Reverse Traceroute

Tato práce se zabývá problematikou zjišťování zpětných cest v Internetu. Nástroj, který by byl schopen určit zpětnou cestu, by mohl být cenný v například v případech, kdy určitá část zákazníků pozoruje zvýšenou latenci při využívání služby. Klasickým nástrojem pro analýzu cesty k cílovému počítači je traceroute. Práce se detailně zabývá diagnostickým nástrojem traceroute a jsou diskutovány nejen jeho rozšíření, ale také nedostatky v sítích, kde se vyskytuje vyvažování provozu, a jejich možná řešení. Nicméně, pokud se problém nachází ve směru od zákazníků k poskytovateli služby, pak odhalení problému může být problematické. Dále je studován existující výzkum v oblasti zjišťování zpětných tras v Internetu a nástroje pro diagnostiku sítě. Součástí práce je navržení a implementace nástroje, který je schopen aproximovat zpětnou cestu s využitím vhodné RIPE Atlas sondy a získaná data dále analyzovat. Implementovaný nástroj byl testován na vytvořené topologii i v reálném provozu s využitím referenčního virtuálního serveru.This thesis deals with finding a reverse path between two hosts in the Internet. A tool providing information about reverse path could be priceless in situations in which some customers experience high latency when accessing a service. The standard tool for forward path discovery is traceroute. Traceroute is described in a great detail along with its extensions and limitations, especially in load-balanced environment. However, if the problem is on the path from customers to a service provider, it may not be a trivial task to find it from the provider's side. Related projects dealing with packet tracing and network diagnostic tools are studied. Integral part of this thesis is the design and implementation of a tool that is able to approximate return path from an arbitrary host. Implemented tool is evaluated using deployed test network as well as in real world conditions using a virtual private server as a reference.

Defending Tor from Network Adversaries: A Case Study of Network Path Prediction

The Tor anonymity network has been shown vulnerable to traffic analysis attacks by autonomous systems and Internet exchanges, which can observe different overlay hops belonging to the same circuit. We aim to determine whether network path prediction techniques provide an accurate picture of the threat from such adversaries, and whether they can be used to avoid this threat. We perform a measurement study by running traceroutes from Tor relays to destinations around the Internet. We use the data to evaluate the accuracy of the autonomous systems and Internet exchanges that are predicted to appear on the path using state-of-the-art path inference techniques; we also consider the impact that prediction errors have on Tor security, and whether it is possible to produce a useful overestimate that does not miss important threats. Finally, we evaluate the possibility of using these predictions to actively avoid AS and IX adversaries and the challenges this creates for the design of Tor

Passport: enabling accurate country-level router geolocation using inaccurate sources

When does Internet traffic cross international borders? This question has major geopolitical, legal and social implications and is surprisingly difficult to answer. A critical stumbling block is a dearth of tools that accurately map routers traversed by Internet traffic to the countries in which they are located. This paper presents Passport: a new approach for efficient, accurate country-level router geolocation and a system that implements it. Passport provides location predictions with limited active measurements, using machine learning to combine information from IP geolocation databases, router hostnames, whois records, and ping measurements. We show that Passport substantially outperforms existing techniques, and identify cases where paths traverse countries with implications for security, privacy, and performance.First author draf

Passport: Enabling Accurate Country-Level Router Geolocation using Inaccurate Sources

When does Internet traffic cross international borders? This question has major geopolitical, legal and social implications and is surprisingly difficult to answer. A critical stumbling block is a dearth of tools that accurately map routers traversed by Internet traffic to the countries in which they are located. This paper presents Passport: a new approach for efficient, accurate country-level router geolocation and a system that implements it. Passport provides location predictions with limited active measurements, using machine learning to combine information from IP geolocation databases, router hostnames, whois records, and ping measurements. We show that Passport substantially outperforms existing techniques, and identify cases where paths traverse countries with implications for security, privacy, and performance

Active Topology Inference using Network Coding

Our goal is to infer the topology of a network when (i) we can send probes between sources and receivers at the edge of the network and (ii) intermediate nodes can perform simple network coding operations, i.e., additions. Our key intuition is that network coding introduces topology-dependent correlation in the observations at the receivers, which can be exploited to infer the topology. For undirected tree topologies, we design hierarchical clustering algorithms, building on our prior work. For directed acyclic graphs (DAGs), first we decompose the topology into a number of two-source, two-receiver (2-by-2) subnetwork components and then we merge these components to reconstruct the topology. Our approach for DAGs builds on prior work on tomography, and improves upon it by employing network coding to accurately distinguish among all different 2-by-2 components. We evaluate our algorithms through simulation of a number of realistic topologies and compare them to active tomographic techniques without network coding. We also make connections between our approach and alternatives, including passive inference, traceroute, and packet marking

Multilevel MDA-Lite Paris Traceroute

Since its introduction in 2006-2007, Paris Traceroute and its Multipath Detection Algorithm (MDA) have been used to conduct well over a billion IP level multipath route traces from platforms such as M-Lab. Unfortunately, the MDA requires a large number of packets in order to trace an entire topology of load balanced paths between a source and a destination, which makes it undesirable for platforms that otherwise deploy Paris Traceroute, such as RIPE Atlas. In this paper we present a major update to the Paris Traceroute tool. Our contributions are: (1) MDA-Lite, an alternative to the MDA that significantly cuts overhead while maintaining a low failure probability; (2) Fakeroute, a simulator that enables validation of a multipath route tracing tool's adherence to its claimed failure probability bounds; (3) multilevel multipath route tracing, with, for the first time, a Traceroute tool that provides a router-level view of multipath routes; and (4) surveys at both the IP and router levels of multipath routing in the Internet, showing, among other things, that load balancing topologies have increased in size well beyond what has been previously reported as recently as 2016. The data and the software underlying these results are publicly available.Comment: Preprint. To appear in Proc. ACM Internet Measurement Conference 201