105 research outputs found
Recommended from our members
Security Through Obscurity Considered Dangerous
Hiding security vulnerabilities in algorithms, software, and/or hardware decreases the likelihood they will be repaired and increases the likelihood that they can and will be exploited by evil-doers. Discouraging or outlawing discussion of weaknesses and vulnerabilities is extremely dangerous and deleterious to the security of computer systems, the network, and its citizens
Recommended from our members
Configuration Management and Security
Proper configuration management is vital for host and network security. We outline the problems, especially for large-scale environments, and discuss the security aspects of a number of different configuration scenarios, including security appliances (e.g., firewalls), desktop and server computers, and PDAs. We conclude by discussing research challenges
Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering
A proposal to improve routing security---Route Origin Authorization
(ROA)---has been standardized. A ROA specifies which network is allowed to
announce a set of Internet destinations. While some networks now specify ROAs,
little is known about whether other networks check routes they receive against
these ROAs, a process known as Route Origin Validation (ROV). Which networks
blindly accept invalid routes? Which reject them outright? Which de-preference
them if alternatives exist?
Recent analysis attempts to use uncontrolled experiments to characterize ROV
adoption by comparing valid routes and invalid routes. However, we argue that
gaining a solid understanding of ROV adoption is impossible using currently
available data sets and techniques. Our measurements suggest that, although
some ISPs are not observed using invalid routes in uncontrolled experiments,
they are actually using different routes for (non-security) traffic engineering
purposes, without performing ROV. We conclude with a description of a
controlled, verifiable methodology for measuring ROV and present three ASes
that do implement ROV, confirmed by operators
A Multi-perspective Analysis of Carrier-Grade NAT Deployment
As ISPs face IPv4 address scarcity they increasingly turn to network address
translation (NAT) to accommodate the address needs of their customers.
Recently, ISPs have moved beyond employing NATs only directly at individual
customers and instead begun deploying Carrier-Grade NATs (CGNs) to apply
address translation to many independent and disparate endpoints spanning
physical locations, a phenomenon that so far has received little in the way of
empirical assessment. In this work we present a broad and systematic study of
the deployment and behavior of these middleboxes. We develop a methodology to
detect the existence of hosts behind CGNs by extracting non-routable IP
addresses from peer lists we obtain by crawling the BitTorrent DHT. We
complement this approach with improvements to our Netalyzr troubleshooting
service, enabling us to determine a range of indicators of CGN presence as well
as detailed insights into key properties of CGNs. Combining the two data
sources we illustrate the scope of CGN deployment on today's Internet, and
report on characteristics of commonly deployed CGNs and their effect on end
users
HAIR: Hierarchical Architecture for Internet Routing
Super-linear routing table growth, high update churn, lack of mobility and security, insufficient support for multi-homing and traffic engineering are some of the significant deficiencies of todayâs Internet. More and more researchers are convinced that these shortcomings cannot be resolved by incremental and band-aid solutions. In this paper, we introduce HAIR, a scalable routing architecture for the future Internet. It addresses many of the problems the Internet is facing today. The focus is on limiting routing table size and update churn while supporting legacy hosts and avoiding unnecessary burden for transit providers. The key idea is to combine a hierarchical routing approach with locator/identifier separation: The routing as well as the mapping system are organized in a hierarchical manner where updates to both systems are not globally visible as far as possible. First experiences with a prototype implementation are promising and demonstrate a potential migration path where legacy devices are supported as well
Caractérisation de la table de routage BGP
International audienceBGP routing table growth is one of the major Internet scaling issues, and prefix deaggregation is thought to be a major contributor to table growth. In this work we quantify the fragmentation of the routing table by the type of IP prefix. We observe that the proportion of deaggregated prefixes has quasi doubled in the last fifteen years. Our study also shows that the deaggregated prefixes are the least stable; they appear and disappear more frequently. While we can not see significant differences in path prepending between the categories, deaggregated prefixes do tend to be announced more selectively, indicating traffic engineering. We find cases where lonely prefixes are actually deaggregation in disguise. Indeed, some large transit ISPs advertise many lonely prefixes when they own the covering prefix. We show the extents of this practice that has a negative impact on the routing table even though it could usually be avoided.La croissance de la table de routage BGP est un des problĂšmes majeurs de l'expansion d'Internet, et la dĂ©saggrĂ©gation des prĂ©fixes semble ĂȘtre la cause principale de cette croissance. Dans cet article, nous quantifions la fragmentation de la table de routage BGP en classant les prĂ©fixes IP par type. Nous observons que la proportion de prĂ©fixes dĂ©saggrĂ©gĂ©s a doublĂ© dans les quinze derniĂšres annĂ©es. Nous montrons Ă©galement que ces prĂ©fixes sont les moins stables: ils apparaissent et disparaissent plus frĂ©quemment. MalgrĂ©s le taux similaire de path prepending pour les diffĂ©rentes catĂ©gories de prĂ©fixes, les prĂ©fixes dĂ©saggrĂ©gĂ©s ont tendance Ă ĂȘtre annoncĂ©s sĂ©lectivement, indiquant de l'ingĂ©nierie de trafic. Une partie des prĂ©fixes solitaires sont en rĂ©alitĂ© dĂ©saggrĂ©gĂ©s. En effet, certains grands FAI annoncent un grand nombre de prĂ©fixes solitaires alors qu'ils possĂšdent le prĂ©fixe les couvrant. Nous dĂ©voilons l'Ă©tendue de cette pratique qui a un effet non nĂ©gligeable sur la fragmentation de la table de routage alors qu'elle pourrait gĂ©nĂ©ralement ĂȘtre Ă©vitĂ©e
Expanding International Email Connectivity-- Another Look
12 pagesUnlike the situation of thirty years ago, when almost all important scientific
work occurred in Western countries, the scientific community is becoming
increasingly international. Important work and areas of study occur all over
the world. Collaborations and ability to access sources of data and other
resources are increasingly important to scientific progress. In many fields,
we see more and more inter-institutional collaborations on research and papers
that draw on the strengths of each of these institutions. Exchanges of ideas
and collaboration and review of proposals should not be limited to one
country, or even to developed areas. Especially in such areas as the health
and social sciences and in all of the various fields that study "global and
environmental future" issues, participation of scientists in developing areas
has become crucial. This is true whether the scientists themselves are
indigenous to, or visiting in, those areas; indeed, as the community becomes
more international, the distinction between the two is gradually becoming less
clear
- âŠ