Kirin: Hitting the Internet with Millions of Distributed IPv6 Announcements

The Internet is a critical resource in the day-to-day life of billions of users. To support the growing number of users and their increasing demands, operators have to continuously scale their network footprint -- e.g., by joining Internet Exchange Points -- and adopt relevant technologies -- such as IPv6. IPv6, however, has a vastly larger address space compared to its predecessor, which allows for new kinds of attacks on the Internet routing infrastructure. In this paper, we revisit prefix de-aggregation attacks in the light of these two changes and introduce Kirin -- an advanced BGP prefix de-aggregation attack that sources millions of IPv6 routes and distributes them via thousands of sessions across various IXPs to overflow the memory of border routers within thousands of remote ASes. Kirin's highly distributed nature allows it to bypass traditional route-flooding defense mechanisms, such as per-session prefix limits or route flap damping. We analyze the theoretical feasibility of the attack by formulating it as a Integer Linear Programming problem, test for practical hurdles by deploying the infrastructure required to perform a small-scale Kirin attack using 4 IXPs, and validate our assumptions via BGP data analysis, real-world measurements, and router testbed experiments. Despite its low deployment cost, we find Kirin capable of injecting lethal amounts of IPv6 routes in the routers of thousands of ASes

Bias in Internet Measurement Platforms

Network operators and researchers frequently use Internet measurement platforms (IMPs), such as RIPE Atlas, RIPE RIS, or RouteViews for, e.g., monitoring network performance, detecting routing events, topology discovery, or route optimization. To interpret the results of their measurements and avoid pitfalls or wrong generalizations, users must understand a platform's limitations. To this end, this paper studies an important limitation of IMPs, the \textit{bias}, which exists due to the non-uniform deployment of the vantage points. Specifically, we introduce a generic framework to systematically and comprehensively quantify the multi-dimensional (e.g., across location, topology, network types, etc.) biases of IMPs. Using the framework and open datasets, we perform a detailed analysis of biases in IMPs that confirms well-known (to the domain experts) biases and sheds light on less-known or unexplored biases. To facilitate IMP users to obtain awareness of and explore bias in their measurements, as well as further research and analyses (e.g., methods for mitigating bias), we publicly share our code and data, and provide online tools (API, Web app, etc.) that calculate and visualize the bias in measurement setups

Human cerebrovascular contractile receptors are upregulated via a B-Raf/MEK/ERK-sensitive signaling pathway

<p>Abstract</p> <p>Background</p> <p>Cerebral ischemia results in a rapid increase in contractile cerebrovascular receptors, such as the 5-hydroxytryptamine type 1B (5-HT_1B), angiotensin II type 1 (AT₁), and endothelin type B (ET_B) receptors, in the vessel walls within the ischemic region, which further impairs local blood flow and aggravates tissue damage. This receptor upregulation occurs via activation of the mitogen-activated protein kinase pathway. We therefore hypothesized an important role for B-Raf, the first signaling molecule in the pathway. To test our hypothesis, human cerebral arteries were incubated at 37°C for 48 h in the absence or presence of a B-Raf inhibitor: SB-386023 or SB-590885. Contractile properties were evaluated in a myograph and protein expression of the individual receptors and activated phosphorylated B-Raf (p-B-Raf) was evaluated immunohistochemically.</p> <p>Results</p> <p>5-HT_1B, AT₁, and ET_Breceptor-mediated contractions were significantly reduced by application of SB-590885, and to a smaller extent by SB-386023. A marked reduction in AT₁receptor immunoreactivity was observed after treatment with SB-590885. Treatment with SB-590885 and SB-386023 diminished the culture-induced increase of p-B-Raf immunoreactivity.</p> <p>Conclusions</p> <p>B-Raf signaling has a key function in the altered expression of vascular contractile receptors observed after organ culture. Therefore, specific targeting of B-Raf might be a novel approach to reduce tissue damage after cerebral ischemia by preventing the previously observed upregulation of contractile receptors in smooth muscle cells.</p

Identification of genetic variants associated with Huntington's disease progression: a genome-wide association study

Background Huntington's disease is caused by a CAG repeat expansion in the huntingtin gene, HTT. Age at onset has been used as a quantitative phenotype in genetic analysis looking for Huntington's disease modifiers, but is hard to define and not always available. Therefore, we aimed to generate a novel measure of disease progression and to identify genetic markers associated with this progression measure. Methods We generated a progression score on the basis of principal component analysis of prospectively acquired longitudinal changes in motor, cognitive, and imaging measures in the 218 indivduals in the TRACK-HD cohort of Huntington's disease gene mutation carriers (data collected 2008–11). We generated a parallel progression score using data from 1773 previously genotyped participants from the European Huntington's Disease Network REGISTRY study of Huntington's disease mutation carriers (data collected 2003–13). We did a genome-wide association analyses in terms of progression for 216 TRACK-HD participants and 1773 REGISTRY participants, then a meta-analysis of these results was undertaken. Findings Longitudinal motor, cognitive, and imaging scores were correlated with each other in TRACK-HD participants, justifying use of a single, cross-domain measure of disease progression in both studies. The TRACK-HD and REGISTRY progression measures were correlated with each other (r=0·674), and with age at onset (TRACK-HD, r=0·315; REGISTRY, r=0·234). The meta-analysis of progression in TRACK-HD and REGISTRY gave a genome-wide significant signal (p=1·12 × 10−10) on chromosome 5 spanning three genes: MSH3, DHFR, and MTRNR2L2. The genes in this locus were associated with progression in TRACK-HD (MSH3 p=2·94 × 10−8 DHFR p=8·37 × 10−7 MTRNR2L2 p=2·15 × 10−9) and to a lesser extent in REGISTRY (MSH3 p=9·36 × 10−4 DHFR p=8·45 × 10−4 MTRNR2L2 p=1·20 × 10−3). The lead single nucleotide polymorphism (SNP) in TRACK-HD (rs557874766) was genome-wide significant in the meta-analysis (p=1·58 × 10−8), and encodes an aminoacid change (Pro67Ala) in MSH3. In TRACK-HD, each copy of the minor allele at this SNP was associated with a 0·4 units per year (95% CI 0·16–0·66) reduction in the rate of change of the Unified Huntington's Disease Rating Scale (UHDRS) Total Motor Score, and a reduction of 0·12 units per year (95% CI 0·06–0·18) in the rate of change of UHDRS Total Functional Capacity score. These associations remained significant after adjusting for age of onset. Interpretation The multidomain progression measure in TRACK-HD was associated with a functional variant that was genome-wide significant in our meta-analysis. The association in only 216 participants implies that the progression measure is a sensitive reflection of disease burden, that the effect size at this locus is large, or both. Knockout of Msh3 reduces somatic expansion in Huntington's disease mouse models, suggesting this mechanism as an area for future therapeutic investigation

Routegazing : analysing the evolving internet routing ecosystem

The Internet's routing ecosystem constantly evolves to meet the needs of its stakeholders and users. Tracking this evolution is essential, e.g., to identify business opportunities, address security challenges, or inform protocol design. However, most Internet protocols were designed without measurability in mind; hence, many measurements and inference methods rely on exploiting protocol-specific side effects. This dissertation first assesses the limitations of our deployed observation infrastructures and commonly used inference methods via three orthogonal contributions: a case study on a European Internet Exchange Point to assess our visibility into the Internet's AS topology; a framework to identify and measure biases in the placement of our vantage points across multiple dimensions; and a systematic analysis of the biases and sensitivity of AS relationship inference algorithms. We found that our view of the Internet's AS topology diminishes over time, and that our AS relationship models are more biased and sensitive to short-term routing dynamics than previously assumed. With these limitations in mind, we focused on one of the most critical routing ecosystem changes, IPv4 exhaustion, and two ways network operators can deal with it. First, we explored the IPv4 buying and leasing markets, identified market trends, and discussed the viability of these markets for different network types. Second, we analyzed the benefits, usage patterns, and disadvantages of announcing tiny address blocks—which we call "hyper-specific." We argue that a combination of leased IPv4 addresses and hyper-specific prefix announcements likely suffice for many networks to bridge the gap until full IPv6 adoption. Besides its IPv6 adoption, the routing ecosystem also evolved in other dimensions. We first studied AS path prepending to assess the security implication of these changes. We found a typical configuration with no benefits yet an increase of an AS's vulnerability to prefix hijacks. Infrastructural changes led to an overall decrease in prepending sizes over time and hence a safer use of the technique. However, we demonstrated that we can exploit the same changes to re-orchestrate prefix de-aggregation attacks to overcome widely deployed prevention mechanisms. We validated our assumptions and attack model using a real-world testbed and proposed updates to existing prevention mechanisms. Our two-stage disclosure campaign contributed to a safer routing ecosystem.Das Routing-Ökosystem des Internets entwickelt sich ständig weiter, um den Bedürfnissen der Beteiligten und Nutzer gerecht zu werden. Die Verfolgung dieser Entwicklung ist wichtig, um z.B. Geschäftsmöglichkeiten zu erkennen, Sicherheitsprobleme zu antizipieren oder neue Protokolle zu entwickeln. Die meisten Internetprotokolle wurden jedoch ohne Rücksicht auf ihre Messbarkeit entworfen; daher beruhen viele Messungen und Schlussfolgerungsmethoden auf der Ausnutzung protokollspezifischer Nebeneffekte. In dieser Dissertation werden zunächst die Grenzen der von uns eingesetzten Beobachtungsinfrastrukturen und der gängigen Inferenzmethoden anhand von drei orthogonalen Beiträgen bewertet: eine Fallstudie an einem europäischen Internet-Austauschpunkt zur Bewertung der Vollständigkeit unserer Sicht auf die AS-Topologie des Internets; ein Rahmenwerk zur Identifizierung und Messung von Verzerrungen bei der Platzierung unserer Beobachtungspunkte über mehrere Dimensionen hinweg; und eine systematische Analyse der Verzerrungen und der Empfindlichkeit von Algorithmen zur Inferenz von AS-Beziehungen. Unser Blick auf die AS-Topologie des Internets nimmt mit der Zeit ab, und unsere AS-Beziehungsmodelle sind voreingenommener und empfindlicher gegenüber kurzfristigen Routing-Dynamiken als bisher angenommen. Mit diesen Einschränkungen im Hinterkopf haben wir uns auf eine der kritischsten Veränderungen im Routing-Ökosystem, die Erschöpfung von IPv4, und zwei Möglichkeiten, wie Netzbetreiber damit umgehen können, konzentriert. Zunächst untersuchten wir die Kauf- und Leasingmärkte für IPv4 Addresses, ermittelten Markttrends und diskutierten die Nutzbarkeit dieser Optionen für verschiedene Netzwerktypen. Danach haben wir die Vorteile, Nutzungsmuster und Nachteile der Nutzung von Routen für winzige Adressblöcke, die wir "hyperspezifisch" nennen, analysiert. Wir argumentieren, dass eine Kombination aus geleasten IPv4-Adressen und hyper-spezifischen Routen für viele Netze ausreichen dürfte, um die Zeit bis zur vollständigen Verfügbarkeit von IPv6 zu überbrücken. Neben der IPv6-Einführung hat sich das Routing-Ökosystem auch in anderen Bereichen weiterentwickelt. Wir untersuchen zunächst exemplarisch das AS Path Prepending, um die Auswirkungen dieser Änderungen auf die Sicherheit zu bewerten. Wir haben eine typische Konfiguration gefunden, die keine Vorteile bringt, aber die Anfälligkeit eines Netzwerks für Präfix-Hijacks erhöht. Infrastrukturelle Änderungen führten zu einem allgemeinen Rückgang der global verwendeten Prepending-Längen im Laufe der Zeit und damit zu einem sichereren Einsatz der Technik. Wir zeigen jedoch, dass wir dieselben Änderungen ausnutzen können, um Präfix De-Aggregations-Angriffe zu konstruieren welche weit verbreitete Präventionsmechanismen überwinden können. Wir haben unsere Annahmen und unser Angriffsmodell anhand einer realen Testumgebung validiert und Aktualisierungen für bestehende Schutzmechanismen vorgeschlagen. Unsere zweistufige Aufklärungskampagne hat zu einem sichereren Routing-Ökosystem beigetragen