721 research outputs found
Defending Tor from Network Adversaries: A Case Study of Network Path Prediction
The Tor anonymity network has been shown vulnerable to traffic analysis
attacks by autonomous systems and Internet exchanges, which can observe
different overlay hops belonging to the same circuit. We aim to determine
whether network path prediction techniques provide an accurate picture of the
threat from such adversaries, and whether they can be used to avoid this
threat. We perform a measurement study by running traceroutes from Tor relays
to destinations around the Internet. We use the data to evaluate the accuracy
of the autonomous systems and Internet exchanges that are predicted to appear
on the path using state-of-the-art path inference techniques; we also consider
the impact that prediction errors have on Tor security, and whether it is
possible to produce a useful overestimate that does not miss important threats.
Finally, we evaluate the possibility of using these predictions to actively
avoid AS and IX adversaries and the challenges this creates for the design of
Tor
Implementation and Deployment of a Distributed Network Topology Discovery Algorithm
In the past few years, the network measurement community has been interested
in the problem of internet topology discovery using a large number (hundreds or
thousands) of measurement monitors. The standard way to obtain information
about the internet topology is to use the traceroute tool from a small number
of monitors. Recent papers have made the case that increasing the number of
monitors will give a more accurate view of the topology. However, scaling up
the number of monitors is not a trivial process. Duplication of effort close to
the monitors wastes time by reexploring well-known parts of the network, and
close to destinations might appear to be a distributed denial-of-service (DDoS)
attack as the probes converge from a set of sources towards a given
destination. In prior work, authors of this report proposed Doubletree, an
algorithm for cooperative topology discovery, that reduces the load on the
network, i.e., router IP interfaces and end-hosts, while discovering almost as
many nodes and links as standard approaches based on traceroute. This report
presents our open-source and freely downloadable implementation of Doubletree
in a tool we call traceroute@home. We describe the deployment and validation of
traceroute@home on the PlanetLab testbed and we report on the lessons learned
from this experience. We discuss how traceroute@home can be developed further
and discuss ideas for future improvements
From BGP to RTT and Beyond: Matching BGP Routing Changes and Network Delay Variations with an Eye on Traceroute Paths
Many organizations have the mission of assessing the quality of broadband
access services offered by Internet Service Providers (ISPs). They deploy
network probes that periodically perform network measures towards selected
Internet services. By analyzing the data collected by the probes it is often
possible to gain a reasonable estimate of the bandwidth made available by the
ISP. However, it is much more difficult to use such data to explain who is
responsible of the fluctuations of other network qualities. This is especially
true for latency, that is fundamental for several nowadays network services. On
the other hand, there are many publicly accessible BGP routers that collect the
history of routing changes and that are good candidates to be used for
understanding if latency fluctuations depend on interdomain routing.
In this paper we provide a methodology that, given a probe that is located
inside the network of an ISP and that executes latency measures and given a set
of publicly accessible BGP routers located inside the same ISP, decides which
routers are best candidates (if any) for studying the relationship between
variations of network performance recorded by the probe and interdomain routing
changes. We validate the methodology with experimental studies based on data
gathered by the RIPE NCC, an organization that is well-known to be independent
and that publishes both BGP data within the Routing Information Service (RIS)
and probe measurement data within the Atlas project
Measured impact of crooked traceroute
Data collected using traceroute-based algorithms underpins research into the Internet’s router-level topology, though it is possible to infer false links from this data. One source of false inference is the combination of per-flow load-balancing, in which more than one path is active from a given source to destination, and classic traceroute, which varies the UDP destination port number or ICMP checksum of successive probe packets, which can cause per-flow load-balancers to treat successive packets as distinct flows and forward them along different paths. Consequently, successive probe packets can solicit responses from unconnected routers, leading to the inference of false links. This paper examines the inaccuracies induced from such false inferences, both on macroscopic and ISP topology mapping. We collected macroscopic topology data to 365k destinations, with techniques that both do and do not try to capture load balancing phenomena.We then use alias resolution techniques to infer if a measurement artifact of classic traceroute induces a false router-level link. This technique detected that 2.71% and 0.76% of the links in our UDP and ICMP graphs were falsely inferred due to the presence of load-balancing. We conclude that most per-flow load-balancing does not induce false links when macroscopic topology is inferred using classic traceroute. The effect of false links on ISP topology mapping is possibly much worse, because the degrees of a tier-1 ISP’s routers derived from classic traceroute were inflated by a median factor of 2.9 as compared to those inferred with Paris traceroute
The Internet AS-Level Topology: Three Data Sources and One Definitive Metric
We calculate an extensive set of characteristics for Internet AS topologies
extracted from the three data sources most frequently used by the research
community: traceroutes, BGP, and WHOIS. We discover that traceroute and BGP
topologies are similar to one another but differ substantially from the WHOIS
topology. Among the widely considered metrics, we find that the joint degree
distribution appears to fundamentally characterize Internet AS topologies as
well as narrowly define values for other important metrics. We discuss the
interplay between the specifics of the three data collection mechanisms and the
resulting topology views. In particular, we show how the data collection
peculiarities explain differences in the resulting joint degree distributions
of the respective topologies. Finally, we release to the community the input
topology datasets, along with the scripts and output of our calculations. This
supplement should enable researchers to validate their models against real data
and to make more informed selection of topology data sources for their specific
needs.Comment: This paper is a revised journal version of cs.NI/050803
Passport: enabling accurate country-level router geolocation using inaccurate sources
When does Internet traffic cross international borders? This question has major geopolitical, legal and social implications and is surprisingly difficult to answer. A critical stumbling block is a dearth of tools that accurately map routers traversed by Internet traffic to the countries in which they are located. This paper presents Passport: a new approach for efficient, accurate country-level router geolocation and a system that implements it. Passport provides location predictions with limited active measurements, using machine learning to combine information from IP geolocation databases, router hostnames, whois records, and ping measurements. We show that Passport substantially outperforms existing techniques, and identify cases where paths traverse countries with implications for security, privacy, and performance.First author draf
Dynamic Exploration of Networks: from general principles to the traceroute process
Dynamical processes taking place on real networks define on them evolving
subnetworks whose topology is not necessarily the same of the underlying one.
We investigate the problem of determining the emerging degree distribution,
focusing on a class of tree-like processes, such as those used to explore the
Internet's topology. A general theory based on mean-field arguments is
proposed, both for single-source and multiple-source cases, and applied to the
specific example of the traceroute exploration of networks. Our results provide
a qualitative improvement in the understanding of dynamical sampling and of the
interplay between dynamics and topology in large networks like the Internet.Comment: 13 pages, 6 figure
Passport: Enabling Accurate Country-Level Router Geolocation using Inaccurate Sources
When does Internet traffic cross international borders? This question has
major geopolitical, legal and social implications and is surprisingly difficult
to answer. A critical stumbling block is a dearth of tools that accurately map
routers traversed by Internet traffic to the countries in which they are
located. This paper presents Passport: a new approach for efficient, accurate
country-level router geolocation and a system that implements it. Passport
provides location predictions with limited active measurements, using machine
learning to combine information from IP geolocation databases, router
hostnames, whois records, and ping measurements. We show that Passport
substantially outperforms existing techniques, and identify cases where paths
traverse countries with implications for security, privacy, and performance
- …