internet wide network studies
play

Internet-Wide Network Studies Previous research has shown promise of - PowerPoint PPT Presentation

Sep 10, 2022 •31 likes •491 views

Fast Internet-Wide Scanning, ZMap Weak Keys and the HTTPS Certificate Ecosystem Zakir Durumeric Michael Bailey University of Michigan ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  1. Fast Internet-Wide Scanning, ZMap Weak Keys and the HTTPS Certificate Ecosystem Zakir Durumeric Michael Bailey University of Michigan ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  2. Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining Ps and Qs: Widespread weak keys in network devices (2012) EFF SSL Observatory: A glimpse at the CA ecosystem (2010) Census and Survey of the Visible Internet (2008) ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  3. Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining Ps and Qs: Widespread weak keys in network devices (2012) 25 hours acoss 25 Amazon EC2 Instances (625 CPU-hours) EFF SSL Observatory: A glimpse at the CA ecosystem (2010) 3 months on 3 Linux desktop machines (6500 CPU-hours) Census and Survey of the Visible Internet (2008) 3 months to complete ICMP census (2200 CPU-hours) ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  4. ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  5. ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  6. What if … ? What if Internet surveys didn’t require heroic effort? What if we could scan the HTTPS ecosystem every day? What if we wrote a whole-Internet scanner from scratch? ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  7. Talk Roadmap ZMap Scanner 1. Philosophy and Architecture of ZMap 2. Characterizing ZMap's Performance Applications of High Speed Scanning 1. Globally Observable Weak Keys 2. Uncovering the CA Ecosystem ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  8. ZMap: The Internet Scanner an open-source tool that can port scan the entire IPv4 address space from just one machine in under 45 minutes with 98% coverage With Zmap, an Internet-wide TCP SYN scan on port 443 is as easy as: $ ¡zmap ¡–p ¡443 ¡–o ¡results.txt ¡ 34,132,693 ¡listening ¡hosts ¡ 97% of gigabit (took ¡44m12s) ¡ Ethernet linespeed ¡ ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  9. ZMap Architecture Existing Network Scanners ZMap Reduce state by scanning in batches Eliminate local per-connection state - Time lost due to blocking - Fully asynchronous components - Results lost due to timeouts - No blocking except for network Track individual hosts and retransmit Shotgun Scanning Approach - Most hosts will not respond - Always send n probes per host Avoid flooding through timing Scan widely dispersed targets - Time lost waiting - Send as fast as network allows Utilize existing OS network stack Probe-optimized Network Stack - Not optimized for immense - Bypass inefficiencies by number of connections generating Ethernet frames ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  10. Addressing Probes How do we randomly scan addresses without excessive state? 1. Scan hosts according to random permutation 2. Iterate over multiplicative group of integers modulo p 5 Ÿ 5 mod 7 = 4 5 4 Negligible State 4 Ÿ 5 mod 7 = 6 1 Ÿ 5 mod 7 = 5 1. Primitive Root 6 1 2. Current Location 3. First Address 3 Ÿ 5 mod 7 = 1 6 Ÿ 5 mod 7 = 2 3 2 2 Ÿ 5 mod 7 = 3 ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  11. 6 1 3 2 Z * 11 7 4 8 1 Generator: 2 9 7 9 8 Z * 11 10 5 6 5 Generator: 7 4 2 10 3 ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  12. Validating Responses How do we validate responses without local per-target state? Encode secrets into mutable fields of probe packets that will have recognizable effect on responses receiver sender Ethernet length data MAC address MAC address sender receiver IP V IHL … data IP address IP address sender receiver sequence ack. TCP … data port port number number ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  13. Validating Responses How do we validate responses without local per-target state? Encode secrets into mutable fields of probe packets that will have recognizable effect on responses receiver sender Ethernet length data MAC address MAC address sender receiver IP V IHL … data IP address IP address sender receiver sequence ack. TCP … data port port number number ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  14. Validating Responses How do we validate responses without local per-target state? Encode secrets into mutable fields of probe packets that will have recognizable effect on responses receiver sender Ethernet length data MAC address MAC address sender receiver IP V IHL … data IP address IP address sender receiver sequence ack. TCP … data port port number number ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  15. Packet Transmission and Receipt How do we make processing probes easy and fast? 1. ZMap framework handles the hard work 2 . Probe modules fill in packet details, interpret responses 3. Output modules allow follow-up or further processing Configuration, Probe Packet Tx Addressing, Generation (raw socket) and Timing Output Response Packet Rx (libpcap) Handler Interpretation ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  16. Talk Roadmap ZMap Scanner 1. Philosophy and Architecture of ZMap 2. Characterizing ZMap's Performance Applications of High Speed Scanning 1. Globally Observable Weak Keys 2. Uncovering the CA Ecosystem ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  17. Scan Rate How fast is too fast? No correlation between hit-rate and scan-rate. Slower scanning does not reveal additional hosts. 1.02 Hitrate 1.01 Hit Rate (percent) 1 0.99 0.98 0.97 0.96 0.95 0.94 1 2 5 1 2 5 1 2 5 7 1 1 1 1 1 m 0 5 0 0 5 0 0 5 0 5 0 1 2 3 4 a 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 i m 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 u 0 0 0 0 0 m Scan Rate (packets per second) ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  18. Coverage Is one probe packet sufficient? 89000 We expect an eventual Hosts Found plateau in responsive 88500 hosts, regardless of 88000 additional probes. Unique Hosts Found 87500 Scan Coverage 87000 Estimated 1 Packet: 97.9% 86500 Ground Truth 2 Packets: 98.8% 86000 3 Packets: 99.4% 85500 85000 0 5 10 15 20 25 30 Unique SYN Packets Sent ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  19. Comparison with Nmap Averages for scanning 1 million random hosts Normalized Duration Est. Internet Coverage (mm:ss) Wide Scan Nmap (1 probe) 81.4% 24:12 62.5 days Nmap (2 probes) 97.8% 45:03 116.3 days ZMap (1 probe) 98.7% 00:10 1:09:35 ZMap (2 probes) 100.0% 00:11 2:12:35 ZMap is capable of scanning more than 1300 times faster than the most aggressive Nmap default configuration (“insane”) Surprisingly, ZMap also finds more results than Nmap ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  20. Probe Response Times Why does ZMap find more hosts than Nmap? 1.0 Response Times 0.8 500 ms CDF of responding hosts 250 ms: < 85% timeout 500 ms: 98.2% 0.6 250 ms timeout 1.0 s: 99.0% 0.4 8.2 s: 99.9% 0.2 0.0 0 0.2 0.4 0.6 0.8 1 response time (seconds) Statelessness leads to both higher performance and increased coverage. ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  21. Talk Roadmap ZMap Scanner 1. Philosophy and Architecture of ZMap 2. Characterizing ZMap's Performance Applications of High Speed Scanning 1. Globally Observable Weak Keys 2. Uncovering the CA Ecosystem ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  22. Uncovering Hidden Services Enumerating Unadvertised Tor Bridges Scanning has potential to uncover unadvertised services We perform a Tor handshake with public IPv4 addresses on port 9001 and 443 We identified 86% of live allocated bridges with a single scan Tor has developed obfsproxy that listens on random ports to count this type of attack ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

  23. ZMap Applications Potential Applications Detect Service Disruptions Track Adoption of Defenses Study Criminal Behavior Security Implications Anonymous Communication Track users between IP leases Snapshot of HTTPS outages caused by Hurricane Sandy ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet

Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet

Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet Connectivity MANET/NEMO integration IPv6 Support on MANET MANET on the Internet Where can MANET be deployed in our daily life?

564 views • 27 slides
WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a

WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a

WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a Global View the Internet is an evolving open system no central point, no typical network or user complexity everywhere: topology, usage

608 views • 13 slides
H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning Vulnerability Mitigation with Internet wide Scanning J. Alex Halderman Mining Your Ps and Qs: Widespread Weak Keys in Network Devices Nadia Heninger, Zakir

640 views • 53 slides
Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday 24 th May, 2019 Chairman: Prof. Dr. Jrg

877 views • 55 slides
ZMap and its Security Applications Zakir Durumeric Eric Wustrow J. Alex Halderman University

ZMap and its Security Applications Zakir Durumeric Eric Wustrow J. Alex Halderman University

Fast Internet-Wide Scanning ZMap and its Security Applications Zakir Durumeric Eric Wustrow J. Alex Halderman University of Michigan ZMap: Fast Internet-Wide Scanning and its Security Applications Internet-Wide Network Studies Previous

655 views • 32 slides
INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the

INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the

INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the collection of huge network that is accessible to everyone and everywhere across the world. It connects millions of computers together globally,

338 views • 8 slides
LoRa Wireless Network for the Internet of Things Content 1) The Internet of Things 2) Low-Power

LoRa Wireless Network for the Internet of Things Content 1) The Internet of Things 2) Low-Power

LoRa Wireless Network for the Internet of Things Content 1) The Internet of Things 2) Low-Power Wide-Area Network (LPWAN) 3) LoRa Architecture Layers Limitations 4) Other LPWAN Technologies 5) Conclusion 2 The Internet of Things

10.73k views • 27 slides
4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and

4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and

4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and the Browser 4.3 What Browsers Can Do for Us 4.4 What is a Website? 4.5 Website Design 4.6 Other Creatures on the Web 4.7 Key Web Software

1.02k views • 97 slides
Mobility Activity in WIDE Keio University/WIDE Ryuji Wakikawa ryuji@sfc.wide.ad.jp Goal of

Mobility Activity in WIDE Keio University/WIDE Ryuji Wakikawa ryuji@sfc.wide.ad.jp Goal of

Mobility Activity in WIDE Keio University/WIDE Ryuji Wakikawa ryuji@sfc.wide.ad.jp Goal of Mobility Society IPv6 AAA IP dynamic network: MANET Internet Technology IP Telephony: VoIP, SIP, ENUM IP Mobility: MIP, NEMO Cell Phone: W-CDMA,

328 views • 17 slides
NETWORKING AND THE INTERNET COMS W1001 Introduction to Information Science Boyi Xie 2

NETWORKING AND THE INTERNET COMS W1001 Introduction to Information Science Boyi Xie 2

1 NETWORKING AND THE INTERNET COMS W1001 Introduction to Information Science Boyi Xie 2 Todays Topics Network Fundamentals The Internet The World Wide Web Internet Protocols Security 3 Network Classifications Size

687 views • 25 slides
Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet

Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet

Lecture 17 CS 134 Spring 2019 Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet service Autonomous system (AS) is a provider (ISP) local network collection of IP networks under control of a

643 views • 25 slides
wide side of the Internet why 1/x distribu4on is so

wide side of the Internet why 1/x distribu4on is so

wide side of the Internet why 1/x distribu4on is so prevalent in Internet data? the spo:er team S. Laki Physics of Complex Systems P.

360 views • 24 slides
BUILDING A GLOBAL INTERNET OF THINGS NETWORK TOGETHER AGENDA LoRa 1 How it started 2

BUILDING A GLOBAL INTERNET OF THINGS NETWORK TOGETHER AGENDA LoRa 1 How it started 2

BUILDING A GLOBAL INTERNET OF THINGS NETWORK TOGETHER AGENDA LoRa 1 How it started 2 Building a global network Use Cases 3 How to join 4 5 Long Range Wide Area Network WIRELESS COMMUNICATION Suitable for Spotjfy, Netglix, Suitable

1.45k views • 29 slides
Internet Observation with N-TAP: how it works and what it does Kenji Masui

Internet Observation with N-TAP: how it works and what it does Kenji Masui

10th CAIDA/WIDE Workshop - 1st CAIDA/WIDE/CASFI Workshop (2008-08-16) Internet Observation with N-TAP: how it works and what it does Kenji Masui kmasui@gsic.titech.ac.jp WIDE Project / Tokyo Institute of Technology Internet Observation with

309 views • 17 slides
Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet

Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet

CS 134 Winter 2018 Lecture 16 Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet service Autonomous system (AS) is a provider (ISP) collection of IP networks under control local network of a single

769 views • 54 slides
A Whirlwind Introduction to the Internet Internet Structure: Network of Networks Overview mobile

A Whirlwind Introduction to the Internet Internet Structure: Network of Networks Overview mobile

A Whirlwind Introduction to the Internet Internet Structure: Network of Networks Overview mobile network Whats the Internet Roughly Hierarchical At center: tier-1 ISPs (e.g., UUNet, Level 3, Sprint, AT&amp;T), Network

953 views • 25 slides
Lets start by Refreshing Memories In reminiscence of a time, when we were striving to built

Lets start by Refreshing Memories In reminiscence of a time, when we were striving to built

Lets start by Refreshing Memories In reminiscence of a time, when we were striving to built computation devices from technical modules with defined functions to perform complex operations In reminiscence of a time after that, when we

755 views • 27 slides
Crowd Production, Peer Production CS 278 | Stanford University | Michael Bernstein Last time

Crowd Production, Peer Production CS 278 | Stanford University | Michael Bernstein Last time

Crowd Production, Peer Production CS 278 | Stanford University | Michael Bernstein Last time Crowdsourcing: an open call to a large group of people who self- select to participate Crowds can be surprisingly intelligent, if opinions are

475 views • 46 slides
Segment-based Multiple Sequence Alignment T . Rausch, A.-K. Emde, D. Weese, A. Dring, C.

Segment-based Multiple Sequence Alignment T . Rausch, A.-K. Emde, D. Weese, A. Dring, C.

Knut Reinert May 2009 Segment-based Multiple Sequence Alignment T . Rausch, A.-K. Emde, D. Weese, A. Dring, C. Notredame and K. Reinert Knut Reinert 25.5.2009 (based on slides from Tobias Rausch) Algorithmische Bioinformatik Monday, May

423 views • 41 slides
Taintless Defeating taint-powered protection techniques Abbas Naderi (aka AbiusX) Mandana

Taintless Defeating taint-powered protection techniques Abbas Naderi (aka AbiusX) Mandana

Taintless Defeating taint-powered protection techniques Abbas Naderi (aka AbiusX) Mandana Bagheri Shahin Ramezany Covered Topics y Before We Begin Taintless While you obtain the tools and get ready, well Describing the

465 views • 45 slides
A Corporate Environment That Supports Healthy Lifestyles Deborah Napier, MS, CHES Gulf Power /

A Corporate Environment That Supports Healthy Lifestyles Deborah Napier, MS, CHES Gulf Power /

A Corporate Environment That Supports Healthy Lifestyles Deborah Napier, MS, CHES Gulf Power / Southern Company Why would you want to have a healthy community in the first place? Because it is a prerequisite for sustainable profitability

484 views • 16 slides
Beep, beep! Technology coming through (the Writing Centre) Jordana Garbati, PhD Haydn Lawrence

Beep, beep! Technology coming through (the Writing Centre) Jordana Garbati, PhD Haydn Lawrence

Beep, beep! Technology coming through (the Writing Centre) Jordana Garbati, PhD Haydn Lawrence Boba Samuels Inkshed May 28, 2014 Our goal: To increase engagement with technology to better serve the Laurier community Our challenges:

631 views • 34 slides
In this video Bearing the weight on the top of the head Shoulder strengtheners Core

In this video Bearing the weight on the top of the head Shoulder strengtheners Core

In this video Bearing the weight on the top of the head Shoulder strengtheners Core strengtheners Stretches and openers Bearing weight on head Walk feet in bring hips over shoulders bear weight on the top of the head

356 views • 6 slides
Hierarchical Modeling CS418 Computer Graphics John C. Hart Build a Robot glPushMatrix();

Hierarchical Modeling CS418 Computer Graphics John C. Hart Build a Robot glPushMatrix();

Hierarchical Modeling CS418 Computer Graphics John C. Hart Build a Robot glPushMatrix(); glPushMatrix(); glScalef(1.0,2.0,1.0); glutSolidCube(2.0); glPopMatrix(); glTranslatef(1.25,2,0.0); glRotatef(shoulder,0,0,1); glPushMatrix();

1.4k views • 38 slides

More recommend