Beyond Counting: New Perspectives on the Active IPv4 Address Space

In this study, we report on techniques and analyses that enable us to capture Internet-wide activity at individual IP address-level granularity by relying on server logs of a large commercial content delivery network (CDN) that serves close to 3 trillion HTTP requests on a daily basis. Across the whole of 2015, these logs recorded client activity involving 1.2 billion unique IPv4 addresses, the highest ever measured, in agreement with recent estimates. Monthly client IPv4 address counts showed constant growth for years prior, but since 2014, the IPv4 count has stagnated while IPv6 counts have grown. Thus, it seems we have entered an era marked by increased complexity, one in which the sole enumeration of active IPv4 addresses is of little use to characterize recent growth of the Internet as a whole. With this observation in mind, we consider new points of view in the study of global IPv4 address activity. Our analysis shows significant churn in active IPv4 addresses: the set of active IPv4 addresses varies by as much as 25% over the course of a year. Second, by looking across the active addresses in a prefix, we are able to identify and attribute activity patterns to network restructurings, user behaviors, and, in particular, various address assignment practices. Third, by combining spatio-temporal measures of address utilization with measures of traffic volume, and sampling-based estimates of relative host counts, we present novel perspectives on worldwide IPv4 address activity, including empirical observation of under-utilization in some areas, and complete utilization, or exhaustion, in others.Comment: in Proceedings of ACM IMC 201

Scarcity in IP addresses: IPv4 Address Transfer Markets and the Regional Internet Address Registries

We are running out of Internet addresses. This paper evaluates address transfer policies that Internet governance agencies are considering as a response to the depletion of the IPv4 address space. The paper focuses on proposals to allow organizations holding IPv4 addresses to sell address blocks to other organizations willing to buy them. This paper analyzes the economics of the proposed transfer policies, and conducts a systematic comparison of the policies proposed in the three main world Internet regions

Phase Changes in the Evolution of the IPv4 and IPv6 AS-Level Internet Topologies

In this paper we investigate the evolution of the IPv4 and IPv6 Internet topologies at the autonomous system (AS) level over a long period of time.We provide abundant empirical evidence that there is a phase transition in the growth trend of the two networks. For the IPv4 network, the phase change occurred in 2001. Before then the network's size grew exponentially, and thereafter it followed a linear growth. Changes are also observed around the same time for the maximum node degree, the average node degree and the average shortest path length. For the IPv6 network, the phase change occurred in late 2006. It is notable that the observed phase transitions in the two networks are different, for example the size of IPv6 network initially grew linearly and then shifted to an exponential growth. Our results show that following decades of rapid expansion up to the beginning of this century, the IPv4 network has now evolved into a mature, steady stage characterised by a relatively slow growth with a stable network structure; whereas the IPv6 network, after a slow startup process, has just taken off to a full speed growth. We also provide insight into the possible impact of IPv6-over-IPv4 tunneling deployment scheme on the evolution of the IPv6 network. The Internet topology generators so far are based on an inexplicit assumption that the evolution of Internet follows non-changing dynamic mechanisms. This assumption, however, is invalidated by our results.Our work reveals insights into the Internet evolution and provides inputs to future AS-Level Internet models.Comment: 12 pages, 21 figures; G. Zhang et al.,Phase changes in the evolution of the IPv4 and IPv6 AS-Level Internet topologies, Comput. Commun. (2010

On the security of the Mobile IP protocol family

The Internet Engineering Task Force (IETF) has worked on\ud network layer mobility for more than 10 years and a number\ud of RFCs are available by now. Although the IETF mobility\ud protocols are not present in the Internet infrastructure as of\ud today, deployment seems to be imminent since a number\ud of organizations, including 3GPP, 3GPP2 and Wimax, have\ud realized the need to incorporate these protocols into their architectures.\ud Deployment scenarios reach from mobility support\ud within the network of a single provider to mobility support\ud between different providers and technologies. Current Wimax\ud specifications, for example, already support Mobile IPv4,\ud Proxy Mobile IPv4 and Mobile IPv6. Future specifications will\ud also support Proxy Mobile IPv6. Upcoming specifications in\ud the 3GPP Evolved Packet Core (EPC) will include the use of\ud Mobile IPv4, Dual Stack MIPv6 and Proxy Mobile IPv6 for\ud interworking between 3GPP and non 3GPP networks.\ud This paper provides an overview on the state-of-the-art\ud in IETF mobility protocols as they are being considered by\ud standardization organizations outside the IETF and focusing\ud on security aspects

The Impact of IPv6 on Penetration Testing

In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets