testing the reachability of new address space
play

Testing the reachability of (new) address space Steve Uhlig Delft - PowerPoint PPT Presentation

Dec 08, 2022 •183 likes •383 views

Testing the reachability of (new) address space Steve Uhlig Delft University of Technology Randy Bush Olaf Maennel University of Adelaide Internet Initiative Japan (IIJ) James Hiebert Matthew Roughan National Oceanic and Atmospheric

  1. Testing the reachability of (new) address space Steve Uhlig Delft University of Technology Randy Bush Olaf Maennel University of Adelaide Internet Initiative Japan (IIJ) James Hiebert Matthew Roughan National Oceanic and Atmospheric Administration University of Adelaide

  2. Outline • Problem statement • Checking reachability • Experiments • Conclusion

  3. Bogon Filters • ISPs often filter unallocated address space to protect themselves from malicious attacks and unwanted traffic • Over time unallocated address space may become allocated and legitimately announced address space... • Problem: Filters need to be updated but seem often not to be

  4. Objective • Develop methodology that is capable of detecting and locating bogon filters, filters that are blocking newly allocated address space • Advertise test and anchor prefixes from 4 probe- sites: Seattle (USA), Munich (DE), Wellington (NZ), Tokyo (JPN) • Analyze reachability status of a newly allocated prefix

  5. Terminology • Test-prefix: newly allocated prefix to be tested • Anchor-prefix: well-established prefix whose reachability should be fine • Probe-site: router that announces both the test- prefix and the anchor-prefix Test-prefix Probe- Internet site Anchor-prefix

  6. Filters and Reachability x “The Internet”

  7. Improving AS Coverage x “The Internet”

  8. Improving AS Coverage x “The Internet”

  9. Out-probes: Principles • Out-probe : probes performed from test-IP and anchor-IP towards external IP addresses • If probes comes back => reachability from target- IP • If probes do not come back => run traceroutes to find out location of bogon-filter(s) Bogon filter Target AS x ? Test-site IP y IP x

  10. Out-probes: Evaluation • Advantages: • Positive reachability exists for target IP • Probing of large fraction of AS topology • Disadvantages: • Building target IP addresses to be probed not trivial • Probe return path is most interesting but unkown

  11. Out-Probes: measurements • Send probe from test-sites (test-IP and anchor-IP) towards a large set of pingable-IP addresses (46,569) in 18,574 different ASs • If probe comes back => reachability exists • ~85% of all probes • If probe does not come back => use heuristic to find out likelihood that AS contains bogon filter • ~10% of all probes • ~5% not pingable anymore, e.g., dial-up

  12. Out-Probes: Initial validation • We derived 443 candidate ASs that are likely to filter • Manual search for 15 traceroute servers within those 443 candidate ASs: – 7 filter – 5 do not filter themselves, but have no usable [up-stream] connectivity => 12 out of 15 (80%) correctly identified – 3 failed, but validation was taken at different time so ASs might have changed filter in the meantime

  13. Limitation x “The Internet”

  14. In-probes: Principles • In-probe : traceroute performed from external IP addresses towards the test and anchor prefixes • In-probes give reachability information towards the test and anchor prefixes • If traceroute from test-prefix address diverges at some point, we conjecture that some bogon filter is responsible traceroute site anchor & test x ? prefix x x ? ?

  15. In-probes: Evaluation • Advantages: • Filter-independent reachability • Details about IP-level path • Disadvantages: • traceroute site MUST be “behind” filter • Not many traceroute sites available

  16. In-Probes: results • Raw results: • 66.9% good (anchor and test take exactly same path) • 20.6% diverging paths (anchor and test take different paths) • 8.6% test stops, but anchor ok • 3.9% failure (either anchor or anchor and test failed) • Derive candidate links, eliminate unlikely candidates, then based on remaining candidate links: • ~ 34 ASs that may contain incorrectly configured filters http://psg.com/filter-candidates.txt

  17. Summary: In- and Out-Probes • Out-probes tell about reachability: + Find areas of non-reachability + Larger topological coverage (currently > 85% of Internet ASs) - No information about: return path and thus non- optimal paths • In-probes tell about filters on the path: + Reachability available + goal: detect intermediate filters - Limited topological coverage - Many traceroute servers are needed at the “edge”

  18. Conclusion • We can identify regions in the Internet that do not have reachability • It is possible to achieve a reasonable coverage of the Internet • We don’t only check reachability: we also detect places where there is "non-optimal" connectivity

  19. Thanks To • ARIN for IP space and commissioning research • CityLink – NZ, a test site • IIJ - JP, a test site • SpaceNet - DE, a test site • PSGnet – US, a test site • Universities of Adelaide & Delft • NSF award ANI-0221435 • Australian Research Council grant DP0557066

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Protecting Other Styles of Protocols Generally, how do you know you should believe another

Protecting Other Styles of Protocols Generally, how do you know you should believe another

Protecting Other Styles of Protocols Generally, how do you know you should believe another router? About distance to some address space About reachability to some address space About other characteristics of a path About what

482 views • 14 slides
P Starting at address 0, going to address MAX prog 0 But where do addresses come from? MOV

P Starting at address 0, going to address MAX prog 0 But where do addresses come from? MOV

Memory Management Basics 1 Basic Memory Management Concepts Address spaces MAX sys Physical address space The address space supported by the hardware Starting at address 0, going to address MAX sys MAX prog Logical/virtual address space

448 views • 22 slides
Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert May, 2006 Address Space Randomization Theory Randomize location of memory objects Libraries Heap User, kernel-space stack Foils attacks like

560 views • 15 slides
Processs Address Space Linux Address Space 0x7fffffff Stack Data (Heap) Data (Heap)

Processs Address Space Linux Address Space 0x7fffffff Stack Data (Heap) Data (Heap)

10/21/2014 Processes, Address Spaces, and PROCESS Memory Management A running program and its associated data Jonathan Misurda jmisurda@cs.pitt.edu Processs Address Space Linux Address Space 0x7fffffff Stack Data (Heap) Data (Heap)

579 views • 3 slides
Recall: Address Space Map Somet imes St ack Biggest Reserved f or (Space f or local var

Recall: Address Space Map Somet imes St ack Biggest Reserved f or (Space f or local var

Recall: Address Space Map Somet imes St ack Biggest Reserved f or (Space f or local var iables et c. Vir t ual OS 13: Memory Management For each nest ed pr ocedur e call) Address St ack Point er Last Modif ied: Heap (Space f or

322 views • 8 slides
t s Computability and Complexity Nabil Mustafa Nondeterministic Space Complexity Nabil Mustafa

t s Computability and Complexity Nabil Mustafa Nondeterministic Space Complexity Nabil Mustafa

The Problem REACHABILITY REACHABILITY Input: A directed graph G = ( V , E ), | V | = n , | E | = m , and two vertices s , t V Nondeterministic Space Complexity Question: Is there a directed path from s to t in G ? Nabil Mustafa t s

246 views • 6 slides
Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon

Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon

BFOC13. Boston University Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon Goldberg Leonid Reyzin Princeton University Boston University How Secure is Internet Routing Today? (1) I am

375 views • 14 slides
Program address space What does the OS loader do? 0x7ffffffff0000 Stack 8MB reserved Creates

Program address space What does the OS loader do? 0x7ffffffff0000 Stack 8MB reserved Creates

Program address space What does the OS loader do? 0x7ffffffff0000 Stack 8MB reserved Creates new process Sets up address space/segments Read executable file, load instructions, init global data 0x7ffff770000 Shared library

844 views • 16 slides
IP Version 6 The explosive growth of the Internet IPv4 address space, 32-bit Real-time

IP Version 6 The explosive growth of the Internet IPv4 address space, 32-bit Real-time

IP Version 6 The explosive growth of the Internet IPv4 address space, 32-bit Real-time and interactive applications Expanded address space, 128 bits Simplified header format Enabling easier processing of IP datagrams

852 views • 15 slides
Main Memory Goals for Today Protection: Address Spaces What is an Address Space?

Main Memory Goals for Today Protection: Address Spaces What is an Address Space?

Main Memory Goals for Today Protection: Address Spaces What is an Address Space? How is it Implemented? Address Translation Schemes Segmentation Paging Paging Multi-level translation Inverted page tables

461 views • 44 slides
Recap What are the three components of a process? Address space CPU context OS

Recap What are the three components of a process? Address space CPU context OS

Recap What are the three components of a process? Address space CPU context OS resources What are the steps of a context switching? Save & restore CPU context Change address space and other info in the PCB 1 Process

430 views • 18 slides
Virtual Memory Separate the concept of: address space (name) from physical memory address

Virtual Memory Separate the concept of: address space (name) from physical memory address

Virtual Memory Separate the concept of: address space (name) from physical memory address (location) Most common example today: wireless (cell) phones Phone number is your id or name Location varies as you move Maintain a Map between name

208 views • 20 slides
A PKI for IP Address Space and AS Numbers Dr. Stephen Kent Chief Scientist - Information

A PKI for IP Address Space and AS Numbers Dr. Stephen Kent Chief Scientist - Information

A PKI for IP Address Space and AS Numbers Dr. Stephen Kent Chief Scientist - Information Security Why A PKI? All proposals for improving the security of BGP rely on a secure infrastructure that attests to address space and AS number

252 views • 13 slides
Br Breaking Kern rnel Ad Address ss Space La Layout Randomization (KASLR LR) wi with th

Br Breaking Kern rnel Ad Address ss Space La Layout Randomization (KASLR LR) wi with th

Br Breaking Kern rnel Ad Address ss Space La Layout Randomization (KASLR LR) wi with th Intel TSX Yeongjin Jang , Sangho Lee, and Taesoo Kim Georgia Institute of Technology Kernel Address Space Layout Randomization (KASLR) A

1.2k views • 102 slides
New Venice Your Address In Space Master Thesis Defense Suzana Bianco May 3rd, 2018

New Venice Your Address In Space Master Thesis Defense Suzana Bianco May 3rd, 2018

New Venice Your Address In Space Master Thesis Defense Suzana Bianco May 3rd, 2018 sdbianco@uh.edu Imagine... It is the year 2070. The existing space economy is thriving. There are many facilities scattered across Cislunar space

429 views • 42 slides
Plasma-based space radiation mimicking for space radiobiology and electronics testing Scottish

Plasma-based space radiation mimicking for space radiobiology and electronics testing Scottish

Advanced Summer School on Laser-driven Sources of High Energy Particles and Radiation 2017-07-14, CNR Conference Centre, Anacapri, Capri Bernhard Hidding Plasma-based space radiation mimicking for space radiobiology and electronics testing

836 views • 44 slides
GENERALIZABLE AI: A NEW FOUNDATION ANIMA ANANDKUMAR TRINITY OF AI ALGORITHMS COMPUTE DATA 2

GENERALIZABLE AI: A NEW FOUNDATION ANIMA ANANDKUMAR TRINITY OF AI ALGORITHMS COMPUTE DATA 2

GENERALIZABLE AI: A NEW FOUNDATION ANIMA ANANDKUMAR TRINITY OF AI ALGORITHMS COMPUTE DATA 2 IMPRESSIVE GROWTH OF AI Wide range of domains Deep reinforcement learning NVIDIA GAN generates photo- beats human champion realistic images,

927 views • 57 slides
Fault attack vulnerability assessment of binary code Cryptography and Security in Computing

Fault attack vulnerability assessment of binary code Cryptography and Security in Computing

Fault attack vulnerability assessment of binary code Cryptography and Security in Computing Systems [CS219], Valencia, Spain January 21, 2019 Jean-Baptiste Brjon Emmanuelle Encrenaz Karine Heydemann Quentin Meunier Son-Tuan Vu Sorbonne

770 views • 34 slides
Video 3.1 Vijay Kumar and Ani Hsieh Robo3x-1.3 1 Property of Penn Engineering, Vijay Kumar

Video 3.1 Vijay Kumar and Ani Hsieh Robo3x-1.3 1 Property of Penn Engineering, Vijay Kumar

Video 3.1 Vijay Kumar and Ani Hsieh Robo3x-1.3 1 Property of Penn Engineering, Vijay Kumar and Ani Hsieh Dynamics of Robot Arms Vijay Kumar and Ani Hsieh University of Pennsylvania Robo3x-1.3 2 Property of Penn Engineering, Vijay

797 views • 61 slides
! X SAS08 Valencia p.8/44 I N C OMPARATIVE S EMANTICS P 1 ; P 2 A = P 1

! X SAS08 Valencia p.8/44 I N C OMPARATIVE S EMANTICS P 1 ; P 2 A = P 1

T RANSFORMING A BSTRACT I NTERPRETATIONS BY A BSTRACT I NTERPRETATIONS M ODELLING S YSTEMS AS AI T RANSFORMERS Roberto Giacobazzi (and A. Banerjee, I. Mastroeni , E. Quintarelli, F. Ranzato, F. Scozzari) SAS08, Valencia July 2008 SAS08

1.51k views • 125 slides
Caching for Data Intensive Scientific Repositories Ani Thakar, Dan Wang, Tanu Malik, Philip

Caching for Data Intensive Scientific Repositories Ani Thakar, Dan Wang, Tanu Malik, Philip

Caching for Data Intensive Scientific Repositories Ani Thakar, Dan Wang, Tanu Malik, Philip Little, Amitabh Chaudhary Scientific repositories can have a large network footprint Network Telescope Data Repository Pan-STARRS is expected

452 views • 14 slides
Ani Aprahamian Robustness of observational r-process patterns Uncertainties in

Ani Aprahamian Robustness of observational r-process patterns Uncertainties in

Ani Aprahamian Robustness of observational r-process patterns Uncertainties in astrophysical r-process sites What about the nuclear properties? r-process basic idea rprocess Z=50 Masses -decay rates N=82 n- capture

492 views • 24 slides
In Defense of Corpus Data Summary from Week 1: Introspective judgments about

In Defense of Corpus Data Summary from Week 1: Introspective judgments about

In Defense of Corpus Data Summary from Week 1: Introspective judgments about decontextualized, constructed examples... may underestimate the space of grammatical possibility because of absence of context may

661 views • 33 slides
Final Presenta,on Logis,cs Friday, June 3 rd , 10am Start

Final Presenta,on Logis,cs Friday, June 3 rd , 10am Start

Final Presenta,on Logis,cs Friday, June 3 rd , 10am Start preparing at 9:30 CSE atrium Pizza will be there at 11:30 To print your

240 views • 6 slides

More recommend