mapping the great void
play

Mapping the Great Void Smarter scanning for IPv6 Richard Barnes, - PowerPoint PPT Presentation

Aug 28, 2023 •463 likes •736 views

Mapping the Great Void Smarter scanning for IPv6 Richard Barnes, Rick Altmann, Daniel Kerr BBN Technologies Agenda Challenges for mapping the IPv6 Internet Some approaches to smarter scanning CIDR++ Registry information

  1. Mapping the Great Void Smarter scanning for IPv6 Richard Barnes, Rick Altmann, Daniel Kerr BBN Technologies

  2. Agenda � Challenges for mapping the IPv6 Internet � Some approaches to smarter scanning CIDR++ � Registry information � Addressing heuristics � � Empirical results

  3. Background: IPv6 is big

  4. IPv6 address space is big � How do you select the networks you trace to? Ark IPv4: Each /24 covered by a BGP prefix � Ark IPv6: One per prefix advertised in BGP � � Supposing we view a /48 as functionally similar to a / 24… IPv4: 12,577,420 /24s advertised (~2 23.6 ) � IPv6: 3,523,931,041 /48s advertised (~2 31.7 ) � � … and that’s with the current level of IPv6 deployment � And really, /48s get subdivided too http://www.caida.org/workshops/isma/1102/slides/aims1102_yhyun_ark.pdf RouteViews RIB from WIDE collector, 2011/12/22

  5. General Approach: Adaptive Probing Learn from previous rounds of probes to predict where you � should probe next In the IPv4 context, focus has been on reducing impact of � comprehensive measurement traffic DoubleTree / Interface Set Cover algorithms find minimal set � of paths to cover all interfaces In IPv6, focus is more on discovering the most subnets / � interfaces in a feasible number of measurements Some algorithms don’t scale to IPv6 (e.g., subnet-centric) � http://rbeverly.net/research/papers/direct-imc10.pdf RouteViews RIB from WIDE collector, 2011/12/22

  6. Smarter Scanning

  7. Going beyond BGP � To tell two networks apart in measurements, we need to trace to a target in each of them � Finding networks via pure random scanning within BGP-announced prefixes doesn’t scale � Start with BGP, add more information Small amounts of randomness � Registration information (WHOIS) � Information gathered in earlier scans �

  8. Testing Methodology � 5 nodes from commercial VPS services � ICMP Paris traceroutes to selected targets � Metric: Discovered addresses (no alias resolution)

  9. Baseline: BGP Technique Traceroute Monitors Total Discovered Gain Rate Targets / Measureme Interface (New Hops Monitor nts Addresses Per Trace) BGP 8380 5 41900 16986 0.405

  10. BGP+4 � Some networks do a little bit of subdivision of an advertised prefix, but maybe not much � Take each prefix from BGP � Compute 16 subnets you can get by adding 4 random bits Random scanning, but bounded increase in work (16x) �

  11. BGP+4 Technique Traceroute Monitors Total Discovered Gain Rate Targets / Measureme Interface (New Hops Monitor nts Addresses Per Trace) BGP 8380 5 41900 16986 0.405 BGP+4 73407 5 367035 20434 0.056

  12. BGP  WHOIS + Rand48 � People sometimes register WHOIS information at a higher level of granularity than they advertise in BGP � Download bulk WHOIS information and build a list of prefixes from inet6num objects � Find routable WHOIS prefixes, covered by prefixes advertised in BGP � If a given BGP prefix has no more specifics in WHOIS, sample five random /48s

  13. BGP  WHOIS + Rand48 Prefix Network BGP Gain 2a02:f8:7:1a::/64 IT AISA-NET-1 /32 32 2a01:4f8:141:22::/64 DE FORMER-03-GMBH /32 32 2406:4800::/64 SG DOCOMOinterTouch-HQ-V6 /40 24 2405:2000:ff10::/56 IN CHN-CXR-TATAC /32 24 2607:f6f0:100::/56 US EQUINIX-EDMA-V6-CORP-01 /40 16 2001:42c8:ffd0:100::/56 ZA CAPETOWN-KLT-TATA /32 24

  14. BGP  WHOIS + Rand48 Technique Traceroute Monitors Total Discovered Gain Rate Targets / Measureme Interface (New Hops Monitor nts Addresses Per Trace) BGP 8380 5 41900 16986 0.405 BGP+4 73407 5 367035 20434 0.056 BGP  90817 4 363268 40074 0.110 WHOIS + Rand48

  15. Sequence Completion As we do traceroutes, we get addresses back in the source addresses � of responses Sometimes these addresses hint at the use of addressing schemes � Look for runs within each hex digit, then complete sequences � 2001:db8:1: 47c7 ::/48 � 2001:db8:1: 47c8 ::/48 � 2001:db8:1: 47c9 ::/48 � 2001:db8:1: 47c8 ::797f � 2001:db8:1: 47ca ::/48 � 2001:db8:1: 47c9 ::47db � 2001:db8:1: 47cb ::/48 � 2001:db8:1: 47cb ::8a03 � 2001:db8:1: 47cc ::/48 � 2001:db8:1: 47cd ::4d33 � 2001:db8:1: 47cd ::/48 � 2001:db8:1: 47cf ::b221 � 2001:db8:1: 47ce ::/48 � 2001:db8:1: 47cf ::/48 � 2001:db8:1: 47d0 ::/48 �

  16. Sequence Completion 2a01:198:200: 0 00::/52 � BGP 2a01:198:200: 1 00::/52 � 2a01:198::/32 2a01:198:200: 2 00::/52 � 2a01:198:200: 3 00::/52 � 2a01:198:200: 4 00::/52 � 2a01:198:200: 5 00::/52 � 2a01:198:200: 6 00::/52 � BGP  WHOIS 2a01:198:200: 7 00::/52 � SIXXS-DEDUS01 2a01:198:200: 8 00::/52 � 2a01:198:200::/40 2a01:198:200: 9 00::/52 � 2a01:198:200: a 00::/52 � Scanning within the /40… Completing the sequence…

  17. Sequence Completion Technique Traceroute Monitors Total Discovered Gain Rate Targets / Measureme Interface (New Hops Monitor nts Addresses Per Trace) BGP 8380 5 41900 16986 0.405 BGP+4 73407 5 367035 20434 0.056 BGP  90817 4 363268 40074 0.110 WHOIS + Rand48 Sequence 21279.75 4 85119 22919 0.269 Completion

  18. How much did we learn?

  20. Overlap in Discovered Interfaces BGP+4 Percentage of interfaces discovered, by source Circle area proportional to 8% interface count 19% 0.4% 5% 37% 2% 29% BGP  WHOIS + Rand48 Sequence Completion

  21. Overlap in Discovered Interfaces BGP+4 26.6% of all discovered interfaces appeared in BGP-based traces Additional techniques expand coverage ~4x BGP BGP  WHOIS + Rand48 Sequence Completion

  22. Broader or Deeper? � Three techniques show similar hop count distributions � BGP+WHOIS lower mean, but greater max by 5 hops CDF of Paris Traceroute Hop Count 1 0.9 0.8 0.7 0.6 BGP BGP+4 0.5 BGP+WHOIS 0.4 Sequence Completion 0.3 0.2 0.1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

  23. Conclusions � CIDR prefixes derived from BGP hide a lot of topology information � New techniques add both detail and depth relative to scanning based on BGP prefixes alone “Augmented BGP”: BGP+4, BGP+WHOIS � Inference from discovered addresses � � Each technique seems to cover different parts of the network, so combination is necessary � Future work: Incorporate better algorithms (e.g., ISC)

  24. Digression: Security Appliances � There are apparently security appliances out there that respond to ICMP requests for every address in a subnet Show up in measurements as highly active networks / highly � connected nodes May be useful for mapping out subnet boundaries � � “20% test” detects with high confidence If 2 of 10 randomly chosen addresses within a network respond � to pings … … then there’s probably one of these devices there. �

  25. Digression: Security Appliances

  26. Richard Barnes Thanks! <rbarnes@bbn.com> Rick Altmann Daniel Kerr

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Review: Thread package API tid thread_create (void (*fn) (void *), void *arg); - Create a new

Review: Thread package API tid thread_create (void (*fn) (void *), void *arg); - Create a new

Review: Thread package API tid thread_create (void (*fn) (void *), void *arg); - Create a new thread that calls fn with arg void thread_exit (); void thread_join (tid thread); The execution of multiple threads is interleaved Can

498 views • 45 slides
the images Egbert Mittelstdt uses an analogue/digital animation stand, at which by means of

the images Egbert Mittelstdt uses an analogue/digital animation stand, at which by means of

VOID lab project description VOID lab VOID is an audiovisual performance and installation project by the media artist Egbert Mittelstdt and the sound artist Frank Schulte. With VOID lab the artists have succeeded in creating a direct,

471 views • 6 slides
1986) 1. double f_function() 2. double g_function() 3. void G_gradient() 4. void G_hessian() 5.

1986) 1. double f_function() 2. double g_function() 3. void G_gradient() 4. void G_hessian() 5.

/* rpa_proj.c: functions for current minlp-project: alan.gms (Manne 1986) 1. double f_function() 2. double g_function() 3. void G_gradient() 4. void G_hessian() 5. void add_minlp() */ int RPA_COUNT=0; int ACTIVATED = FALSE; double f_function

321 views • 3 slides
Concurrency November 27, 2007 1 Thread Classes &lt;&lt;interface&gt;&gt; Runnable void run()

Concurrency November 27, 2007 1 Thread Classes &lt;&lt;interface&gt;&gt; Runnable void run()

Concurrency November 27, 2007 1 Thread Classes &lt;&lt;interface&gt;&gt; Runnable void run() 0..1 target Thread void interrupt() void sleep (long millis) void start() 2 Wednesday, November 28, 2007 (Simplified) Thread State Machine

260 views • 9 slides
TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment

TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment

TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment Mapping Bump Mapping Basic mapping strategies Forward vs backward mapping Point sampling vs area averaging Introduce

775 views • 25 slides
Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping -

Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping -

Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping - Disadvantages Example Forward Mapping Original Rotated Zoom In Backward Mapping The Problem: (u,v) are not integers! &quot;# Nearest Neighbor

715 views • 49 slides
29. Parallel Programming III public: ... void withdraw(int amount) { guard g(m); ... } void

29. Parallel Programming III public: ... void withdraw(int amount) { guard g(m); ... } void

Deadlock Motivation class BankAccount { int balance = 0; std::recursive_mutex m; using guard = std::lock_guard&lt;std::recursive_mutex&gt;; 29. Parallel Programming III public: ... void withdraw(int amount) { guard g(m); ... } void

192 views • 7 slides
Texture Mapping Surface mapping OpenGl and Implementation Details Texture mapping Bump

Texture Mapping Surface mapping OpenGl and Implementation Details Texture mapping Bump

Texture Mapping Surface mapping OpenGl and Implementation Details Texture mapping Bump Mapping CS351-50 Displacement mapping Actually moving geometry ie Create screw from cylinder, Terrain, etc 11.05.03 An Overview An

496 views • 11 slides
Texture and other Mappings Texture Mapping Texture Mapping Bump Mapping Bump Mapping

Texture and other Mappings Texture Mapping Texture Mapping Bump Mapping Bump Mapping

Texture and other Mappings Texture Mapping Texture Mapping Bump Mapping Bump Mapping Displacement Mapping Displacement Mapping Environment Mapping Environment Mapping Angel Chapter 7 Last Time - Shading Flat shading: Inexpensive to

629 views • 26 slides
CS 241 Data Organization Quiz 4 March 7, 2018 Question 1 The output is: void main(void) { A

CS 241 Data Organization Quiz 4 March 7, 2018 Question 1 The output is: void main(void) { A

CS 241 Data Organization Quiz 4 March 7, 2018 Question 1 The output is: void main(void) { A 1 int x=1, y=3; int *px; B 2 px = &amp;x; printf(&quot;%d\n&quot;, *px + y); C 3 } D 4 E 13 F A memory location which is a larger number

406 views • 9 slides
Texture and other Mappings Texture Mapping Bump Mapping Displacement Mapping Environment

Texture and other Mappings Texture Mapping Bump Mapping Displacement Mapping Environment

Texture and other Mappings Texture Mapping Bump Mapping Displacement Mapping Environment Mapping Example: Checkerboard Particularly severe problems in regular textures 1 The Beginnings of a Solution: Mipmapping Pre-calculate how

552 views • 14 slides
RGB-D Mapping Overview CSE 571 Robotics Map RGB-D Mapping `` University of Washington Dieter

RGB-D Mapping Overview CSE 571 Robotics Map RGB-D Mapping `` University of Washington Dieter

11/6/16 RGB-D Mapping Overview CSE 571 Robotics Map RGB-D Mapping `` University of Washington Dieter Fox RGB-D Mapping: Using Depth Cameras for Dense 3D Modeling of Indoor Environments. Henry et al. ISER 2010 RGB-D Mapping: Using

240 views • 13 slides
CSE 351: Week 9 Tom Bergan, TA 1 Today Lab 5 Reference counting 2 Lab 5: Explicit

CSE 351: Week 9 Tom Bergan, TA 1 Today Lab 5 Reference counting 2 Lab 5: Explicit

CSE 351: Week 9 Tom Bergan, TA 1 Today Lab 5 Reference counting 2 Lab 5: Explicit free list allocator Your goals Implement: void* mm_malloc(size_t bytes); Implement: void mm_free(void *ptr); We give you a starting point 3 Lab 5:

467 views • 34 slides
C P S C 314 WHY IS TEXTURE IMPORTANT? TEXTURE MAPPING TEXTURE MAPPING TEXTURE MAPPING real

C P S C 314 WHY IS TEXTURE IMPORTANT? TEXTURE MAPPING TEXTURE MAPPING TEXTURE MAPPING real

C P S C 314 WHY IS TEXTURE IMPORTANT? TEXTURE MAPPING TEXTURE MAPPING TEXTURE MAPPING real life objects have hide geometric simplicity nonuniform colors, normals images convey illusion of geometry to generate realistic objects,

448 views • 3 slides
User Story Mapping Richard Kasperowski | With Great People High-Performance Teams @rkasper

User Story Mapping Richard Kasperowski | With Great People High-Performance Teams @rkasper

Richard Kasperowski | With Great People 2018 Richard Kasperowski | With Great People @rkasper r@kasperowski.com | | kasperowski.com User Story Mapping Richard Kasperowski | With Great People High-Performance Teams @rkasper kasperowski +1

464 views • 19 slides
hor nsby par k landfor m development Quar r y Void July 2016 (S Quar r y Void November 2018

hor nsby par k landfor m development Quar r y Void July 2016 (S Quar r y Void November 2018

hor nsby par k landfor m development Quar r y Void July 2016 (S Quar r y Void November 2018 (S o urc e : Ne armap) o urc e : Ne armap) Proposed Fill Profjle Pr oposed R ec r eation Ar eas E IS development quarry ge o te c h

97 views • 9 slides
Computer Graphics (CS 543) Lecture 9 (Part 1): Environment

Computer Graphics (CS 543) Lecture 9 (Part 1): Environment

Computer Graphics (CS 543) Lecture 9 (Part 1): Environment Mapping (ReflecBons and RefracBons) Prof Emmanuel Agu (Adapted from slides by Ed Angel)

751 views • 49 slides
Enhanced Efficiency of Mapping Distribution Protocols in Scalable Routing and Addressing

Enhanced Efficiency of Mapping Distribution Protocols in Scalable Routing and Addressing

Enhanced Efficiency of Mapping Distribution Protocols in Scalable Routing and Addressing Architectures K. Sriram, Patrick Gleichmann, Young-Tak Kim, and Doug Montgomery July 2010 National Institute of Standards and Technology National

363 views • 19 slides
CSE-571 Robotics Mapping Sparse landmarks RGB / Depth Maps Problems in Mapping Occupancy

CSE-571 Robotics Mapping Sparse landmarks RGB / Depth Maps Problems in Mapping Occupancy

Types of SLAM-Problems Grid maps or scans CSE-571 Robotics Mapping Sparse landmarks RGB / Depth Maps Problems in Mapping Occupancy Grid Maps Sensor interpretation Introduced by Moravec and Elfes in 1985 Represent environment

227 views • 9 slides
Memory Safety for Low- Level Software/Hardware Interactions John Criswell Nicolas Geoffray

Memory Safety for Low- Level Software/Hardware Interactions John Criswell Nicolas Geoffray

Memory Safety for Low- Level Software/Hardware Interactions John Criswell Nicolas Geoffray Vikram Adve Montreal or Bust! Memory Safety Future is Bright User-space memory safety is improving Safe languages SAFECode, CCured, Baggy

556 views • 53 slides
Photon Mapping (Helper Slides) Sampling Patterns Specular Reflection and Transmission

Photon Mapping (Helper Slides) Sampling Patterns Specular Reflection and Transmission

Photon Mapping (Helper Slides) Sampling Patterns Specular Reflection and Transmission Available in ray tracer Use Fresnels Eqns for F r Russian Roulette RGB Roulette Caustics: Projection Maps Cast caustic map photons toward

527 views • 14 slides
GEODA WEB ENHANCING WEB-BASED MAPPING WITH SPATIAL ANALYTICS Xun Li , Luc Anselin and Julia

GEODA WEB ENHANCING WEB-BASED MAPPING WITH SPATIAL ANALYTICS Xun Li , Luc Anselin and Julia

GEODA WEB ENHANCING WEB-BASED MAPPING WITH SPATIAL ANALYTICS Xun Li , Luc Anselin and Julia Koschinsky GeoDa Center for Geospatial Analysis and Computation Arizona State University WHAT IS GEODA-WEB? A cloud

582 views • 27 slides
Parameterization-Aware MIP-Mapping Josiah Manson and Scott Schaefer Texas A&amp;M University

Parameterization-Aware MIP-Mapping Josiah Manson and Scott Schaefer Texas A&amp;M University

Parameterization-Aware MIP-Mapping Josiah Manson and Scott Schaefer Texas A&amp;M University Texture Parameterization Texture Parameterization Texture Parameterization Texture Parameterization MIP-Mapping MIP-Mapping MIP-Mapping Aliased

655 views • 62 slides
Transparent Flow Mapping for NEAT Felix Weinrank, Michael Txen Department of Electrical

Transparent Flow Mapping for NEAT Felix Weinrank, Michael Txen Department of Electrical

Transparent Flow Mapping for NEAT Felix Weinrank, Michael Txen Department of Electrical Engineering and Computer Science Funded by EU H2020 NEAT project (Grant agreement no. 644334) In a nutshell Automatic multiplexing + fallback Transparent

332 views • 16 slides

More recommend