How asymmetric is the internet? A study to reinforce the use of Traceroute

Similar documents
How asymmetric is the Internet?

HOW ASYMMETRIC IS THE INTERNET? MASTER THESIS

On the Diversity, Stability and Symmetry of End-to-End Internet Routes

DailyCatch: A Provider-centric View of Anycast Behaviour

MAPPING PEERING INTERCONNECTIONS TO A FACILITY

MAPPING PEERING INTERCONNECTIONS TO A FACILITY

Updates and Case Study

TTM AS-level Traceroutes

Anycast vs. DDoS: Evaluating Nov. 30

BROAD AND LOAD-AWARE ANYCAST MAPPING WITH VERFPLOETER

Analysis of Country-wide Internet Outages Caused by Censorship

Understanding the Efficacy of Deployed Internet Source Address Validation Filtering

Internet Measurements. Motivation

A New Path Probing Strategy for Inter-domain Multicast Routing

Two days in The Life of The DNS Anycast Root Servers

Computer Science 461 Final Exam May 22, :30-3:30pm

IP Spoofer Project. Observations on four-years of data. Rob Beverly, Arthur Berger, Young Hyun.

Understanding Internet Path Failures: Location, Characterization, Correlation

Anatomy of a Large European IXP


Internet Path Stability: Exploring the Impact of MPLS. Zakaria Al-Qudah, PhD. Yarmouk University April 2, 2015

Software Systems for Surveying Spoofing Susceptibility

AS Connectedness Based on Multiple Vantage Points and the Resulting Topologies

Measuring Internet development in Africa from a content use, hosting and distribution perspective

Recursives in the Wild: Engineering Authoritative DNS Servers

TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS

BGP Route Stability. Alexander Asimov Highload Lab

Sibyl A Practical Internet Route Oracle

Efficient Topology Discovery for African NRENs

Quantifying Internet End-to-End Route Similarity

Software Systems for Surveying Spoofing Susceptibility

Characterizing the Deployment and Performance of Multi-CDNs

Cell Spotting: Studying the Role of Cellular Networks in the Internet. John Rula. Fabián E. Bustamante Moritz Steiner 2017 AKAMAI FASTER FORWARD TM

Server Selection Mechanism. Server Selection Policy. Content Distribution Network. Content Distribution Networks. Proactive content replication

Measuring and Modeling the Adoption of IPv6

Updates and Analyses

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

On characterizing BGP routing table growth

A MEASUREMENT STUDY ON CO-RESIDENCE THREAT INSIDE THE CLOUD

Security Enhanced Dynamic Routing using Quasigroups Mr. K.J. Pavithran Kumar 1 and Mr. D. Vivekananda Reddy 2

The Spoofer Project Inferring the Extent of Source Address Filtering on the Internet

3/10/2011. Copyright Link Technologies, Inc.

Inline DDoS Protection versus Scrubbing Center Solutions. Solution Brief

APPLYING the concept of location-awareness to the Internet

draft-moura-dnsop-authoritativerecommendations-03

CSCI 1680 Computer Networks Fonseca. Exam - Midterm. Due: 11:50am, 15 Mar Closed Book. Maximum points: 100

Primitives for Active Internet Topology Mapping: Toward High-Frequency Characterization

Unicast Reverse Path Forwarding Loose Mode

Configuring Unicast RPF

Collaborative Verification of Forward and Reverse Reachability in the Internet Data Plane

RIPE NCC Technical Services. Kaveh Ranjbar, Chief Information Officer

Data Intensive Science Impact on Networks

Understanding Network Delay Changes Caused by Routing Events

Interdomain Routing (plus Transport Wrapup) Tom Anderson

Internet Anycast: Performance, Problems and Potential

NT1210 Introduction to Networking. Unit 9:

Unicast Routing in Mobile Ad Hoc Networks. Dr. Ashikur Rahman CSE 6811: Wireless Ad hoc Networks

IPv6 World View and World IPv6 Day A global view of IPv6 commercial readiness

Stable Internet Route Selection

Shortcuts through Colocation Facilities

RealNet: A Topology Generator Based on Real Internet Topology

IPv6 a new protocol a new routing table. LACNIC XI, May 29, 2008, Salvador, Brazil Iljitsch van Beijnum

Quantifying Routing Asymmetry in the Internet at the AS Level

QoS-Aware Hierarchical Multicast Routing on Next Generation Internetworks

MITIGATION OF DENIAL OF SERVICE ATTACK USING ICMP BASED IP TRACKBACK. J. Gautam, M. Kasi Nivetha, S. Anitha Sri and P. Madasamy

Studying Black Holes on the Internet with Hubble

A Look at Router Geolocation in Public and Commercial Databases

Lecture 6: Overlay Networks. CS 598: Advanced Internetworking Matthew Caesar February 15, 2011

Understanding the measuring and characteristics of quantitative data on Internet traffic: The socio-technical view

Cloud DNS Phone: (877)

Various Anti IP Spoofing Techniques

1 Connectionless Routing

IT220 Network Standards & Protocols. Unit 9: Chapter 9 The Internet

On the Characteristics of BGP Routes

Cloudflare Advanced DDoS Protection

network security s642 computer security adam everspaugh

On inferring regional AS topologies

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

Harnessing Internet Topological Stability in Thorup-Zwick Compact Routing

Measuring the Global Routing Table

Testing the reachability of (new) address space

BGP-4 Protocol Patterns and Their Impact on QoS Behavior

Internet measurements: topology discovery and dynamics. Renata Teixeira MUSE Team Inria Paris-Rocquencourt

Inter-domain routing validator based spoofing defence system

Is Explicit Congestion Notification usable with UDP? Stephen McQuistin and Colin Perkins

On Routing Table Growth

iplane Nano: Path Prediction for Peer-to-Peer Applications

Characterisation of the Kelihos.B Botnet

Network Maps beyond Connectivity

RAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with

Data Plane Protection. The googles they do nothing.

Illegitimate Source IP Addresses At Internet Exchange Points

Measuring IPv6 Adoption in Africa

Reverse Traceroute. NSDI, April 2010 This work partially supported by Cisco, Google, NSF

SENSS Against Volumetric DDoS Attacks

J. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering

Super Fast Packet Filtering with ebpf and XDP Helen Tabunshchyk, Systems Engineer, Cloudflare

Understanding the effect of streaming overlay construction on AS level traffic

Layer-1 Informed Internet Topology Measurement

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Transcription:

How asymmetric is the internet? A study to reinforce the use of Traceroute Wouter de Vries and José Jair Santanna Design and Analysis of Communication Systems

Introduction What is the purpose? Toward the mitigation of DDoS attacks Which networks does a DDoS pass through Mitigate the attack as close to the source as possible 2/23

Introduction What is the purpose? (2) Low intensity A SRC 1 SRC 2 SRC 3 1 2 3 Medium intensity 5 6 High intensity 7 V SRC 4 4 A = Attacker SRCn= Source of traffic n = Autonomous System V = Victim 3/23

Why on the Level? Advantages VS Disadvantages 4/23

Introduction - Problem Measuring the reverse path of an attacker is less trivial than it seems Path can be, and often is, asymmetric[1][2][3] [1] Y. He, M. Faloutsos, S. Krishnamurthy, and B. Huffaker, On routing asymmetry in the Internet, in Global Telecommunications Conference, 2005. GLOBECOM 05. IEEE, vol. 2, Nov. 2005 [2] Y. He, M. Faloutsos, and S. V. Krishnamurthy, Quantifying routing asymmetry in the Internet at the level. in GLOBECOM. IEEE, 2004 [3] Y. Schwartz, Y. Shavitt, and U. Weinsberg, On the Diversity, Stability and Symmetry of End-to- End Internet Routes, in INFOCOM IEEE Conference on Computer Communications Workshops, 2010 5/23

Introduction Research question How asymmetric is the internet? Expectation: The internet is more symmetric near the source and target More similar IP_A 1 2 n-1 n IP_B IP_A 1 2 n-1 n IP_B Less similar 6/23

Methodology Large scale measurements, using RIPE Atlas 4000 out of 7000* probes located worldwide 2000 pairs of probes to measure paths between Thanks to RIPE Atlas our UDM limit was greatly increased *Approximately 7/23

Selected probe distribution Pairs randomly selected 8/23

Methodology Pairs Continent Probe count Fraction Europe 2.681 67,03% North America 724 18,10% Asia 267 6,68% Africa 157 3,93% Oceania 109 2,73% Others 62 1,55% Total 4.000 100% 9/23

Experiment setup Traceroute Two measurements every three hours per pair Ten days 80 samples per pair 160.000 measurements 5.256.138 records ~1 gigabyte 10/23

Analysis Determining N BGP Routing tables (Provided by RIS/RIPE) Process to list of IP-range/N tuples Use binary tree to quickly match IP address to N with longest prefix matching 11/23

Analysis Determining N (2) Tool to process binary BGP routing table http://bit.ly/xxrsxd Tool to build a list of IP-range/N tuples http://bit.ly/1tjdott Input Output 130.89.15.74 1133;University Twente IP N Description 12/23

Number of paths Results Path length on the level 60000 50000 40000 30000 20000 10000 5 hops 24% 4 hops 17% 6 hops 19% Other 26% 7 hops 14% 0 1 2 3 4 5 6 7 8 9 10 Number of hops in path 4 5 6 7 Other 13/23

Results The numbers 119.550 measured network paths 2.275 unique Autonomous Systems in total 1.717 contain probes 12.6% (15.053) of pairs are symmetric 14/23

Results Change of path over time Compare paths from A to B over time Determine Levenshtein distance to make two paths equal Compare each path to first path For example path from A to B with 1 insert/delete/change operation IP_A 1 2 3 4 5 IP_B IP_A 1 2 3 5 IP_B 15/23

Edit Distance Results Change of path over time (2) 0.14 Levenshtein 0.12 0.1 0.08 0.06 0.04 0 24 48 72 96 120 144 168 192 216 Time since first measurement (hours) 240 Network paths barely change over time* 16/23

Results Equal Consecutive Hops Count number of Equal Consecutive Hops (ECH) from left to right and right to left. Group by path length First and last hop are always equal 2 + 1 = 3 Consecutive equal hops IP_A 1 2 3 4 5 IP_B IP_A 1 2 6 7 5 IP_B 17/23

Equal consecutive hops (ECH) Results Equal Consecutive Hops (2) 3 Best case Measurement Worst case 2.5 2 1.5 1 0.5 # Samples Std. Dev. ECH 2 792 0 0 3 8164 0.498 0,27 4 20.038 0,733 0,58 5 27.870 1,013 0,79 6 23.442 1,299 1,05 7 17.223 1,492 1,2 0 2 3 4 5 6 7 Path length One extra chance to mitigate DDoS attacks 18/23

Results Equality by position Compare hop in forward path to the one in the same position in reverse path Either equal (1) or not equal (0) Average per position IP_A 1 2 3 4 5 IP_B IP_A 1 6 3 7 5 IP_B 19/23

Average equality Results Equality by position (2) Path length 4 5 6 7 1 0.95 0.9 0.85 0.8 0.75 0.7 0.65 0.6 0.55 0 1 Position in path High chance to have equal hops 20/23

Conclusion Internet is mostly asymmetric Paths barely change over time At least one more chance to mitigate DDoS attacks Replace with relevant figure 21/23

Data Measurements are available publicly http://bit.ly/1qmvfgn 22/23

Questions? Comments are also allowed (despite the large question mark)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback