ipv6 scanning smart address selection and comparison to
play

IPv6 Scanning Smart address selection and comparison to legacy IP - PowerPoint PPT Presentation

Jul 10, 2023 •115 likes •436 views

Chair for Network Architectures and Services Technische Universit at M unchen IPv6 Scanning Smart address selection and comparison to legacy IP Intermediate talk Sebastian Gebhard Supervisors: Oliver Gasser, Quirin Scheitle September

  1. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen IPv6 Scanning Smart address selection and comparison to legacy IP Intermediate talk Sebastian Gebhard Supervisors: Oliver Gasser, Quirin Scheitle September 30, 2015 Chair for Network Architectures and Services Department of Informatics Technische Universit¨ at M¨ unchen Sebastian Gebhard – IPv6 Scanning 1

  2. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Motivation Approach Data sourcing Intermediate results Lessons learned so far Future work Time plan Sebastian Gebhard – IPv6 Scanning 2

  3. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Motivation ◮ Recent advances in scanning technology have made large scale IPv4 scanning feasible ◮ zmap [4]: whole IPv4 address space in 4.5 minutes ◮ IPv6 address space is vastly larger ◮ Scanning the whole address space is not feasible Sebastian Gebhard – IPv6 Scanning 3

  4. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Motivation ◮ Recent advances in scanning technology have made large scale IPv4 scanning feasible ◮ zmap [4]: whole IPv4 address space in 4.5 minutes ◮ IPv6 address space is vastly larger ◮ Scanning the whole address space is not feasible Proposed solution ◮ Smart address selection ◮ Choose addresses already seen in the network ◮ Close neighbours of known addresses ◮ Pattern recognition? Sebastian Gebhard – IPv6 Scanning 3

  5. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Approach ◮ Data harvesting → hitlist generation ◮ Parsing data sources ◮ DNS resolving (for some data sources) ◮ Filtering and evaluating results ◮ Scanning targets ◮ traceroute ◮ Port scanning on port 80, 443 ◮ Evaluation Sebastian Gebhard – IPv6 Scanning 4

  6. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Data sources ◮ Alexa Top 1Million ◮ Rapid7 rDNS ◮ Rapid7 DNS ANY ◮ Caida DNS names ◮ DNS zone files Sebastian Gebhard – IPv6 Scanning 5

  7. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Data sources Alexa Top 1Million [5] CSV list of the TOP 1 Million most visited websites, published by Alexa Internet, Inc. 1,google.com 2,facebook.com 3,youtube.com Figure: Alexa Top 1M Websites [5] - Entries 1 to 3 ◮ Raw size ◮ Filesize: 22 MB, lines: 1,000,000 ◮ Processing ◮ DNS lookup: AAAA record of every domain Sebastian Gebhard – IPv6 Scanning 6

  8. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Data sources scans.io [1] - Rapid7 Reverse DNS Reverse names for the whole IPv4 space (coverage ∼ 28%) 131.159.14.1, erdbeerschnitzel.net.in.tum.de 131.159.14.10, rack.net.in.tum.de 131.159.14.100, asgard.net.in.tum.de 131.159.14.101, ipmi.asgard.net.in.tum.de Figure: Rapid7 Reverse DNS dataset excerpt [1] ◮ Raw size ◮ Filesize: 56 GB, lines: 1,216,518,754 ◮ Processing ◮ DNS lookup: AAAA record of every hostname Sebastian Gebhard – IPv6 Scanning 7

  9. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Data sources scans.io [1] - Rapid7 DNS ANY DNS ANY lookup on names gathered from scans by Rapid7 internetscience.net.in.tum.de,aaaa, 2001:4ca0:2001:13:216:3eff:fee1:6973 internetwin.tumblr.com,a,66.6.41.21 internetwin.tumblr.com,txt,|v=spf1 include:_spf.google.com include:sendgrid.net include:mail.zendesk.com -all internet-science.eu,ns,lucifer.net.in.tum.de internet-science.eu,ns,nimbus.net.in.tum.de intranet.in.tum.de,cname,intranet.informatik.tu-muenchen.de Figure: Rapid7 DNS ANY dataset excerpt [1] ◮ Raw size ◮ Filesize: 69 GB, lines: 1,435,173,425 ◮ Processing ◮ extract AAAA records Sebastian Gebhard – IPv6 Scanning 8

  10. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Data sources Caida DNS names [2] IP addresses collected by Caida’s large scale traceroute measurements on Archipelago (Ark) with PTR record 1438578912 2001:4ca0:2001:10::1 st.gw.net.in.tum.de 1438578913 2001:4ca0:2001:10:eea8:6bff:fef4:b705 priwen.net.in.tum.de 1438578951 2001:4ca0:2001:10::2 st.scylla.net.in.tum.de 1438578955 2001:4ca0:2001:10::3 st.charybdis.net.in.tum.de Figure: Caida DNS names dataset excerpt ◮ Raw size ◮ Filesize: 40 MB, lines: 618,480 ◮ Processing ◮ cut -f2 Sebastian Gebhard – IPv6 Scanning 9

  11. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Data sources DNS zone files [6] Every registered domain in the [biz, com, info, mobi, net, org, xxx] zones WARRIOR4US.COM GARYBETTUM.COM SDRTCJ.COM CAVALLOCREEKFARM.COM TIESCOMMUNITY.COM Figure: .com zone file excerpt [6] ◮ Raw size ◮ Filesize: 2.6 GB, lines: 151,881,502 ◮ Processing ◮ DNS lookup: AAAA record of every hostname Sebastian Gebhard – IPv6 Scanning 10

  12. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Intermediate results ◮ Filtering ◮ Evaluation ◮ Results Sebastian Gebhard – IPv6 Scanning 11

  13. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Filtering raw sort -u Remove duplicates duplicates bogon? Remove bogons bogons Remove special IANAspecial? prefixes IANAspecial Remove unannounced pfx2as? prefixes unnanounced Remove blacklisted blacklist? blacklisted prefixes final Sebastian Gebhard – IPv6 Scanning 12

  14. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Filtering raw sort -u Remove duplicates duplicates bogon? Remove bogons bogons Remove special IANAspecial? prefixes IANAspecial Remove unannounced pfx2as? prefixes unnanounced Remove blacklisted blacklist? blacklisted prefixes Figure: Filter output on final Rapid7 DNS ANY Sebastian Gebhard – IPv6 Scanning 12

  15. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Evaluation Automated generation of PDF report for single data sources using iPython notebook ◮ Basic statistics ◮ Amount of data removed by filters Sebastian Gebhard – IPv6 Scanning 13

  16. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Evaluation Automated generation of PDF report for single data sources using iPython notebook ◮ Basic statistics ◮ Amount of data removed by filters ◮ Mapping found IPs to announced prefixes ◮ IPs per prefix ◮ IPs per AS ◮ AS / Prefix with most hits Sebastian Gebhard – IPv6 Scanning 13

  17. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Evaluation Automated generation of PDF report for single data sources using iPython notebook ◮ Basic statistics ◮ Amount of data removed by filters ◮ Mapping found IPs to announced prefixes ◮ IPs per prefix ◮ IPs per AS ◮ AS / Prefix with most hits ◮ Efficiency of data source ◮ Unique, real IP addresses per size of source file ◮ Possible SLAAC addresses ◮ # and % of all prefixes / ASes found Sebastian Gebhard – IPv6 Scanning 13

  18. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Evaluation Automated generation of PDF report for single data sources using iPython notebook ◮ Basic statistics ◮ Amount of data removed by filters ◮ Mapping found IPs to announced prefixes ◮ IPs per prefix ◮ IPs per AS ◮ AS / Prefix with most hits ◮ Efficiency of data source ◮ Unique, real IP addresses per size of source file ◮ Possible SLAAC addresses ◮ # and % of all prefixes / ASes found ◮ Hamming Weight ◮ Calculate hamming weight of interface ID of each IP ◮ Compare hamming weights ◮ Identify servers and clients? Sebastian Gebhard – IPv6 Scanning 13

  19. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Results for hitlist generation Alexa Top 1M rDNS DNS Any Caida DNS names zone files size 22 MB 56 GB 69 GB 40 MB 2.6 GB input lines 1M 1.2B 1.4B 618k 151M raw 90,761 1,023,950 9,769,653 618,480 4,762,297 (9.076 %) a (0.084 %) (0.681 %) (100.000 %) (3.136 %) final 43,822 462,185 1,440,984 102,580 430,689 (4.382 %) (0.038 %) (0.100 %) (16.586 %) (0.284 %) ASes 1,424 4,795 5,708 5,488 2,371 (1,424 ppm) b (4 ppm) (4 ppm) (8,873 ppm) (16 ppm) PFXes 1,695 6,749 8,506 9,269 2,995 (1,695 ppm) (6 ppm) (6 ppm) (14,987 ppm) (20 ppm) AS coverage 13.984 % 47.088 % 56.054 % 53.894 % 23.284 % PFX coverage 6.575 % 26.178 % 32.993 % 35.953 % 11.617 % Combined AS coverage 7,331 (71.99 %) Combined PFX coverage 12,854 (49.86 %) a Second line: Efficiency = value input lines b ppm: Parts per million = AS / pfx per 1 Million input lines) Sebastian Gebhard – IPv6 Scanning 14

  20. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Lessons learned ◮ Always sanitize your input data ◮ PTR records don’t have to contain a valid hostname. 109.234.32.137 which resolves to \ 236 \ 232 \ 240- \ 234 \ 240 \ 229 \ 241 \ 229 \ 23586. \ 240 \ 244. Sebastian Gebhard – IPv6 Scanning 15

  21. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Lessons learned ◮ Always sanitize your input data ◮ PTR records don’t have to contain a valid hostname. 109.234.32.137 which resolves to \ 236 \ 232 \ 240- \ 234 \ 240 \ 229 \ 241 \ 229 \ 23586. \ 240 \ 244. ◮ People are using IPv6 over ISDN Sebastian Gebhard – IPv6 Scanning 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IPv6 Scanning Smart address selection and comparison to legacy IP Sebastian Gebhard Final Talk

IPv6 Scanning Smart address selection and comparison to legacy IP Sebastian Gebhard Final Talk

Chair of Network Architectures and Services Technical University of Munich IPv6 Scanning Smart address selection and comparison to legacy IP Sebastian Gebhard Final Talk on Masters Thesis in Electrical Engineering and Information Technology

1.01k views • 64 slides
1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion

1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion

1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion practice) 3. IPv6 advantages over IPv4 4. IPv4 address structure 5. IPv6 address structure IPv4 Address 32 bit address (computer stores information

655 views • 53 slides
Source Address Finding (SAF) for IPv6 Translation Mechanisms draft-thaler-ipv6-saf-01.txt Dave

Source Address Finding (SAF) for IPv6 Translation Mechanisms draft-thaler-ipv6-saf-01.txt Dave

Source Address Finding (SAF) for IPv6 Translation Mechanisms draft-thaler-ipv6-saf-01.txt Dave Thaler dthaler@microsoft.com IETF 74 - 6AI BOF 1 UNilateral Self-Address Fixing (UNSAF) 1:1 address mappings (NAT66) avoid most of the issues

545 views • 7 slides
Mapping the Great Void Smarter scanning for IPv6 Richard Barnes, Rick Altmann, Daniel Kerr BBN

Mapping the Great Void Smarter scanning for IPv6 Richard Barnes, Rick Altmann, Daniel Kerr BBN

Mapping the Great Void Smarter scanning for IPv6 Richard Barnes, Rick Altmann, Daniel Kerr BBN Technologies Agenda Challenges for mapping the IPv6 Internet Some approaches to smarter scanning CIDR++ Registry information

736 views • 26 slides
IPv6 Implications for TCP/UDP Port Scanning Tim Chown tjc@ecs.soton.ac.uk IETF 65, March 23rd

IPv6 Implications for TCP/UDP Port Scanning Tim Chown tjc@ecs.soton.ac.uk IETF 65, March 23rd

IPv6 Implications for TCP/UDP Port Scanning Tim Chown tjc@ecs.soton.ac.uk IETF 65, March 23rd 2006 Dallas, TX draft-chown-v6ops-port-scanning-implications-02 Rationale The goals of the document are currently to Note the properties of

635 views • 6 slides
RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address

RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address

RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address Auto Configuration Prof. Anja Feldmann, Philipp S. Tiesel, Thorben Krger, Apoorv Shukla IPv6 Scoped Address Architecture IPv6 addresses have

679 views • 19 slides
Internet Protocol v6 October 25, 2016 v6@nkn.in Table of Content Why IPv6? Why IPv6?

Internet Protocol v6 October 25, 2016 v6@nkn.in Table of Content Why IPv6? Why IPv6?

Internet Protocol v6 October 25, 2016 v6@nkn.in Table of Content Why IPv6? Why IPv6? IPv6 Address Space IPv6 Address Space Customer LAN Migration Customer LAN Migration Why IPv6? Why IPv6? IPv6 Address Space IPv6

770 views • 58 slides
Address scarcity, NAT, and IPv6 CSCI 466: Networks

Address scarcity, NAT, and IPv6 CSCI 466: Networks

Address scarcity, NAT, and IPv6 CSCI 466: Networks Keith Vertanen Fall 2011 Overview Handling IPv4 address scarcity Address space

766 views • 33 slides
IPv6 Ephemeral Addresses <draft-kitamura-ipv6-ephemeral-address-00.txt> Harmless IPv6

IPv6 Ephemeral Addresses <draft-kitamura-ipv6-ephemeral-address-00.txt> Harmless IPv6

IPv6 Ephemeral Addresses <draft-kitamura-ipv6-ephemeral-address-00.txt> Harmless IPv6 Address State Extension ( Uncertain State) <draft-kitamura-ipv6-uncertain-address-state-00.txt> Hiroshi KITAMURA NEC Corporation

544 views • 33 slides
IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address IPv4 allowed for 4.3 billion possible addresses, IPv6 allows for 340 undecillion addresses 3.40E38, 7.9E28 more than IPv4 addresses, ~ 4.8x10

1.07k views • 28 slides
Target Generation for Internet-wide IPv6 Scanning Austin Murdock, Frank Li, Paul Bramsen, Zakir

Target Generation for Internet-wide IPv6 Scanning Austin Murdock, Frank Li, Paul Bramsen, Zakir

Target Generation for Internet-wide IPv6 Scanning Austin Murdock, Frank Li, Paul Bramsen, Zakir Durumeric, Vern Paxson Background IPv4 scanning - Zmap . 2 Background 2 128 addresses => 10 30 years to scan 32 nybbles (hex

518 views • 28 slides
Naming IPv6 address parts IETF 79 L. Donnerhacke R. Hartmann Editors What are we thinking

Naming IPv6 address parts IETF 79 L. Donnerhacke R. Hartmann Editors What are we thinking

Naming IPv6 address parts IETF 79 L. Donnerhacke R. Hartmann Editors What are we thinking about? Find a term to describe precisely : 16 bits of an IPv6 address, separated by colons Useful for daily communication Easy to pronounce

70 views • 6 slides
IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad AlSadeh, Hosnieh Rafiee, Christoph Meinel Hasso-Plattner-Institut, University of Potsdam, Germany IPv6 StateLess Address Auto- Configuration

330 views • 20 slides
IPv6 Address Management The First Five Years 1 #whoami o o www.ernw.de o o

IPv6 Address Management The First Five Years 1 #whoami o o www.ernw.de o o

IPv6 Address Management The First Five Years 1 #whoami o o www.ernw.de o o https://insinuator.net/tag/ipv6/ o 2 Agenda o o o 3 3 Very Quick Stats (1) Source: http://6lab.cisco.com/stats/cible.php?coun try=DE&option=all 4

1.11k views • 48 slides
IPv6, MPLS IPv6 History Next generation IP (AKA IPng) Intended to extend address space

IPv6, MPLS IPv6 History Next generation IP (AKA IPng) Intended to extend address space

IPv6, MPLS IPv6 History Next generation IP (AKA IPng) Intended to extend address space and routing limitations of IPv4 Requires header change Attempted to include everything new in one change IETF moderated Based

775 views • 46 slides
IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already Here Monash IPv6 Progress Addressing End Systems Monitoring Network Address Usage Traffic Monitoring Problems IPv6 is Coming

779 views • 41 slides
Attacks on routing: IP hijacks How Internet number resources are managed

Attacks on routing: IP hijacks How Internet number resources are managed

Attacks on routing: IP hijacks How Internet number resources are managed IANA ARIN LACNIC APNIC RIPE NCC AfriNIC ISP #1 ISP NIC.br NIC.MX LIRs/ISPs

919 views • 40 slides
UK UKs JANE NET Establis blishment hment Les Lessons ons for or GA GARNE

UK UKs JANE NET Establis blishment hment Les Lessons ons for or GA GARNE

UK UKs JANE NET Establis blishment hment Les Lessons ons for or GA GARNE NET Presented by: Francis Kwabena Boachie (Deputy CITO IT Infrastructure) BSc, MSc, MBA,

621 views • 27 slides
Is the global NREN community ready to support 16 March Transnational Education? 2018 Dr Esther

Is the global NREN community ready to support 16 March Transnational Education? 2018 Dr Esther

Is the global NREN community ready to support 16 March Transnational Education? 2018 Dr Esther Wilkinson, Head of international, Jisc Overview An overview of Jisc, the UKs national research and education network Strategy, structure

636 views • 19 slides
NETWORKING NETWORKING PART 1: Basic ic conce cepts PART 1: Basic concepts Agenda Agenda

NETWORKING NETWORKING PART 1: Basic ic conce cepts PART 1: Basic concepts Agenda Agenda

Moreno Baricevic CNR-INFM DEMOCRITOS Trieste, ITALY INTRO TO INTRO TO NETWORKING NETWORKING PART 1: Basic ic conce cepts PART 1: Basic concepts Agenda Agenda Connections Connections Concept of Packet Concept of Packet Network Stack

515 views • 33 slides
Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto

Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto

Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject WARNING! This is a talk about DEFENDING not attacking NO systems were harmed on the

801 views • 47 slides
Please Stand By Bacon Intermission In Progress 1 2 Testing: Its not just for your code!

Please Stand By Bacon Intermission In Progress 1 2 Testing: Its not just for your code!

1 Please Stand By Bacon Intermission In Progress 1 2 Testing: Its not just for your code! ...and other heretical proclomations Christopher H. Laco claco@chrislaco.com @claco #pytennessee Follow along!

709 views • 52 slides
amber/datum.html

amber/datum.html

http://cr.openjdk.java.net/~briangoetz/ amber/datum.html

475 views • 44 slides
| MARBLE Mining for Boilerplate Code to Identify API Usability Problems Daye Nam Amber Horvath

| MARBLE Mining for Boilerplate Code to Identify API Usability Problems Daye Nam Amber Horvath

| MARBLE Mining for Boilerplate Code to Identify API Usability Problems Daye Nam Amber Horvath Andrew Macvean Brad Myers Bogdan Vesilescu Code to write an XML document to a speci fi ed output stream? 2 Code to write an XML document to a

871 views • 60 slides

More recommend