Managing scientific data with named data networking

Many scientific domains, such as climate science and High Energy Physics (HEP), have data management requirements that are not well supported by the IP network architecture. Named Data Networking (NDN) is a new network architecture whose service model is better aligned with the needs of data-oriented applications. NDN provides features such as best-location retrieval, caching, load sharing, and transparent failover that would otherwise be painstakingly (re-)implemented by each application using point-to-point semantics in an IP network. We present the first scientific data management application designed and implemented on top of NDN. We use this application to manage climate and HEP data over a dedicated, high-performance, testbed. Our application has two main components: a UI for dataset discovery queries and a federation of synchronized name catalogs. We show how NDN primitives can be used to implement common data management operations such as publishing, search, efficient retrieval, and publication access control

Routing policies in named data networking

Modern inter-domain routing with BGP is based on policies rather than finding shortest paths. Network operators devise and implement policies affecting route selection and export independently of others. These policies are realized by tuning a variety of parameters, or knobs, present in BGP. Similarly, NDN, a information-centric future Internet architecture, will utilize a policy-based routing protocol such as BGP. However, NDN allows a finer granularity of policies (content names rather than hosts) and more traffic engineering opportunities. This work explores what routing policies could look like in an NDN Internet. We describe the knobs available to network operators and their possible settings. Furthermore, we explore the economic incentives present in an NDN Internet and reason how they might drive operators to set their policies

Analyzing the Aftermath of the McColo Shutdown

This paper examines how spam behavior was impacted by the shutdown of McColo, a service provider known for its lax security enforcement. Since the shutdown, a variety of sources have reported significant changes to global spam patterns. In an effort to clarify how spam has changed, we examine reputation data provided by a leading security vendor and present an analysis of spam before and after the Mc-Colo shutdown. We show that the actual number of spammers has decreased. We also examine the distribution of spammers both geographically and across the IP space. Our results show that 87 % spam sending regions suffered some reductions. Despite this however, the number of sources identified as spammers is still monotonically increasing and the spam volume has recovered to its pre-shutdown levels.

Behavior of DNS’ Top Talkers, a .com/.net View

This paper provides the first systematic study of DNS data taken from one of the 13 servers for the .com/.net registry. DNS\u27 generic Top Level Domains (gTLDs) such .com and .net serve resolvers from throughout the Internet and respond to billions of DNS queries every day. This study uses gTLD data to characterize the DNS resolver population and profile DNS query types. The results show a small and relatively stable set of resolvers (i.e. the top-talkers) constitute 90% of the overall traffic. The results provide a basis for understanding for this critical Internet service, insights on typical resolver behaviors and the use of IPv6 in DNS, and provides a foundation for further study of DNS behavior. © 2012 Springer-Verlag Berlin Heidelberg

Fingerprinting custom botnet protocol stacks

This paper explores the use of TCP fingerprints for identifying and blocking spammers. Evidence has shown that some bots use custom protocol stacks for tasks such as sending spam. If a receiver could effectively identify the bot TCP fingerprint, connection requests from spam bots could be dropped immediately, thus reducing the amount of spam received and processed by a mail server. Starting from a list of known spammers flagged by a commercial reputation list, we fingerprinted each spammer and found the roughly 90% have only a single known fingerprint typically associated with well known operating system stacks. For the spammers with multiple fingerprints, a particular combination of native/custom protocol stack fingerprints becomes very prominent. This allows us to extract the fingerprint of the custom stack and then use it to detect more bots that were not flagged by the commercial service. We applied our methodology to a trace captured at our regional ISP, and clearly detected bots belonging to the Srizbi botnet. ©2010 IEEE