchers in the area.Comment: in EAI Endorsed Transactions on Industrial Networks and Intelligent Systems, 201

Accountable infrastructure and its impact on internet security and privacy

The Internet infrastructure relies on the correct functioning of the basic underlying protocols, which were designed for functionality. Security and privacy have been added post hoc, mostly by applying cryptographic means to different layers of communication. In the absence of accountability, as a fundamental property, the Internet infrastructure does not have a built-in ability to associate an action with the responsible entity, neither to detect or prevent misbehavior. In this thesis, we study accountability from a few different perspectives. First, we study the need of having accountability in anonymous communication networks as a mechanism that provides repudiation for the proxy nodes by tracing back selected outbound traffic in a provable manner. Second, we design a framework that provides a foundation to support the enforcement of the right to be forgotten law in a scalable and automated manner. The framework provides a technical mean for the users to prove their eligibility for content removal from the search results. Third, we analyze the Internet infrastructure determining potential security risks and threats imposed by dependencies among the entities on the Internet. Finally, we evaluate the feasibility of using hop count filtering as a mechanism for mitigating Distributed Reflective Denial-of-Service attacks, and conceptually show that it cannot work to prevent these attacks.Die Internet-Infrastrutur stützt sich auf die korrekte Ausführung zugrundeliegender Protokolle, welche mit Fokus auf Funktionalität entwickelt wurden. Sicherheit und Datenschutz wurden nachträglich hinzugefügt, hauptsächlich durch die Anwendung kryptografischer Methoden in verschiedenen Schichten des Protokollstacks. Fehlende Zurechenbarkeit, eine fundamentale Eigenschaft Handlungen mit deren Verantwortlichen in Verbindung zu bringen, verhindert jedoch, Fehlverhalten zu erkennen und zu unterbinden. Diese Dissertation betrachtet die Zurechenbarkeit im Internet aus verschiedenen Blickwinkeln. Zuerst untersuchen wir die Notwendigkeit für Zurechenbarkeit in anonymisierten Kommunikationsnetzen um es Proxyknoten zu erlauben Fehlverhalten beweisbar auf den eigentlichen Verursacher zurückzuverfolgen. Zweitens entwerfen wir ein Framework, das die skalierbare und automatisierte Umsetzung des Rechts auf Vergessenwerden unterstützt. Unser Framework bietet Benutzern die technische Möglichkeit, ihre Berechtigung für die Entfernung von Suchergebnissen nachzuweisen. Drittens analysieren wir die Internet-Infrastruktur, um mögliche Sicherheitsrisiken und Bedrohungen aufgrund von Abhängigkeiten zwischen den verschiedenen beteiligten Entitäten zu bestimmen. Letztlich evaluieren wir die Umsetzbarkeit von Hop Count Filtering als ein Instrument DRDoS Angriffe abzuschwächen und wir zeigen, dass dieses Instrument diese Art der Angriffe konzeptionell nicht verhindern kann

Trajectories through temporal networks

What do football passes and financial transactions have in common? Both are networked walk processes that we can observe, where records take the form of timestamped events that move something tangible from one node to another. Here we propose an approach to analyze this type of data that extracts the actual trajectories taken by the tangible items involved. The main advantage of analyzing the resulting trajectories compared to using, e.g., existing temporal network analysis techniques, is that sequential, temporal, and domain-specific aspects of the process are respected and retained. As a result, the approach lets us produce contextually-relevant insights. Demonstrating the usefulness of this technique, we consider passing play within association football matches (an unweighted process) and e-money transacted within a mobile money system (a weighted process). Proponents and providers of mobile money care to know how these systems are used-using trajectory extraction we find that 73% of e-money was used for stand-alone tasks and only 21.7% of account holders built up substantial savings at some point during a 6-month period. Coaches of football teams and sports analysts are interested in strategies of play that are advantageous. Trajectory extraction allows us to replicate classic results from sports science on data from the 2018 FIFA World Cup. Moreover, we are able to distinguish teams that consistently exhibited complex, multi-player dynamics of play during the 2017-2018 club season using ball passing trajectories, coincidentally identifying the winners of the five most competitive first-tier domestic leagues in Europe.Algorithms and the Foundations of Software technolog