2,882 research outputs found
DCCP Simultaneous-Open Technique to Facilitate NAT/Middlebox Traversal
https://datatracker.ietf.org/doc/rfc5595/Publisher PD
Peer-to-Peer Communication Across Network Address Translators
Network Address Translation (NAT) causes well-known difficulties for
peer-to-peer (P2P) communication, since the peers involved may not be reachable
at any globally valid IP address. Several NAT traversal techniques are known,
but their documentation is slim, and data about their robustness or relative
merits is slimmer. This paper documents and analyzes one of the simplest but
most robust and practical NAT traversal techniques, commonly known as "hole
punching." Hole punching is moderately well-understood for UDP communication,
but we show how it can be reliably used to set up peer-to-peer TCP streams as
well. After gathering data on the reliability of this technique on a wide
variety of deployed NATs, we find that about 82% of the NATs tested support
hole punching for UDP, and about 64% support hole punching for TCP streams. As
NAT vendors become increasingly conscious of the needs of important P2P
applications such as Voice over IP and online gaming protocols, support for
hole punching is likely to increase in the future.Comment: 8 figures, 1 tabl
A Multi-perspective Analysis of Carrier-Grade NAT Deployment
As ISPs face IPv4 address scarcity they increasingly turn to network address
translation (NAT) to accommodate the address needs of their customers.
Recently, ISPs have moved beyond employing NATs only directly at individual
customers and instead begun deploying Carrier-Grade NATs (CGNs) to apply
address translation to many independent and disparate endpoints spanning
physical locations, a phenomenon that so far has received little in the way of
empirical assessment. In this work we present a broad and systematic study of
the deployment and behavior of these middleboxes. We develop a methodology to
detect the existence of hosts behind CGNs by extracting non-routable IP
addresses from peer lists we obtain by crawling the BitTorrent DHT. We
complement this approach with improvements to our Netalyzr troubleshooting
service, enabling us to determine a range of indicators of CGN presence as well
as detailed insights into key properties of CGNs. Combining the two data
sources we illustrate the scope of CGN deployment on today's Internet, and
report on characteristics of commonly deployed CGNs and their effect on end
users
An SDN-based Approach For Defending Against Reflective DDoS Attacks
Distributed Reflective Denial of Service (DRDoS) attacks are an immanent
threat to Internet services. The potential scale of such attacks became
apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel
services built upon UDP increase the need for automated mitigation mechanisms
that react to attacks without prior knowledge of the actual application
protocols used. With the flexibility that software-defined networks offer, we
developed a new approach for defending against DRDoS attacks; it not only
protects against arbitrary DRDoS attacks but is also transparent for the attack
target and can be used without assistance of the target host operator. The
approach provides a robust mitigation system which is protocol-agnostic and
effective in the defense against DRDoS attacks
Fake View Analytics in Online Video Services
Online video-on-demand(VoD) services invariably maintain a view count for
each video they serve, and it has become an important currency for various
stakeholders, from viewers, to content owners, advertizers, and the online
service providers themselves. There is often significant financial incentive to
use a robot (or a botnet) to artificially create fake views. How can we detect
the fake views? Can we detect them (and stop them) using online algorithms as
they occur? What is the extent of fake views with current VoD service
providers? These are the questions we study in the paper. We develop some
algorithms and show that they are quite effective for this problem.Comment: 25 pages, 15 figure
Mesmerizer: A Effective Tool for a Complete Peer-to-Peer Software Development Life-cycle
In this paper we present what are, in our experience, the best
practices in Peer-To-Peer(P2P) application development and
how we combined them in a middleware platform called Mesmerizer. We explain how simulation is an integral part of
the development process and not just an assessment tool.
We then present our component-based event-driven framework for P2P application development, which can be used
to execute multiple instances of the same application in a
strictly controlled manner over an emulated network layer
for simulation/testing, or a single application in a concurrent
environment for deployment purpose. We highlight modeling aspects that are of critical importance for designing and
testing P2P applications, e.g. the emulation of Network Address Translation and bandwidth dynamics. We show how
our simulator scales when emulating low-level bandwidth
characteristics of thousands of concurrent peers while preserving a good degree of accuracy compared to a packet-level
simulator
NATCracker: NAT Combinations Matter
In this paper, we report our experience in working
with Network Address Translators (NATs). Traditionally, there
were only 4 types of NATs. For each type, the (im)possibility
of traversal is well-known. Recently, the NAT community has
provided a deeper dissection of NAT behaviors resulting into at
least 27 types and documented the (im)possibility of traversal
for some types. There are, however, two fundamental issues that
were not previously tackled by the community. First, given the
more elaborate set of behaviors, it is incorrect to reason about
traversing a single NAT, instead combinations must be considered
and we have not found any study that comprehensively states,
for every possible combination, whether direct connectivity with
no relay is feasible. Such a statement is the first outcome of the
paper. Second, there is a serious need for some kind of formalism
to reason about NATs which is a second outcome of this paper.
The results were obtained using our own scheme which is an
augmentation of currently-known traversal methods. The scheme
is validated by reasoning using our formalism, simulation and
implementation in a real P2P network
- …