ipv4 reverse measurements
play

IPv4 reverse measurements Mattijs Jonker Introduction Over fjve - PowerPoint PPT Presentation

Aug 05, 2023 •204 likes •392 views

IPv4 reverse measurements Mattijs Jonker Introduction Over fjve years ago, we started with an idea: Can we measure (large parts) of the global DNS on a daily basis? This idea led to the OpenINTEL project (Rafgaele presented the

  1. IPv4 reverse measurements Mattijs Jonker

  2. Introduction Over fjve years ago, we started with an idea: ● “Can we measure (large parts) of the global DNS on a daily basis?” This idea led to the OpenINTEL project ● (Rafgaele presented the gist of it earlier today) IN-ADDR.ARPA. is part of the global DNS, amirite? ● In this talk, I will discuss: ● – The (very recent) addition of reverse v4 measurements – Why, how 2020-02-26 OpenINTEL AIMS-KISMET 2020 2/18

  3. Reverse DNS 101 Reverse DNS maps IP addresses to names ● … using a reversed IP address as name e.g., 192.168.1.15 becomes 15.1.168.192.in-addr.arpa. Name space managed by IANA and the RIRs ● Delegated to address space holders when the address space ● is assigned 2020-02-26 OpenINTEL AIMS-KISMET 2020 3/18

  4. Why measure? Check consistency with forward DNS -- especially for e-mail ● reverse and forward DNS mapping must be consistent (part of MTA authentication) Provides visibility into cloud infrastructures and network ● infrastructural elements, e.g.: – Names refmecting in which data centres clouds VPSes are hosted – Names of router interfaces [Chabarek13, Hufgaker14] Gain insight in address space usage ● 2020-02-26 OpenINTEL AIMS-KISMET 2020 4/18

  5. How we perform our measurements The measurement process involves two stages ● 1. Active measurement 2. Streaming and persisting data 2020-02-26 OpenINTEL AIMS-KISMET 2020 5/18

  6. Stage I: main measurement We want to measure effjciently -- fjrst fjnd parts of the name ● space that are actually delegated Intuition: perform SOA and NS queries for /8, /16 and /24 ● levels (in IPv4) to fjnd delegation points Yields one of the following: ● – Delegation point – Empty non-terminal response (RFC 8020) -- indicating no delegation exists, but names exist below – NXDOMAIN -- there are no names below 2020-02-26 OpenINTEL AIMS-KISMET 2020 6/18

  7. Stage I: main measurement Adapted existing OpenINTEL measurement code ● Goal: one measurement every 24h ● Challenge: do not overload authoritative servers with queries ● Solution: ● – Randomize measurement – Monitor traffjc for the fjrst few measurement runs 2020-02-26 OpenINTEL AIMS-KISMET 2020 7/18

  8. Stage I: main measurement We use a similar trick to ZMap, that is: leverage properties of ● a group of prime order Need a permutation over 256 and 65536 possibilities for our ● implementation (to randomise individual labels in an IPv4 reverse name and to randomise /16 blocks sent to worker nodes respectively) 2020-02-26 OpenINTEL AIMS-KISMET 2020 8/18

  9. Stage I: main measurement We adapted Duane Wessels' dnstop to track query loads and ● report average and maximum queries per second Result: average upstream loads very reasonable (maxing out ● around the 100 queries/second on average) Modifjed code: https://github.com/rijswijk/dnstop ● 2020-02-26 OpenINTEL AIMS-KISMET 2020 9/18

  10. Stage II: storage and persistence Data is persisted in HDFS ● allowing batch-based, analyses – We stream the data to a Kafka cluster ● enabling stream-based analysis – Will clone data to CAIDA (WIP) ● Stage II: data streaming, enrichment & persistence Kafka cluster Measurement Persist “Stream” additional & zonefjles (HDFS) CAIDA clone data data (Avro) Other data sources geo- Hadoop pfx2as ... Ofg-site location SDSC cluster archival (Swift) (tape) 2020-02-26 OpenINTEL AIMS-KISMET 2020 10/18

  11. What do we have, in simple numbers Started measuring February 17, 2020 ● ⋅ This adds approx 1.1 10 9 data points each day (SOA, NS, PTR) ● 45% increase w.r.t. what we were already getting daily ● 2020-02-26 OpenINTEL AIMS-KISMET 2020 11/18

  12. Which data do we share This type of data: not yet ● No real obstacles ● Should probably think of how? and not whom with? ● 2020-02-26 OpenINTEL AIMS-KISMET 2020 12/18

  13. Case study: forward-confjrmed rDNS Checked, for our “forward” active DNS data, which IP ● addresses are forward confjrmed 1.1M / 6.08M [18%] are ● 2020-02-26 OpenINTEL AIMS-KISMET 2020 13/18

  14. Case study: multi PTR 2020-02-26 OpenINTEL AIMS-KISMET 2020 14/18

  15. Case study: multi PTR dig +tcp -t ptr 71.184.197 .146.in-addr.arpa @208.67 .222.222 2020-02-26 OpenINTEL AIMS-KISMET 2020 15/18

  16. Cast study: Amazon EC2 2020-02-26 OpenINTEL AIMS-KISMET 2020 16/18

  17. Future work Verify consistency against existing work by CAIDA (Young ● Hyun) Check missing empty non-terminals on name servers that do ● not conform to RFC 8020 Make data public: comments, thoughts? ● 2020-02-26 OpenINTEL AIMS-KISMET 2020 17/18

  18. Questions ? 2020-02-26 OpenINTEL AIMS-KISMET 2020 18/18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool IPv4 with NAT/Tunnels But we can use IPv4 and NAT or Tunnels!!! Yeah, right IPv6 IPv6 Readiness Laptops, pads, mobile phones, dongles,

477 views • 19 slides
IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4 exhaustion (link to RIRs and highlight relevant trends for your region) Regional Internet Authorities are in various phases of IPv4 exhaustion

486 views • 13 slides
Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4

Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4

Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4 space 4.294.967.296 IP addresses (not all of them are usable) It seems a lot of space, right? But the world population is almost 7 billion

201 views • 16 slides
IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life

IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life

IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life Cycle Events ARIN Runout RIPE Inter-RIR Transfers /8s come to market IPv6 Adoption 2 Factors Affecting Pricing # OF IP TRANSFERS

223 views • 8 slides
IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There are 4,294,967,296 IPv4 addresses (32 bits long) but not all of them can be used Looks like a lot, right? But... World popula)on currently stands

501 views • 27 slides
Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4 addresses have 32 bits only not enough for 1 IP address per person dynamic IPs, NAT, Manual configuration time consuming (in larger

655 views • 16 slides
SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36, London, January 2017 Incremental IPv6 deployment in DC IPv4-only IPv4-only + IPv6 via NAT/proxy/etc Dual-stacked public frontend, IPv4 BE Full

550 views • 15 slides
Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

802.16 IP Telephony Lab Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr. Quincy Wu solomon@ipv6.club.tw Graduate Institute of Communication Engineering National Chi Nan University 1 1

943 views • 77 slides
Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible with IPv4. Alain Durand The Internet must support continued, un-interrupted growth regardless of IPv4 address availability DISCLAIMER:

614 views • 17 slides
Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic ac7vity Geoff Huston APNIC February 2012 The IPv4 Table: 2004 - now The IPv6

770 views • 47 slides
Two Problems 1. Global IPv4 address depletion 2. Private IPv4 address depletion depletion

Two Problems 1. Global IPv4 address depletion 2. Private IPv4 address depletion depletion

Two Problems 1. Global IPv4 address depletion 2. Private IPv4 address depletion depletion a.k.a. completion Scenarios Focus work on most significant, and most solvable, scenarios Solving every possible design iteration is

428 views • 9 slides
IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address IPv4 allowed for 4.3 billion possible addresses, IPv6 allows for 340 undecillion addresses 3.40E38, 7.9E28 more than IPv4 addresses, ~ 4.8x10

1.07k views • 28 slides
Abuse of the IPv4 Transfer Markets Vasileios Giotsas, Ioana Livadariu , Petros Gigis AIMS 2020

Abuse of the IPv4 Transfer Markets Vasileios Giotsas, Ioana Livadariu , Petros Gigis AIMS 2020

Abuse of the IPv4 Transfer Markets Vasileios Giotsas, Ioana Livadariu , Petros Gigis AIMS 2020 IPv4 Transfers IPv4 address transactions that occur between organisations RIPE NCC Intra-RIR Tranfers ARIN APNIC LACNIC Dec Jun Oct Feb Jan Oct

490 views • 9 slides
UK IPv4 Transfer Market January 22, 2015 Sandra

UK IPv4 Transfer Market January 22, 2015 Sandra

UK IPv4 Transfer Market January 22, 2015 Sandra Brown sandrabrown@ipv4marketgroup.com 716 348 6768 1 Agenda 1. IntroducLon 2. IPv4 Purchase

342 views • 12 slides
Remanufacturing of Products Remanufacturing of Products and Reverse Logistics and Reverse

Remanufacturing of Products Remanufacturing of Products and Reverse Logistics and Reverse

Remanufacturing of Products Remanufacturing of Products and Reverse Logistics and Reverse Logistics Xochitl Aquiahuatl March 2007 Outline Outline Closed-loop Supply Chain Reverse Logistics Recovery Options Product

388 views • 22 slides
Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition from IPv4 to IPv6 Typical Tunnel Broker Tunnel Broker Utilizing IPv4 Anycast From IPv4 to IPv6 IPv6 = Internet Protocol Version 6

722 views • 14 slides
WEBINAR 30 th APRIL 2020 Maysir UNIQUE FEATURES OF TAKAFUL COMPARED TO INSURANCE Concept of

WEBINAR 30 th APRIL 2020 Maysir UNIQUE FEATURES OF TAKAFUL COMPARED TO INSURANCE Concept of

WEBINAR 30 th APRIL 2020 Maysir UNIQUE FEATURES OF TAKAFUL COMPARED TO INSURANCE Concept of profit Based on sharing Islamic Principles Mudarabah Unique Features of Takaful Kafala ( jointly Participants guarantee one (Customers) are

114 views • 9 slides
IP Proposal Scott Tocher MISSION Our Mission To accelerate stem cell treatments to patients

IP Proposal Scott Tocher MISSION Our Mission To accelerate stem cell treatments to patients

Agenda Item # 11 ICOC Meeting February 23 rd , 2017 IP Proposal Scott Tocher MISSION Our Mission To accelerate stem cell treatments to patients with unmet medical needs. 2 History I. CIRM IP DNA and Evolution Proposition 71: Seeing the

181 views • 15 slides
Tosca-2 Issue: Deploying Bugzilla in the Cloud dianem@activestate.com

Tosca-2 Issue: Deploying Bugzilla in the Cloud dianem@activestate.com

Tosca-2 Issue: Deploying Bugzilla in the Cloud dianem@activestate.com Frank.Leymann@iaas.uni-stuttgart.de Sample Web Application: Bugzilla as a Service a composite service that is made up of nodes Nodes Perl

202 views • 8 slides
Welcome US 29 Mobility and Reliability Study South 4 Corners Civic Association 1700 April Lane |

Welcome US 29 Mobility and Reliability Study South 4 Corners Civic Association 1700 April Lane |

Welcome US 29 Mobility and Reliability Study South 4 Corners Civic Association 1700 April Lane | Silver Spring February 13, 2019 US 29 Mobility and Reliability Study US 29 Mobility and Reliability Study 1 Agenda Welcome and Intros

403 views • 24 slides
Chapter 3: Using. Risa Wechsler KIPAC @ Stanford & SLAC large cosmological simulations

Chapter 3: Using. Risa Wechsler KIPAC @ Stanford & SLAC large cosmological simulations

Creating, Testing, and Using Simulations of the Galaxy Population in the era of surveys of 10 billion galaxies Chapter 3: Using. Risa Wechsler KIPAC @ Stanford & SLAC large cosmological simulations allow you to do many analyses in new

801 views • 32 slides
Online Ranking Combination Erzs ebet Frig o Institute for Computer Science and Control (MTA

Online Ranking Combination Erzs ebet Frig o Institute for Computer Science and Control (MTA

Online Ranking Combination Erzs ebet Frig o Institute for Computer Science and Control (MTA SZTAKI) Joint work with Levente Kocsis Overview Framework: prequential ranking evaluation Goal: optimize convex combination of ranking

407 views • 24 slides
Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement problem Covert channels Isolation: virtual machines, sandboxes March 2, 2009 ECS 235B, Winter Quarter 2009 Slide #19-1 Matt Bishop, UC

322 views • 30 slides
1 Assessing Risk in the Physical Build of a Network REANNZ lunchtime presentation 2019 WHAT

1 Assessing Risk in the Physical Build of a Network REANNZ lunchtime presentation 2019 WHAT

1 Assessing Risk in the Physical Build of a Network REANNZ lunchtime presentation 2019 WHAT REANNZ HAS LEARNED ABOUT ASSESSING RISK IN THE PHYSICAL NETWORK BUILD 2 Assessing Risk in the Physical Build of a Network REANNZ lunchtime

960 views • 26 slides

More recommend