challenges in inferring spoofed traffic at ixps
play

Challenges in Inferring Spoofed Traffic at IXPs Matthew Luckie - PowerPoint PPT Presentation

Mar 10, 2024 •226 likes •1.05k views

Challenges in Inferring Spoofed Traffic at IXPs Matthew Luckie Bradley Huffaker Lucas Mller University of Waikato CAIDA/UC San Diego UFRGS/CAIDA Kc Claffy Marinho Barcellos CAIDA/UC San Diego UFRGS/University of Waikato ACM CoNEXT

  1. Challenges in Inferring Spoofed Traffic at IXPs Matthew Luckie Bradley Huffaker Lucas Müller 
 University of Waikato CAIDA/UC San Diego UFRGS/CAIDA Kc Claffy Marinho Barcellos CAIDA/UC San Diego UFRGS/University of Waikato ACM CoNEXT 2019 — Orlando, Florida, U.S.A. December 9-12, 2019

  2. Broader visibility of networks that 
 do not filter spoofed packets 2

  3. Consequences: 
 spoofed denial-of-service (DoS) attacks 3

  4. Consequences: 
 spoofed denial-of-service (DoS) attacks 3

  5. Consequences: 
 spoofed denial-of-service (DoS) attacks 3

  6. Consequences: 
 spoofed denial-of-service (DoS) attacks 3

  7. IP Spoofing Architectural limitation that provides an attacker with the ability to send packets using spoofed source IP addresses IPv4 header 4

  8. IP Spoofing Architectural limitation that provides an attacker with the ability to send packets using spoofed source IP addresses IPv4 header IETF introduced Best Current Practices (BCPs) recommending that networks block these packets — i.e., implement 
 Source Address Validation (SAV) 4

  9. IP Spoofing Architectural limitation that provides an attacker with the ability to send packets using spoofed source IP addresses IPv4 header IETF introduced Best Current Practices • Compliance with these filtering practices (BCPs) recommending that networks has misaligned incentives block these packets — i.e., implement 
 • Deploying SAV is primarily for the benefit Source Address Validation (SAV) of other networks 4

  10. Remediation and Policy Interventions 5

  11. Remediation and Policy Interventions We need to identify networks lacking SAV deployment, but doing this is challenging at Internet scale 5

  12. Remediation and Policy Interventions We need to identify networks lacking SAV deployment, but doing this is challenging at Internet scale • Definitive method requires an active probing vantage point in each network being tested 5

  13. Remediation and Policy Interventions We need to identify networks lacking SAV deployment, but doing this is challenging at Internet scale • Definitive method requires an active probing vantage point in each network being tested • ~65K independently routed networks CAIDA's 2017 visualization of IPv4 Internet topology at the Autonomous System (AS) level 5

  14. Remediation and Policy Interventions We need to identify networks lacking SAV deployment, but doing this is challenging at Internet scale • Definitive method requires an active probing vantage point in each network being tested • ~65K independently routed networks • Limited feasibility for a comprehensive assessment of Internet spoofing CAIDA's 2017 visualization of IPv4 Internet topology at the Autonomous System (AS) level 5

  15. Remediation and Policy Interventions We need to identify networks lacking SAV deployment, but doing this is challenging at Internet scale • Definitive method requires an active probing vantage point in each network being tested • ~65K independently routed networks • Limited feasibility for a comprehensive assessment of Internet spoofing 700+ Internet Exchange Points (IXP) [PeeringDB, 2019] Broader visibility may lie in the capability to infer lack of SAV compliance from aggregated Internet traffic data 6

  16. our goal design and develop a methodology 
 to identify spoofed traffic crossing an IXP and infer lack of SAV 7

  17. 8

  18. Contributions 9

  19. Contributions 1. Challenges Provide detailed analysis of methodological challenges for inferring spoofed packets at IXPs 9

  20. Contributions 1. Challenges 2. Methodology Provide detailed analysis of Developed a methodology methodological challenges to classify flows, navigating for inferring spoofed through all challenges packets at IXPs identified 9

  21. Contributions 3. Observations 
 1. Challenges 2. Methodology and Lessons Provide detailed analysis of Developed a methodology Used our methodology and methodological challenges to classify flows, navigating compare it with the 
 for inferring spoofed through all challenges state-of-the-art[1] at 
 packets at IXPs identified an IXP in Brazil, 
 reporting our findings [1] Lichtblau et al. Detection, Classification, and Analysis of Inter-domain Traffic with Spoofed Source IP Addresses. In: ACM IMC, 2017. 9

  22. Bird’s Eye View 10

  23. Bird’s Eye View IXP traffic flow data and topology information 10

  24. Bird’s Eye View IXP traffic flow data and valid IP address space topology information per Autonomous System (AS) 10

  25. Bird’s Eye View IXP traffic flow data and valid IP address space topology information per Autonomous System (AS) Classification Pipeline Methodology list of networks with and without SAV, with evidence to support 10

  26. Challenges: Pieces of the Puzzle 11

  27. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space 11

  28. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space - there is no global registry that contains ground truth 11

  29. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space - there is no global registry that contains ground truth - need to infer the set of valid source addresses 
 11

  30. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space - there is no global registry that contains ground truth - need to infer the set of valid source addresses 
 2. Tackle IXP Topology and Traffic Visibility Properties 11

  31. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space - there is no global registry that contains ground truth - need to infer the set of valid source addresses 
 2. Tackle IXP Topology and Traffic Visibility Properties - understand modern IXP interconnection practices 11

  32. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space - there is no global registry that contains ground truth - need to infer the set of valid source addresses 
 2. Tackle IXP Topology and Traffic Visibility Properties - understand modern IXP interconnection practices - implications on visibility of both topology and traffic 11

  33. 1. Identify Valid Source Address Space IP Address 
 Space 12

  34. 1. Identify Valid Source Address Space IP Address 
 Space IETF Reserved 
 Usable Bogons 12

  35. 1. Identify Valid Source Address Space IP Address 
 Space IETF Reserved 
 Usable Bogons Routed Unassigned 12

  36. 1. Identify Valid Source Address Space IP Address 
 Space IETF Reserved 
 Usable Bogons Routed Unassigned Inferred based on BGP data and 
 the links established by each AS 12

  37. 1. Identify Valid Source Address Space IP Address 
 Space IETF Reserved 
 Usable Bogons Routed Unassigned Inferred based on BGP data and 
 Customer Cones the links established by each AS Define the set of ASes a given AS can reach through its customers 12

  38. 2. Tackle IXP Topology and Traffic Visibility Properties Focus on understanding operational complexities of the vantage point AS64505 Prefix-level Customer Cone 168.228.252.0/22 200.17.80.0/20 200.132.59.0/24 200.236.32.0/19 200.19.0.0/21 200.238.0.0/18 IXP … 13.32.136.2/23 52.216.180/24 75.2.82.0/24 161.38.206.0/23 216.137.62.0/24 … Amazon’s AS Prefix-level Customer Cone 13

  39. 2. Tackle IXP Topology and Traffic Visibility Properties Focus on understanding operational complexities of the vantage point AS64505 Prefix-level Customer Cone 168.228.252.0/22 200.17.80.0/20 200.132.59.0/24 200.236.32.0/19 200.19.0.0/21 200.238.0.0/18 IXP … 13.32.136.2/23 52.216.180/24 75.2.82.0/24 161.38.206.0/23 216.137.62.0/24 … Amazon’s AS Prefix-level Customer Cone 13

  40. 2. Tackle IXP Topology and Traffic Visibility Properties IXP switching fabric #X Legend: Core Switch Switch 14

  41. 2. Tackle IXP Topology and Traffic Visibility Properties IXP switching fabric #X Legend: CF #1 Core Switch CF #2 Switch Physical connection CF: Colocation Facility CF #3 CF #4 15

  42. 2. Tackle IXP Topology and Traffic Visibility Properties IXP switching fabric #X Legend: CF #1 Core Switch CF #2 Switch AS A AS B Physical connection AS C AS D Physical connection and VLAN configured to neighbor CF: Colocation Facility Autonomous AS Z System CF #3 CF #4 16

  43. 2. Tackle IXP Topology and Traffic Visibility Properties IXP switching fabric #X Legend: CF #1 Core Switch CF #2 Switch AS A AS B Physical connection AS C AS D Physical connection and VLAN configured AS E to neighbor AS F Res J CF: Colocation Facility AS G AS H Autonomous AS Z Res Z Reseller System CF #3 CF #4 Reseller-Tag: Stacked VLAN (IEEE 802.1q, QinQ) IXP-Tag: 17

  44. 2. Tackle IXP Topology and Traffic Visibility Properties IXP switching fabric #X Legend: CF #1 Core Switch CF #2 Switch AS A AS B Physical connection AS C AS D Physical connection and VLAN configured AS E to neighbor AS F Res J CF: Colocation Facility AS G AS H Autonomous AS Z Res Z Reseller System CF #3 CF #4 Reseller-Tag: Stacked VLAN (IEEE 802.1q, QinQ) IXP-Tag: IXP switching fabric #Y CF #5 Core Switch CF #6 AS E 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Challenges in Inferring Spoofed Traffic at IXPs Lucas Mller, Matthew Luckie, Bradley

Challenges in Inferring Spoofed Traffic at IXPs Lucas Mller, Matthew Luckie, Bradley

Challenges in Inferring Spoofed Traffic at IXPs Lucas Mller, Matthew Luckie, Bradley Huffaker, Kc Claffy, Marinho Barcellos {lfmuller, marinho}@inf.ufrgs.br Federal University of Rio Grande do Sul (INF/UFRGS) Center for Applied

404 views • 28 slides
Detection, Classification, and Analysis of Inter-Domain Traffic with Spoofed Source IP Addresses

Detection, Classification, and Analysis of Inter-Domain Traffic with Spoofed Source IP Addresses

1.13k views • 64 slides
Route Servers, Mergers, Features, and More. Integration of IXPs.

Route Servers, Mergers, Features, and More. Integration of IXPs.

Route Servers, Mergers, Features, and More. Integration of IXPs. Route Server challenges Chris Malayter cmalayter@equinix.com What drives a RS integra6on? Two IXs merging into

433 views • 17 slides
Is Anybody Home? Inferring Activity from Smart Home Network Traffic Bogdan Copos Matt Bishop

Is Anybody Home? Inferring Activity from Smart Home Network Traffic Bogdan Copos Matt Bishop

Is Anybody Home? Inferring Activity from Smart Home Network Traffic Bogdan Copos Matt Bishop Karl Levitt Jeff Rowe University of California, Davis 1 / 21 2 / 21 3 / 21 4 / 21 Security Many things can go wrong... malicious firmware

803 views • 36 slides
Past, Present, and Future of Spoofed-source IP Packets Paul Vixie Chairman and Founder Internet

Past, Present, and Future of Spoofed-source IP Packets Paul Vixie Chairman and Founder Internet

Past, Present, and Future of Spoofed-source IP Packets Paul Vixie Chairman and Founder Internet Systems Consortium Overview IP Spoofing: the root of most evil DNS RRL: radical DDoS opt-out Spoofed Source Attacks: Essence attacker

335 views • 14 slides
Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs

Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs

Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs 78 affjliated members 54 IXPs in the Euro-IX region, 49 countries, operating over 100 peering LANs 24 IXPs from the rest of the world

326 views • 21 slides
The potential and challenges of inferring thermal comfort at home using commodity sensors

The potential and challenges of inferring thermal comfort at home using commodity sensors

The potential and challenges of inferring thermal comfort at home using commodity sensors Chuan-Che (Jeff) Huang Rayoung Yang Mark W. Newman Understand the connection between psychological and physiological factors You seem to feel cool,

770 views • 57 slides
IXPS and Peering in the Caribbean Growing the Caribbean Digital Economy Global Context By 2020,

IXPS and Peering in the Caribbean Growing the Caribbean Digital Economy Global Context By 2020,

Presenter: Bevil M. Wooding Caribbean Outreach Manager, Packet Clearing House IXPS and Peering in the Caribbean Growing the Caribbean Digital Economy Global Context By 2020, smartphones will generate 30% of total IP traffic Global broadband

365 views • 18 slides
National legal frameworks for establishment of IXPs Sofie Maddens The Internet Society 11

National legal frameworks for establishment of IXPs Sofie Maddens The Internet Society 11

National legal frameworks for establishment of IXPs Sofie Maddens The Internet Society 11 November 2014 What is an IXP An Internet Exchange Point (IXP) is a physical location where different IP networks meet to exchange traffic (switch,

715 views • 18 slides
CHALLENGES IN INFERRING INTERNET CONGESTION USING THROUGHPUT TESTS Amogh Dhamdhere

CHALLENGES IN INFERRING INTERNET CONGESTION USING THROUGHPUT TESTS Amogh Dhamdhere

CHALLENGES IN INFERRING INTERNET CONGESTION USING THROUGHPUT TESTS Amogh Dhamdhere amogh@caida.org with Srikanth Sundaresan (Princeton) Danny Lee (Georgia Tech) Xiaohong Deng, Yun Feng (UNSW) 1 w w w . cai da. or In the Press

570 views • 54 slides
GeoEcho: Inferring User Interests from Geotag Reports in Network Traffic Ning Xia (Northwestern

GeoEcho: Inferring User Interests from Geotag Reports in Network Traffic Ning Xia (Northwestern

GeoEcho: Inferring User Interests from Geotag Reports in Network Traffic Ning Xia (Northwestern University) Stanislav Miskovic (Narus Inc.) Mario Baldi (Narus Inc.) Aleksandar Kuzmanovic (Northwestern University) Antonio Nucci (Narus Inc.)

418 views • 19 slides
High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges & Approaches Security: Challenges & Approaches C-DAC Asia-Pacific Advanced Network 32 nd Meeting, India Habitat Centre, New Delhi APAN 32nd Meeting,

647 views • 28 slides
Foxfield Traffic Committee IDENTIFY TRAFFIC CHALLENGES AND FORMULATE SOLUTIONS BASED ON EXTENSIVE

Foxfield Traffic Committee IDENTIFY TRAFFIC CHALLENGES AND FORMULATE SOLUTIONS BASED ON EXTENSIVE

Foxfield Traffic Committee IDENTIFY TRAFFIC CHALLENGES AND FORMULATE SOLUTIONS BASED ON EXTENSIVE RESEARCH AND FEEDBACK FROM RESIDENTS PRESENT RECOMMENDATION TO FOXFIELD BOARD OF TRUSTEES COMMUNITY PRESENTATION ON AUGUST 23, 2018 1 Foxfield

533 views • 28 slides
On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies

On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies

On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies Internet Routing Policies Feng Wang Lixin Gao Department of Electrical and Computer Engineering University of Massachusetts, Amherst MA 01002, USA 1

450 views • 18 slides
What are the threats at IXPs and how to protect your Internet architecture? Raphael Maunier

What are the threats at IXPs and how to protect your Internet architecture? Raphael Maunier

What are the threats at IXPs and how to protect your Internet architecture? Raphael Maunier raphael@acorus.net @rmaunier What are the threats at IXPs and how to protect your Internet architecture? Why using IXPs to protect your Internet

552 views • 21 slides
SAFETY ISSUE #8 Santa Cruz Traffic & Bike Lanes Reconfiguration Solution Challenges no

SAFETY ISSUE #8 Santa Cruz Traffic & Bike Lanes Reconfiguration Solution Challenges no

SAFETY ISSUE #8 Santa Cruz Traffic & Bike Lanes Reconfiguration Solution Challenges no bike lanes no guidance for vehicles & cyclists at Y no mans land at Y Limited width of SCA (64) High Traffic Volume - especially at Peak

571 views • 9 slides
Payload Integration What is a payload A payload can be anything from a small electronics box to

Payload Integration What is a payload A payload can be anything from a small electronics box to

Payload Integration What is a payload A payload can be anything from a small electronics box to a satellite. Payloads include satellites of all sizes, cameras, scientific instruments, communications equipment, sensors, and others. Payload

398 views • 15 slides
Living on the Edge Phase Transitions in Convex Programs with Random Data Joel A. Tropp

Living on the Edge Phase Transitions in Convex Programs with Random Data Joel A. Tropp

Living on the Edge Phase Transitions in Convex Programs with Random Data Joel A. Tropp Michael B. McCoy Computing + Mathematical Sciences California Institute of Technology Joint with Dennis Amelunxen and Martin Lotz (Manchester)

494 views • 36 slides
Lectures on Lorentzian causality ESI-EMS-IAMP Summer School on Mathematical Relativity Gregory J.

Lectures on Lorentzian causality ESI-EMS-IAMP Summer School on Mathematical Relativity Gregory J.

Lectures on Lorentzian causality ESI-EMS-IAMP Summer School on Mathematical Relativity Gregory J. Galloway Department of Mathematics University of Miami August 4, 2014 Contents 1 Lorentzian manifolds 4 2 Futures and pasts 17 3 Achronal

831 views • 66 slides
Competitive Routing on a Bounded-Degree Plane Spanner Prosenjit Bose, Rolf Fagerberg, Andr e

Competitive Routing on a Bounded-Degree Plane Spanner Prosenjit Bose, Rolf Fagerberg, Andr e

Competitive Routing on a Bounded-Degree Plane Spanner Prosenjit Bose, Rolf Fagerberg, Andr e van Renssen and Sander Verdonschot Carleton University, University of Southern Denmark August 4, 2012 Sander Verdonschot (Carleton University)

690 views • 58 slides
Output Perception Colour models Managing output 1 Human Elements of Graphical Output

Output Perception Colour models Managing output 1 Human Elements of Graphical Output

Output Perception Colour models Managing output 1 Human Elements of Graphical Output Psychophysics: out there vs. in here Relationship between external stimuli and internal sensations Temporal and spatial resolution Vision

702 views • 29 slides
Lecture 2 Convex Set CK Cheng Dept. of Computer Science and Engineering University of

Lecture 2 Convex Set CK Cheng Dept. of Computer Science and Engineering University of

CSE203B Convex Optimization Lecture 2 Convex Set CK Cheng Dept. of Computer Science and Engineering University of California, San Diego 1 Convex Optimization Problem: min 0 Subject to , = 1,

363 views • 32 slides
Adaptive Approximation for Multivariate Linear Problems with Inputs Lying in a Cone Fred J.

Adaptive Approximation for Multivariate Linear Problems with Inputs Lying in a Cone Fred J.

Adaptive Approximation for Multivariate Linear Problems with Inputs Lying in a Cone Fred J. Hickernell Department of Applied Mathematics Center for Interdisciplinary Scientific Computation Illinois Institute of Technology hickernell@iit.edu

440 views • 30 slides
Computer Graphics - The Human Visual System - Hendrik Lensch Computer Graphics WS07/08 Human

Computer Graphics - The Human Visual System - Hendrik Lensch Computer Graphics WS07/08 Human

Computer Graphics - The Human Visual System - Hendrik Lensch Computer Graphics WS07/08 Human Visual System Overview Last time Antialiasing Super-Sampling Today The Human Visual System The eye Early vision

534 views • 50 slides

More recommend