Temporal and Spatial Classification of Active IPv6 Addresses

There is striking volume of World-Wide Web activity on IPv6 today. In early 2015, one large Content Distribution Network handles 50 billion IPv6 requests per day from hundreds of millions of IPv6 client addresses; billions of unique client addresses are observed per month. Address counts, however, obscure the number of hosts with IPv6 connectivity to the global Internet. There are numerous address assignment and subnetting options in use; privacy addresses and dynamic subnet pools significantly inflate the number of active IPv6 addresses. As the IPv6 address space is vast, it is infeasible to comprehensively probe every possible unicast IPv6 address. Thus, to survey the characteristics of IPv6 addressing, we perform a year-long passive measurement study, analyzing the IPv6 addresses gleaned from activity logs for all clients accessing a global CDN. The goal of our work is to develop flexible classification and measurement methods for IPv6, motivated by the fact that its addresses are not merely more numerous; they are different in kind. We introduce the notion of classifying addresses and prefixes in two ways: (1) temporally, according to their instances of activity to discern which addresses can be considered stable; (2) spatially, according to the density or sparsity of aggregates in which active addresses reside. We present measurement and classification results numerically and visually that: provide details on IPv6 address use and structure in global operation across the past year; establish the efficacy of our classification methods; and demonstrate that such classification can clarify dimensions of the Internet that otherwise appear quite blurred by current IPv6 addressing practices

Internet Localization of Multi-Party Relay Users: Inherent Friction Between Internet Services and User Privacy

Internet privacy is increasingly important on the modern Internet. Users are looking to control the trail of data that they leave behind on the systems that they interact with. Multi-Party Relay (MPR) architectures lower the traditional barriers to adoption of privacy enhancing technologies on the Internet. MPRs are unique from legacy architectures in that they are able to offer privacy guarantees without paying significant performance penalties. Apple's iCloud Private Relay is a recently deployed MPR service, creating the potential for widespread consumer adoption of the architecture. However, many current Internet-scale systems are designed based on assumptions that may no longer hold for users of privacy enhancing systems like Private Relay. There are inherent tensions between systems that rely on data about users -- estimated location of a user based on their IP address, for example -- and the trend towards a more private Internet. This work studies a core function that is widely used to control network and application behavior, IP geolocation, in the context of iCloud Private Relay usage. We study the location accuracy of popular IP geolocation services compared against the published location dataset that Apple publicly releases to explicitly aid in geolocating PR users. We characterize geolocation service performance across a number of dimensions, including different countries, IP version, infrastructure provider, and time. Our findings lead us to conclude that existing approaches to IP geolocation (e.g., frequently updated databases) perform inadequately for users of the MPR architecture. For example, we find median location errors >1,000 miles in some countries for IPv4 addresses using IP2Location. Our findings lead us to conclude that new, privacy-focused, techniques for inferring user location may be required as privacy becomes a default user expectation on the Internet

Entropy/IP: Uncovering Structure in IPv6 Addresses

In this paper, we introduce Entropy/IP: a system that discovers Internet address structure based on analyses of a subset of IPv6 addresses known to be active, i.e., training data, gleaned by readily available passive and active means. The system is completely automated and employs a combination of information-theoretic and machine learning techniques to probabilistically model IPv6 addresses. We present results showing that our system is effective in exposing structural characteristics of portions of the IPv6 Internet address space populated by active client, service, and router addresses. In addition to visualizing the address structure for exploration, the system uses its models to generate candidate target addresses for scanning. For each of 15 evaluated datasets, we train on 1K addresses and generate 1M candidates for scanning. We achieve some success in 14 datasets, finding up to 40% of the generated addresses to be active. In 11 of these datasets, we find active network identifiers (e.g., /64 prefixes or `subnets') not seen in training. Thus, we provide the first evidence that it is practical to discover subnets and hosts by scanning probabilistically selected areas of the IPv6 address space not known to contain active hosts a priori.Comment: Paper presented at the ACM IMC 2016 in Santa Monica, USA (https://dl.acm.org/citation.cfm?id=2987445). Live Demo site available at http://www.entropy-ip.com

Measuring and Analysing the Chain of Implicit Trust: AStudy of Third-party Resources Loading

The web is a tangled mass of interconnected services, whereby websites import a range of external resources from various third-party domains. The latter can also load further resources hosted on other domains. For each website, this creates a dependency chain underpinned by a form of implicit trust between the first-party and transitively connected third parties. The chain can only be loosely controlled as first-party websites often have little, if any, visibility on where these resources are loaded from. This article performs a large-scale study of dependency chains in the web to find that around 50% of first-party websites render content that they do not directly load. Although the majority (84.91%) of websites have short dependency chains (below three levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of these third parties are classified as suspicious—although seemingly small, this limited set of suspicious third parties have remarkable reach into the wider ecosystem. We find that 73% of websites under-study load resources from suspicious third parties, and 24.8% of first-party webpages contain at least three third parties classified as suspicious in their dependency chain. By running sandboxed experiments, we observe a range of activities with the majority of suspicious JavaScript codes downloading malware

Water Quality Engineering and Wastewater Treatment

Clean water is one of the most important natural resources on earth. Wastewater, which is spent water, is also a valuable natural resource. However, wastewater may contain many contaminants and cannot be released back into the environment until the contaminants are removed. Untreated wastewater and inadequately treated wastewater may have a detrimental effect on the environment and has a harmful effect on human health. Water quality engineering addresses the sources, transport and treatment of chemical and microbiological contaminants that affect water. Objectives for the treatment of wastewater are that the treated wastewater can meet national effluent standards for the protection of the environment and the protection of public health. This book, which is based on the Special Issue, includes contributions on advanced technologies applied to the treatment of municipal and industrial wastewater and sludge. The book deals with recent advances in municipal wastewater, industrial wastewater, and sludge treatment technologies, health effects of municipal wastewater, risk management, energy efficient wastewater treatment, water sustainability, water reuse and resource recovery

Efficient techniques for end-to-end bandwidth estimation: performance evaluations and scalable deployment

Several applications, services, and protocols are conjectured to benefit from the knowledge of the end-to-end available bandwidth on a given Internet path. Unfortunately, despite the availability of several bandwidth estimation techniques, there has been only a limited adoption of these in contemporary applications. We identify two issues that contribute to this state of affairs. First, there is a lack of comprehensive evaluations that can help application developers in calibrating the relative performance of these tools--this is especially limiting since the performance of these tools depends on algorithmic, implementation, as well as temporal aspects of probing for available bandwidth. Second, most existing bandwidth estimation tools impose a large probing overhead on the paths over which bandwidth is measured. This can be a significant deterrent for deploying these tools in distributed infrastructures that need to measure bandwidth on several paths periodically. In this dissertation, we address the two issues raised above by making the following contributions: We conduct the first comprehensive black-box evaluation of a large suite of prominent available bandwidth estimation tools on a high-speed network. In this evaluation,we also illustrate the impact that technological and implementation limitations can have on the performance of bandwidth-estimation tools. We conduct the first comprehensive evaluation of available bandwidth estimation algorithms, independent of systemic and implementation biases. In this evaluation, we also illustrate the impact temporal factor such as measurement timescales have on the observed relative performance of bandwidth-estimation tools. We demonstrate that temporal properties can significantly impact the AB estimation process. We redesign the interfaces of existing bandwidth-estimation tools to allow temporal parameters to be explicitly specified and controlled. We design AB inference schemes which can be used to scalably and collaboratively infer the available bandwidth for a large set of end-to-end paths. These schemes allow an operator to select the desired operating point in the trade-off between accuracy and overhead of AB estimation. We further demonstrate that in order to monitor the bandwidth on all paths of a network we do not need access to per-hop bandwidth estimates and can simply rely on end-to-end bandwidth estimates

October 3, 2008, Ohio University Board of Trustees Meeting Minutes

Meeting minutes document the activities of Ohio University\u27s Board of Trustees

Energy. A continuing bibliography with indexes, issue 36, January 1983

This bibliography lists 1297 reports, articles, and other documents introduced into the NASA scientific and technical information system from October 1, 1982 through December 31, 1982