detecting routing anomalies using ripe atlas
play

Detecting routing anomalies using RIPE Atlas Todor Yakimov Graduate - PowerPoint PPT Presentation

Dec 08, 2022 •541 likes •723 views

Detecting routing anomalies using RIPE Atlas Todor Yakimov Graduate School of Informatics University of Amsterdam Wednesday, February 5, 2014 Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 1 / 17

  1. Detecting routing anomalies using RIPE Atlas Todor Yakimov Graduate School of Informatics University of Amsterdam Wednesday, February 5, 2014 Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 1 / 17

  2. What are routing anomalies? Introduction What are routing anomalies? Incapability of packet delivery to legitimate destinations Delivery of packets to a wrong destination Why do they occur? Out of innocent mis-configurations or bugs Government spying or Internet censorship Malicious attackers seeking blackholing, impersonation, interception Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 2 / 17

  3. What is used to detect such anomalies? Introduction Interior gateway protocol (IGP) environments: All data is under the same administrative control Core tools: ping, traceroute, dig Other tools: Icinga, Nagios Exterior Gateway protocol (EGP) environments: Datasets part of different administrative domains Regional Internet Registries (RIR) Remote Route Collectors(RRC), formerly RouteViews RIR Internet numbering assignments datasets Internet Routing Registry (IRR) - RIPE NCC, NTT, Level3, Merit network Tools: Cyclops, PHAS, ARGUS Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 3 / 17

  4. Research questions Introduction Main ”Is it possible to detect filtering, MitM(Man-in-the-Middle) routing attacks, eavesdropping or simply routing policy changes by using RIPE Atlas’s historical archives or by using newly-defined active measurements?” ”What other datasets are needed to complement data obtained from RIPE Atlas in the process of accurately detecting the aforementioned Internet routing anomalies?” Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 4 / 17

  5. RIPE Atlas system specification The largest Internet measurement network Public access, everyone can use every probe More than 4800 probes Latest probes are TP-LINK TL-MR3020 1901 IPv4 ASNs covered (4.125%) 139 countries covered (68.137%) Centralized reservation, scheduling and storage of measurements IPv4/6 Measurement tools ping traceroute dig openssl curl(upcoming) Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 5 / 17

  6. RIPE Atlas system specification GUI for easy usage REST API for robust probe selection and measurement specification Automatic alerts for ongoing measurement (upcoming) Usage limitations - measurements cost credits (hosting probes generate) No more than 175K credits per day Max. 500 probes per measurement No more than 10 ongoing UDMs towards the same target Delay in reserving probes and starting measurements Slight offset in a measurements’ interval Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 6 / 17

  7. Experiment 1 partial results Internet censorship DNS blocking Traffic blackholing Experiment specification Determine blocking of torrent and news websites - ThePiratebay, TorrentFreak, LiveJournal Approximately 1800 EU probes from unique prefixes used No results with local resolvers considered Traceroute(ICMP echo) to URL Experiment detection mechanisms DNS IN A record does not match ip/prefix of website Probe IP, DNS server IP and last-hop IP are from the same ASN Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 7 / 17

  8. Experiment 1 ThePirateBay.org filtering Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 8 / 17

  9. Experiment 2: De-bogonising address space ranges De-bogonised IP ranges - previously reserved IPv4 ranges get released and distributed by IANA to RIRs for further assignment RIRs first launch debogon projects Control-plane implication analysis: BGP beacons Data-plane implication analysis: background radiation monitoring Latest(and last) distributed /8 IPv4 ranges in 2011: APNIC - [36, 39, 42, 49, 101, 103, 106]/8 RIPE NCC - 185/8 Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 9 / 17

  10. Experiment 2: De-bogonising address space ranges Experiment setup Approximately 3100 world-wide probes used from unique prefixes Ping as measurement Each probes pings both the de-bogonised prefix and another prefix from the same ASN and geo location 12 hours scanning of single, currently announced subprefix Subprefixes still advertised by RIRs ASNs with provided pingable targets Pings 20 minute apart from each probe to target prefix Pings 60 minute apart from each probe to reference point Successful reachability test: At least one ping reply from host in de-bogonised range At lest one ping reply from reference host Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 10 / 17

  11. Experiment 2a partial results Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 11 / 17

  12. Prefix hijacking detection Discarded measurements Each test had 28-115 probes incapable of reaching either host Type 3 replies filtered (if in one set, removed from both) Type 0, 11 considered Results - probes incapable of reaching de-bogonised prefix 103.1.0.0/22: Probe 12007 (AS45050 HI-MEDIA France) 128.0.0.0/16: None! 185.1.0.1/24: Probe 12007 185.2.136.0/22: Probes 156 (AS51127 LNET-AS GER), 12007 185.24.0.1/24: Probes 156, 3892 (AS50473 ECO-AS RU), 4532 (ASN2818 BBC UK), 12007 Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 12 / 17

  13. Prefix hijacking Falsifying BGP advertisements with the purpose of establishing blackholing, imposture or interception for a given prefix. BGP MOAS or subMOAS conflicts for AS PATH advertisements with invalid origin No MOAS or subMOAS as invalid transit Keeping a valid route to original prefix destination forms a MitM attack! Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 13 / 17

  14. Prefix hijacking Data-plane detection Monitoring network location Measuring path disagreement with traceroute to target prefix and a reference point Best detection systems use a hybrid approach by correlating control- and data-plane monitoring With data-usage limitations, one really needs to know what to look for Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 14 / 17

  15. Experimet 3: Prefix hijacking Experiment setup Monitored prefix: OS3 Traceroute measurement Approximately 1200 world-wide probes from unique ASNs used Unique ASNs ASNn not part of SURFnet’s immediate peers Reference point OS3 BSR SURFnet uplink neighbor Hijack simulation: own home probe with more-specific static routes Experiment results: data sufficient to detect both network location change and path disagreement Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 15 / 17

  16. Conclusion RIPE Atlas is a robust tool for measuring network anomalies Combined with other RIPEStat data, sophisticated vantage point selection is possible Large-scale measurement ease of use Large-scale measurement scheduling does not suffer too big offsets/delays The credit limitations of the system simply makes impossible certain tasks Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 16 / 17

  17. Questions Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 17 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

RIPE Atlas ! Robert Kisteleki ! RIPE NCC Science Group ! robert@ripe.net ! Introduction " RIPE

RIPE Atlas ! Robert Kisteleki ! RIPE NCC Science Group ! robert@ripe.net ! Introduction " RIPE

RIPE Atlas ! Robert Kisteleki ! RIPE NCC Science Group ! robert@ripe.net ! Introduction " RIPE Atlas: " There are many Atlases, this is RIPE Atlas RIPE Atlas " A prototype system for a next generation Internet measurement

629 views • 30 slides
RIPE Atlas Tools for Operators and IXPs Michela Galante RIPE NCC 24 May 2017 | LACNIC 27 | Foz

RIPE Atlas Tools for Operators and IXPs Michela Galante RIPE NCC 24 May 2017 | LACNIC 27 | Foz

RIPE Atlas Tools for Operators and IXPs Michela Galante RIPE NCC 24 May 2017 | LACNIC 27 | Foz do Iguau Overview Introduction to RIPE Atlas Use cases IXP Country Jedi New: TraceMON How to take part in RIPE Atlas RIPE

732 views • 47 slides
Measuring DNSSEC using RIPE Atlas Kaveh Ranjbar RIPE NCC RIPE Atlas Coverage RIPE Atlas 2

Measuring DNSSEC using RIPE Atlas Kaveh Ranjbar RIPE NCC RIPE Atlas Coverage RIPE Atlas 2

Measuring DNSSEC using RIPE Atlas Kaveh Ranjbar RIPE NCC RIPE Atlas Coverage RIPE Atlas 2 DNSSEC Workshop, ICANN 51 - October 2014 RIPE Atlas Coverage RIPE Atlas 3 DNSSEC Workshop, ICANN 51 - October 2014 Measurement Devices RIPE Atlas

468 views • 18 slides
RIPE Atlas Highlights (and more) Robert Kisteleki RIPE NCC Science Division At a Glance RIPE

RIPE Atlas Highlights (and more) Robert Kisteleki RIPE NCC Science Division At a Glance RIPE

RIPE Atlas Highlights (and more) Robert Kisteleki RIPE NCC Science Division At a Glance RIPE Atlas Highlights 2 Better UIs and APIs Probe tagging New measurement types Data streaming Anchors Other Bits: locality checks,

337 views • 21 slides
Open-sourcing RIPE Atlas Vesna Manojlovic (Presented by Philip Homburg) 30 January 2016 |

Open-sourcing RIPE Atlas Vesna Manojlovic (Presented by Philip Homburg) 30 January 2016 |

Open-sourcing RIPE Atlas Vesna Manojlovic (Presented by Philip Homburg) 30 January 2016 | FOSDEM Overview Introduction to RIPE & the RIPE NCC What is RIPE Atlas? Open-sourced RIPE Atlas tools How to take part in the RIPE

492 views • 28 slides
RIPE Atlas ICANN meeting 2014, Singapore ! ccTLD Tech Day RIPE and RIPE NCC ! ! ! ! ! ! !

RIPE Atlas ICANN meeting 2014, Singapore ! ccTLD Tech Day RIPE and RIPE NCC ! ! ! ! ! ! !

RIPE Atlas ICANN meeting 2014, Singapore ! ccTLD Tech Day RIPE and RIPE NCC ! ! ! ! ! ! ! ! ! ! ! ! RIPE Network Coordination Centre Rseaux IP Europens Started in 1992 Started in 1989 Not-for-profit

372 views • 24 slides
Benefits of Using RIPE Routing Registry and Related RIPE NCC Tools TELFOR, 24 November 2004

Benefits of Using RIPE Routing Registry and Related RIPE NCC Tools TELFOR, 24 November 2004

Benefits of Using RIPE Routing Registry and Related RIPE NCC Tools TELFOR, 24 November 2004 Vesna Manojlovic RIPE NCC Training Services TELFOR, November 2004, Belgrade . RIPE Routing Registry . 1 http://www.ripe.net/ Overview Intro:

593 views • 40 slides
Using the RIPE Atlas API for Measuring IPv6 Reachability Vesna Manojlovic Community Builder for

Using the RIPE Atlas API for Measuring IPv6 Reachability Vesna Manojlovic Community Builder for

Using the RIPE Atlas API for Measuring IPv6 Reachability Vesna Manojlovic Community Builder for Measurement Tools BECHA@ripe.net / @Ms_Multicolor BalCCoN 2014 | Novi Sad 1 Overview 2 Short intro to RIPE, RIPE NCC What is IPv6 &

906 views • 74 slides
Lessons Learned From Using the RIPE Atlas Platform for Measurement Research RIPE 68, Warsaw

Lessons Learned From Using the RIPE Atlas Platform for Measurement Research RIPE 68, Warsaw

Lessons Learned From Using the RIPE Atlas Platform for Measurement Research Lessons Learned From Using the RIPE Atlas Platform for Measurement Research RIPE 68, Warsaw Vaibhav Bajpai, Steffie Jacob Eravuchira, Jrgen Schnwlder

351 views • 15 slides
World IPv6 Launch and RIPE Atlas traceroute6 Visualisation Bert Wijnen bwijnen@ripe.net

World IPv6 Launch and RIPE Atlas traceroute6 Visualisation Bert Wijnen bwijnen@ripe.net

World IPv6 Launch and RIPE Atlas traceroute6 Visualisation Bert Wijnen bwijnen@ripe.net (presenter) Emile Aben emile.aben@ripe.net Rene Wilhelm wilhelm@ripe.net Robert Kisteleki robert@ripe.net TREX Workshop 2012 14 September 2012 RIPE NCC

384 views • 19 slides
Welcome to the Routing wg at RIPE 72 Joo Damas Rob Evans Agenda A. Welcome 00:05 Thanks

Welcome to the Routing wg at RIPE 72 Joo Damas Rob Evans Agenda A. Welcome 00:05 Thanks

Welcome to the Routing wg at RIPE 72 Joo Damas Rob Evans Agenda A. Welcome 00:05 Thanks to the scribe, jabber scribe and stenographer. Reminder of microphone etiquette. Minutes from RIPE 71. B. Appointment of new co-chair. 00:05 C.

58 views • 5 slides
A practical comparison between RIPE Atlas and ProbeAPI Cristin Varas Speedchecker Ltd.

A practical comparison between RIPE Atlas and ProbeAPI Cristin Varas Speedchecker Ltd.

A practical comparison between RIPE Atlas and ProbeAPI Cristin Varas Speedchecker Ltd. Outline Introduction Hardware (Atlas) vs. Software Probes (ProbeAPI) Coverage Measurements (ICMP) Conclusion Questions? Atlas

567 views • 20 slides
Participating in RIPE Policy Development RIR Bottom-up Model Rules POLICIES RIPE NCC LIRs

Participating in RIPE Policy Development RIR Bottom-up Model Rules POLICIES RIPE NCC LIRs

Participating in RIPE Policy Development RIR Bottom-up Model Rules POLICIES RIPE NCC LIRs PDP WGs RIPE Community Mailing Lists / RIPE Meetings 2 Working Groups Address Policy IPv6 Routing RIPE NCC Services Database

90 views • 6 slides
Welcome to the Routing wg at RIPE 74 Joo Damas, Paolo Moroni Agenda A. Welcome. 5

Welcome to the Routing wg at RIPE 74 Joo Damas, Paolo Moroni Agenda A. Welcome. 5

Welcome to the Routing wg at RIPE 74 Joo Damas, Paolo Moroni Agenda A. Welcome. 5 Thanks to the scribe, jabber scribe and stenographer. Microphone etiquette. Minutes from RIPE 73. B. IRR Filtering at IXP Route Servers. 30 Erik

264 views • 4 slides
Quantifying Interference between Measurements on the RIPE Atlas platform Thomas Holterbach

Quantifying Interference between Measurements on the RIPE Atlas platform Thomas Holterbach

Quantifying Interference between Measurements on the RIPE Atlas platform Thomas Holterbach Cristel Pelsser Laurent Vanbever Randy Bush Research and Applications of Internet Measurements Saturday, 31 October 2015 Yokohama, Japan The RIPE

399 views • 15 slides
Countries, IXPs and RIPE Atlas Emile Aben | 2016-02 | AIMS workshop - San Diego RIPE Atlas

Countries, IXPs and RIPE Atlas Emile Aben | 2016-02 | AIMS workshop - San Diego RIPE Atlas

Countries, IXPs and RIPE Atlas Emile Aben | 2016-02 | AIMS workshop - San Diego RIPE Atlas emile.aben@ripe.net | AIMS - Sun Diego | 2016-02 2 Coverage For Countries Some countries well covered, others not so much Can we create

590 views • 16 slides
Concepts and Materials Needs for Condition-Monitoring Sensors J. E. (Jim) Hardy Leader, Sensor

Concepts and Materials Needs for Condition-Monitoring Sensors J. E. (Jim) Hardy Leader, Sensor

Concepts and Materials Needs for Condition-Monitoring Sensors J. E. (Jim) Hardy Leader, Sensor and Instrument Research Group Oak Ridge National Laboratory 17 th Annual Conference on Fossil Energy Materials April 24, 2003 Outline of

433 views • 24 slides
Managing Soil Moisture Using a Portable Soil Moisture Probe If you dont measure it, you cant

Managing Soil Moisture Using a Portable Soil Moisture Probe If you dont measure it, you cant

Managing Soil Moisture Using a Portable Soil Moisture Probe If you dont measure it, you cant manage it U.S. Golf Course Water Consumption Water is an increasingly valuable resource Amount used 2.1 billion gallons of water per

856 views • 48 slides
Welcome to Hydronix Defining the Standard for Microwave Moisture Measurement www.hydronix.com 1

Welcome to Hydronix Defining the Standard for Microwave Moisture Measurement www.hydronix.com 1

Welcome to Hydronix Defining the Standard for Microwave Moisture Measurement www.hydronix.com 1 An Introduction to Hydronix Hydronix design, manufacture and sell microwave moisture measurement and control equipment Industry leader

1.2k views • 74 slides
Updating dynamic origin- destination matrices using observed link travel speed by probe vehicles

Updating dynamic origin- destination matrices using observed link travel speed by probe vehicles

Updating dynamic origin- destination matrices using observed link travel speed by probe vehicles Toshiyuki Yamamoto, Tomio Miwa, Tomonori Takeshita and Takayuki Morikawa Nagoya Univ. Background P-DRGS (Probe-based dynamic route guidance

501 views • 16 slides
SB&WRC Project Facility Presentation Sheet: Brighton Waste House Pilot Site April 2019 1.

SB&WRC Project Facility Presentation Sheet: Brighton Waste House Pilot Site April 2019 1.

B SB&WRC Project Facility Presentation Sheet: Brighton Waste House Pilot Site April 2019 1. Presentation of the facility Figure 1: The Waste House (pilot site for prototype 2) in Brighton. Figure 2: Left: Typical wall section before it was

244 views • 9 slides
Accessing Data in the Cloud Using SAS to read data from Amazon Simple Storage Service (S3)

Accessing Data in the Cloud Using SAS to read data from Amazon Simple Storage Service (S3)

Accessing Data in the Cloud Using SAS to read data from Amazon Simple Storage Service (S3) seleritysas.com What is Amazon Simple Storage Service (S3)? An object store, not a file system Write once, read many (WORM) Eventually

343 views • 12 slides
HexPADS: a platform to detect stealth attacks Mathias Payer (@gannimo), Purdue University

HexPADS: a platform to detect stealth attacks Mathias Payer (@gannimo), Purdue University

HexPADS: a platform to detect stealth attacks Mathias Payer (@gannimo), Purdue University http://hexhive.github.io Deployed defenses focus on memory corruption (c) AP Photo/RIA Novosti, Alexei Druzhinin, Government Press Service (c)

317 views • 18 slides
Manage your analyses workflows with the drake R package Grenoble R Users Group Xavier Laviron

Manage your analyses workflows with the drake R package Grenoble R Users Group Xavier Laviron

Manage your analyses workflows with the drake R package Grenoble R Users Group Xavier Laviron December 6, 2018 A data analysts job 1/23 A data analysts job 2/23 A data analysts job 3/23 A data analysts job 4/23 A data

321 views • 31 slides

More recommend