Characterization and Measurement of TCP. TCP Traversal Through NATs. Firewalls

Transcription

1 Characterization and Measurement of TCP Traversal Through s and Firewalls, Paul Francis Cornell University IMC 2005

2 P2P connectivity through s Bob New inbound flows cannot be routed

3 P2P connectivity through s?? Bob New inbound flows cannot be routed

4 P2P connectivity through s I am I am Bob Bob Basic solution for UDP

5 P2P connectivity through s Bob is :2 is : Bob Basic solution for UDP

6 P2P connectivity through s?? Bob Basic solution for UDP

7 P2P connectivity through s Bob Basic solution for UDP

8 P2P connectivity through s Bob Basic solution for UDP

9 P2P connectivity through s SYN?? Bob TCP establishment more complex

10 P2P connectivity through s SYNACK Bob TCP establishment more complex

11 Context for this work Invented traversal presumed impossible UDP traversal solved and standardized [Kegel] TCP traversal presumed impossible 04 TCP traversal solved (2 approaches) [Guha] 05 2 more approaches [Ford, Biggadike] Approaches evaluated [Guha] TCP traversal standardized

12 Context for this work 92 Invented 4 approaches traversal presumed impossible Many trade-offs UDP traversal solved - and sensitivity standardized [Kegel] Ease of Implementation TCP traversal presumed impossible - Ease of Deployment 04 TCP traversal solved (2 approaches) [Guha] 05 2 more approaches [Ford, Biggadike] Approaches evaluated [Guha] TCP traversal standardized

13 Context for this work 92 Invented Contributions: traversal presumed impossible - Characterization UDP traversal solved and standardized [Kegel] Measurements TCP traversal presumed impossible 04 TCP traversal solved -(2 Guidelines approaches) [Guha] 05 2 more approaches [Ford, Biggadike] - Standardization 05 Approaches evaluated [Guha] 06 TCP traversal standardized

14 Take away Results TCP can be established between ed peers Works an estimated 85% 90% of the time today 100% for certain popular, well-behaved s All s could standardize to this

15 P2P TCP Establishment Bob is :2 is : Bob Use Rendezvous Service

16 P2P TCP Establishment SYN?? Bob Use Rendezvous Service

17 P2P TCP Establishment time SYN?? Bob Punch hole using connect/close/bind/listen

18 P2P TCP Establishment time SYN?? Bob close() bind() listen() Punch hole using connect/close/bind/listen

19 P2P TCP Establishment time SYN?? Bob close() bind() listen() SYN Accept incoming connection

20 P2P TCP Establishment time SYN?? Bob close() bind() listen() SYN SYNACK ACK Accept incoming connection

21 P2P TCP Establishment time SYN?? Bob RST?? SYN What if: returns RST, closes hole

22 P2P TCP Establishment time SYN?? Bob SYN RST What if: rejects SYN through hole

23 P2P TCP Establishment time SYN (low TTL) Bob SYN (low TTL) Variation: low-ttl SYN

24 P2P TCP Establishment time SYN (low TTL) Bob SYN (low TTL) SYNACK SYNACK ACK Variation: low-ttl SYN, spoof SYNACK

25 P2P TCP Establishment time SYN (low TTL) Bob SYN (low TTL) SYNACK SYNACK ACK Variation: low-ttl SYN, RAW SYNACK

26 P2P TCP Establishment time SYN (low TTL) Bob SYN (low TTL) SYNACK SYNACK ACK What if: blocks outgoing SYNACK

27 Recap 4 approaches 16 variants (mix and match) Many trade-offs Some sensitive to s behavior Some hard to implement Some hard to deploy Measurement study to determine how well each works in practice

28 Methodology Implemented all approaches Lessons learned in the paper Cause of failure for 16 brands of s Linksys, DLink, Netgear, Belkin, axis of classification Classified ( 100) s in the wild Extrapolated for world-wide behavior Brand share market analysis

29 Axes of Classification Binding: Type Delta Hairpin Overloading Max Flows Predictable Preservation: Port Number Low High Dynamic Parity Sequential Packet Mangling: TCP Data ICMP Data TCP Sequence IP TTL Filters: SYN SYN SYN SYN ICMP2 SYN SYN ICMP11 SYNACK SYN (known IP) SYN RST SYN SYN SYNACK SYN ICMP2 SYNACK Estd. SYN SYN ICMP11 SYN SYN RST SYNACK SYN SYNACK Timers: SYN-SENT Established Timed-Wait RST

30 Axes of Classification Binding: Type Delta Hairpin Overloading Max Flows Predictable Preservation: Port Number Low High Dynamic Parity Sequential Packet Mangling: TCP Data ICMP Data TCP Sequence IP TTL Filters: SYN SYN SYN SYN ICMP2 SYN SYN ICMP11 SYNACK SYN (known IP) SYN RST SYN SYN SYNACK SYN ICMP2 SYNACK Estd. SYN SYN ICMP11 SYN SYN RST SYNACK SYN SYNACK Timers: SYN-SENT Established Timed-Wait RST

31 Port Prediction I am is :1 SYN Same Port? Bob Problem: What port did SYN come from?

32 Port Prediction Classification Port: 1037 Port: 6501 NB:Independent

33 Port Prediction Classification Port: 1037 Port: 6501 NB:Independent

34 Port Prediction Classification Port: 1037 Port: 6501 to Bob predicted: 6501 NB:Independent

35 Port Prediction Classification Port: 1037 Port: NB:Delta

36 Port Prediction Classification Port: 1037 Port: to Bob predicted: 6505 NB:Delta

37 Port Prediction Rob Classification Port: 1037 Port: to Bob wrongly predicted: 6505 NB:Delta

38 Port Prediction Classification Port: 1024 Port: NB:Random

39 Projected Success Race Cond. low-ttl No port pred. Port pred. No Race Success Rate (%) STUNT Spoof STUNT Plain Blaster P2P TCP traversal succeeds 85%-90% (estd.)

40 Projected Success Success Rate (%) STUNT Spoof STUNT Plain Blaster P2P 1. STUNT Spoof Hard to deploy 2. STUNT Plain Best Option 3. Blaster Fails on WinXP SP2 4. P2P Fails on WinXP and earlier

41 Software Traversal Library JAVA implementation available Encrypted tunnel application Classification software Windows, Linux versions available

42 Future Work Wide-scale testing Implement in bittorrent, swarmcast,... Standardize TCP Behavior IETF BEHAVE Working Group I-D: draft-hoffman-behave

43 Related Issues IPv6... Transition will require v4 v6 s Firewalls... Will persist even with IPv6 Universal Plug-and-Play (UPnP)... Off by default

44 Summary TCP Traversal works! 85%-90% today, 100% soon For P2P developers: Application guidelines TCP traversal library For vendors: Standards document checking software