Top

Published in:

2019 | OriginalPaper | Chapter

Hidden Treasures – Recycling Large-Scale Internet Measurements to Study the Internet’s Control Plane

Authors : Jan Rüth, Torsten Zimmermann, Oliver Hohlfeld

Published in: Passive and Active Measurement

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Internet-wide scans are a common active measurement approach to study the Internet, e.g., studying security properties or protocol adoption. They involve probing large address ranges (IPv4 or parts of IPv6) for specific ports or protocols. Besides their primary use for probing (e.g., studying protocol adoption), we show that—at the same time—they provide valuable insights into the Internet control plane informed by ICMP responses to these probes—a currently unexplored secondary use. We collect one week of ICMP responses (637.50M messages) to several Internet-wide ZMap scans covering multiple TCP and UDP ports as well as DNS-based scans covering >50% of the domain name space. This perspective enables us to study the Internet’s control plane as a by-product of Internet measurements. We receive ICMP messages from \(\sim \)171M different IPs in roughly 53K different autonomous systems. Additionally, we uncover multiple control plane problems, e.g., we detect a plethora of outdated and misconfigured routers and uncover the presence of large-scale persistent routing loops in IPv4.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Realtime Mobile Bandwidth Prediction Using LSTM Neural Network

next chapter Caching the Internet: A View from a Global Multi-tenant CDN

Please note that we do not have a fully IPv6-capable measurement infrastructure and thus focus on IPv4 only.

To reduce the capture size, our packet capture caps packets at 98 byte allowing no further investigation, we find 67% having the maximum capture size.

With reachable we actually mean not unreachable, i.e., we do not get ICMP unreachable messages, which must not mean that this host was reached by the scan.

This is basically a precaution against bad load balancers traded against the required TTL.

Our dataset excludes TTL exceeded messages generated by these traceroutes.

Augustin, B., et al.: Avoiding traceroute anomalies with Paris traceroute. In: ACM IMC (2006)

Baker, F.: Requirements for IP Version 4 Routers. RFC 1812, RFC Editor (1995)

Bano, S., et al.: Scanning the internet for liveness. SIGCOMM CCR 48(2), 2–9 (2018)CrossRef

Braden, R.: Requirements for Internet Hosts - Communication Layers. RFC 1122, RFC Editor (1989)

Cisco: IP Routing Frequently Asked Questions. https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/28745-44.html#qa5

Cisco Systems, Inc.: Cisco IOS XR MPLS: mpls ip-ttl-propagate (2014). https://www.cisco.com/c/en/us/td/docs/routers/xr12000/software/xr12k_r4-1/mpls/command/reference/b_mpls_cr41xr12k/b_mpls_cr41xr12k_chapter_010.html#wp2864846713

Custura, A., Fairhurst, G., Learmonth, I.: Exploring usable Path MTU in the Internet. In: IFIP Network Traffic Measurement and Analysis Conference (2018)

Donnet, B., Luckie, M., Mérindol, P., Pansiot, J.-J.: Revealing MPLS Tunnels obscured from traceroute. SIGCOMM CCR 42(2), 87–93 (2012)CrossRef

Durumeric, Z., et al.: The matter of heartbleed. In: ACM IMC (2014)

10.

Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: USENIX Security (2013)

11.

Edeline, K., Kühlewind, M., Trammell, B., Donnet, B.: copycat: Testing differential treatment of new transport protocols in the wild. In: Proceedings of the Applied Networking Research Workshop (ANRW) (2017)

12.

Finn, G.G.: A connectionless congestion control algorithm. SIGCOMM CCR 19(5), 12–31 (1989)CrossRef

13.

Floyd, S.: TCP and explicit congestion notification. SIGCOMM CCR 24(5), 8–23 (1994)MathSciNetCrossRef

14.

Francois, P., Bonaventure, O.: Avoiding transient loops during the convergence of link-state routing protocols. IEEE/ACM Trans. Netw. 15, 1280–1292 (2007)CrossRef

15.

Gill, S.: ICMP redirects are ba’ad, mkay? Technical report, Team Cymru Inc. (2002)

16.

Gont, F.: ICMP Attacks Against TCP. RFC 5927, RFC Editor (2010)

17.

Gont, F.: Deprecation of ICMP Source Quench Messages. RFC 6633, RFC Editor (2012)

18.

Graham, R.: MASSCAN: Mass IP Port Scanner (2018). https://github.com/robertdavidgraham/masscan

19.

Guo, H., Heidemann, J.: Detecting ICMP rate limiting in the internet. In: Beverly, R., Smaragdakis, G., Feldmann, A. (eds.) PAM 2018. LNCS, vol. 10771, pp. 3–17. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76481-8_1CrossRef

20.

Hengartner, U., Moon, S., Mortier, R., Diot, C.: Detection and analysis of routing loops in packet traces. In: ACM SIGCOMM Workshop on Internet Measurement (2002)

21.

Hewlett Packard: HP-UX - Serviceguard A.11.19 on HP-UX 11.31: Source Quench Seen for Every IPMON Ping. https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02190964

22.

Rüth, J., Zimmermann, T., Hohlfeld, O.: ICMP Dataset and Tools (2018). https://icmp.netray.io

23.

Johnson, D.: Finding all the elementary circuits of a directed graph. SIAM J. Comput. 4(1), 77–84 (1975)MathSciNetCrossRef

24.

Juniper Networks, Inc.: no-propagate-ttl - TechLibrary - Juniper Networks (2017). https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/no-propagate-ttl-edit-protocols-mpls.html

25.

Lone, Q., Luckie, M., Korczyński, M., van Eeten, M.: Using loops observed in traceroute to infer the ability to spoof. In: Kaafar, M.A., Uhlig, S., Amann, J. (eds.) PAM 2017. LNCS, vol. 10176, pp. 229–241. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54328-4_17CrossRef

26.

Malone, D., Luckie, M.: Analysis of ICMP quotations. In: Uhlig, S., Papagiannaki, K., Bonaventure, O. (eds.) PAM 2007. LNCS, vol. 4427, pp. 228–232. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71617-4_24CrossRef

27.

Nokia: Router Configuration Guide Release 15.0.R5. https://infoproducts.alcatel-lucent.com/cgi-bin/dbaccessfilename.cgi/3HE11976AAACTQZZA01_V1_7450%20ESS%207750%20SR%207950%20XRS%20and%20VSR%20Router%20Configuration%20Guide%20R15.0.R5.pdf

28.

Postel, J.: Internet Control Message Protocol. RFC 792, RFC Editor (1981)

29.

Reynolds, J., Postel, J.: Assigned Numbers. RFC 1700, RFC Editor (1994)

30.

Rüth, J., Bormann, C., Hohlfeld, O.: Large-scale scanning of TCP’s initial window. In: ACM IMC (2017)

31.

Rüth, J., Poese, I., Dietzel, C., Hohlfeld, O.: A first look at QUIC in the wild. In: Beverly, R., Smaragdakis, G., Feldmann, A. (eds.) PAM 2018. LNCS, vol. 10771, pp. 255–268. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76481-8_19CrossRef

32.

Sridharan, A., Moon, S., Diot, C.: On the correlation between route dynamics and routing loops. In: ACM IMC (2003)

33.

Varvello, M., Schomp, K., Naylor, D., Blackburn, J., Finamore, A., Papagiannaki, K.: Is the web HTTP/2 yet? In: Karagiannis, T., Dimitropoulos, X. (eds.) PAM 2016. LNCS, vol. 9631, pp. 218–232. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30505-9_17CrossRef

34.

Wang, F., Qiu, J., Gao, L., Wang, J.: On understanding transient interdomain routing failures (2009)

35.

Xia, J., Gao, L., Fei, T.: Flooding attacks by exploiting persistent forwarding loops. In: ACM IMC (2005)

36.

Xia, J., Gao, L., Fei, T.: A measurement study of persistent forwarding loops on the internet. Comput. Netw. 51, 4780–4796 (2007)CrossRef

37.

Zimmermann, T., Rüth, J., Wolters, B., Hohlfeld, O.: How HTTP/2 pushes the web: an empirical study of HTTP/2 server push. In: IFIP Networking Conference (2017)

Title: Hidden Treasures – Recycling Large-Scale Internet Measurements to Study the Internet’s Control Plane
Authors: Jan Rüth
Torsten Zimmermann
Oliver Hohlfeld
Publisher: Springer International Publishing
Book: Passive and Active Measurement
Print ISBN: 978-3-030-15985-6

Electronic ISBN: 978-3-030-15986-3

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-15986-3_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner