yarrp ing the internet
play

Yarrping the Internet Robert Beverly Naval Postgraduate School - PowerPoint PPT Presentation

Apr 23, 2023 •382 likes •577 views

Yarrping the Internet Robert Beverly Naval Postgraduate School February 12, 2016 Active Internet Measurements (AIMS) Workshop R. Beverly (NPS) Yarrp AIMS 2016 1 / 17 Motivation Active Topology Probing Years (and years) of prior work on

  1. Yarrp’ing the Internet Robert Beverly Naval Postgraduate School February 12, 2016 Active Internet Measurements (AIMS) Workshop R. Beverly (NPS) Yarrp AIMS 2016 1 / 17

  2. Motivation Active Topology Probing Years (and years) of prior work on Internet-scale topology probing e.g., Scamper, DoubleTree, iPlane It’s 2016: Why can’t we traceroute to every IPv4 destination quickly ? e.g., O ( minutes ) ? (The ZMap a and Masscan b folks can do it – why can’t we?) a Z. Durumeric et al., 2013 b R. Graham, 2013 R. Beverly (NPS) Yarrp AIMS 2016 2 / 17

  3. Motivation Active Topology Probing Years (and years) of prior work on Internet-scale topology probing e.g., Scamper, DoubleTree, iPlane It’s 2016: Why can’t we traceroute to every IPv4 destination quickly ? e.g., O ( minutes ) ? (The ZMap a and Masscan b folks can do it – why can’t we?) a Z. Durumeric et al., 2013 b R. Graham, 2013 R. Beverly (NPS) Yarrp AIMS 2016 2 / 17

  4. Motivation State-of-the-art Existing traceroute-style approaches: Maintain state over outstanding probes (identifier, origination time) Are sequential , probing all hops along the path. At best, parallelism limited to a window of outstanding destinations being probed. Implications: Concentrates load: along paths, links, routers (potentially triggering rate-limiting or IDS alarms) Production systems probe slowly R. Beverly (NPS) Yarrp AIMS 2016 3 / 17

  5. Motivation State-of-the-art Existing traceroute-style approaches: Maintain state over outstanding probes (identifier, origination time) Are sequential , probing all hops along the path. At best, parallelism limited to a window of outstanding destinations being probed. Implications: Concentrates load: along paths, links, routers (potentially triggering rate-limiting or IDS alarms) Production systems probe slowly R. Beverly (NPS) Yarrp AIMS 2016 3 / 17

  6. Methodology Yarrp “Yelling at Random Routers Progressively” Takes inspiration from ZMap: Uses a block cipher to randomly permute the < IP , TTL > space Is stateless , recovering necessary information from replies Permits fast Internet-scale active topology probing (even from a single VP) R. Beverly (NPS) Yarrp AIMS 2016 4 / 17

  7. Methodology Traditional Traceroute Example Topology T 1 T 1 T T prober prober 2 T T 3 R. Beverly (NPS) Yarrp AIMS 2016 5 / 17

  8. Methodology Traditional Traceroute T 1 T 1 2 = t l t prober prober Traditional traceroute sends probes with incrementing TTL to destination T 1 R. Beverly (NPS) Yarrp AIMS 2016 6 / 17

  9. Methodology Traditional Traceroute T 1 T 1 4 = t l t prober prober ... continuing until finished with T 1 (reach destination or gap limit). Prober must maintain state, while traffic is concentrated on prober � T 1 path R. Beverly (NPS) Yarrp AIMS 2016 7 / 17

  10. Methodology Yarrp T 1 T 1 t t l = 4 , d s t = T T prober prober t 2 2 T T 3 Yarrp iterates through randomly permuted < Target , TTL > pairs R. Beverly (NPS) Yarrp AIMS 2016 8 / 17

  11. Methodology Yarrp T 1 T 1 1 t = t s d , 2 = t l t T T prober prober 2 ttl=3,dst=t3 T T 3 Yarrp iterates through randomly permuted < Target , TTL > pairs R. Beverly (NPS) Yarrp AIMS 2016 9 / 17

  12. Methodology Yarrp Inferred Topology T 1 T 1 T T prober prober 2 T T 3 Finally, stitch together topology. Requires state and computation, but off-line after probing completes. R. Beverly (NPS) Yarrp AIMS 2016 10 / 17

  13. Methodology Challenges Encoding State 16 32 E HL Ver DSCP Len C N Send TTL IPID Frag Offset cksum(T arget IP) TTL P=TCP Header Checksum IP Source IP = prober Send Elapsed Time (ms) Destination IP = target T arget IP Source Port d_port = 80 TCP Sequence Number IPID = Probe’s TTL TCP Source Port = cksum(Target IP destination) a TCP Seq No = Probe send time (elapsed ms) Per-flow load balancing fields remain constant (ala Paris) Assume routers echo only 28B of expired packet a Malone PAM 2007: ≈ 2% of quotations contained modified destination IP R. Beverly (NPS) Yarrp AIMS 2016 11 / 17

  14. Methodology Challenges Recovering State 16 32 Send TTL cksum(T arget IP) P=ICMP IP Source IP = router interface Send Elapsed Time (ms) Destination IP = prober T arget IP type=11 code=0 ICMP IPID TTL=0 P=TCP Quote Source IP = prober Destination IP = target Source Port d_port = 80 Sequence Number ICMP TTL exceeded replies permit recovery of: target probed, originating TTL (hop), and responding router interface at that hop. R. Beverly (NPS) Yarrp AIMS 2016 12 / 17

  15. Methodology Challenges Distribution of unique interfaces discovered vs. TTL for all Ark monitors, one Ark topology probing cycle 10 5 Problem: knowing when 10 4 to stop Little Unique Interfaces 10 3 discoverable topology past 10 2 TTL=32 ⇒ limit 10 1 < IP , TTL > search space to 10 0 TTL ≤ 32 1 2 3 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 4 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 3 Trace TTL R. Beverly (NPS) Yarrp AIMS 2016 13 / 17

  16. Results Initial Testing Speed C++ implementation w/o tuning Linux KVM (1 core, Intel L5640 @ 2.27GHz) Achieve 106K pps Proof-of-concept Sent 10M probes in ≈ 100 sec Discovered 178,453 unique router interfaces CPU: 52% R. Beverly (NPS) Yarrp AIMS 2016 14 / 17

  17. Results What’s Possible Traceroute to an address in each /24, for TTLs 1-32 2 24 ∗ 2 5 t = 100 Kpps ≃ 84min Traceroute to every routed IPv4 destination 2 31 ∗ 2 5 t = 100 Kpps ≃ 1week R. Beverly (NPS) Yarrp AIMS 2016 15 / 17

  18. Results Optimizations Base Yarrp requires no state (Must reconstruct traces, but that’s an offline local process) If we’re willing to maintain some space, we can optimize: Time Memory Trade Off Probe only routed destinations (radix trie BGP RIB) Avoiding repeated re-discovery of prober’s local neighborhood (state over small number of interfaces near prober) Distribute: only requires communicating block cipher key and offset! R. Beverly (NPS) Yarrp AIMS 2016 16 / 17

  19. Results Next Steps Yarrping the Internet Push limits on how fast we can map the entire IPv4 Internet Compare discovered topologies from e.g. Ark versus Yarrp Applications? What do two snapshots of the Internet topology separated by an hour reveal? Others? Thanks! – Questions? https://www.cmand.org R. Beverly (NPS) Yarrp AIMS 2016 17 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Operationalizing Yarrp: High-Speed Active Network Topology Mapping from AWS

Operationalizing Yarrp: High-Speed Active Network Topology Mapping from AWS

Operationalizing Yarrp: High-Speed Active Network Topology Mapping from AWS https://yarrp.nps.tancad.net/ Justin P. Rohrer (jprohrer@nps.edu) Department of Computer Science US Naval Postgraduate School AIMS-KISMET, February 28, 2020 1

538 views • 16 slides
No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your favourite team? Do you use the internet to watch music videos? Do you use the Internet to read the news? Do you use the Internet to play games? Shared

997 views • 51 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

5/15/2012 How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been tremendously successful From Architecture to Network Has sustained tremendous growth g Supports very diverse set of applications

484 views • 10 slides
IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet

IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet

IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites Robert Bjekovic, University of applied sciences Ravensburg Weingarten, Weingarten, Germany Michael Elwert, University of applied

351 views • 32 slides
Enabling the Internet of Everything with 3G The Internet of Everything The Next Era of

Enabling the Internet of Everything with 3G The Internet of Everything The Next Era of

Enabling the Internet of Everything with 3G The Internet of Everything The Next Era of Networking and Computing, Where Everything Is Intelligently Connected Family device layout. Think weve done in past. Add in printer, electric meter,

397 views • 22 slides
Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet

Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet

Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet Internet is international scope with users on every continent Asians make up 40% of Internet population Europeans about 20% North America

1.01k views • 56 slides
Internet Atlas: A Geographical Database of the Physical Internet Active Internet Measurement

Internet Atlas: A Geographical Database of the Physical Internet Active Internet Measurement

Internet Atlas: A Geographical Database of the Physical Internet Active Internet Measurement Systems Workshop (AIMS) February 6-8, 2013 Ram Durairajan Computer Sciences University of Wisconsin Motivation rkrish@cs.wisc.edu 2

505 views • 33 slides
History of the Internet Pat Morin COMP 2405 Outline Origins of the Internet Internet

History of the Internet Pat Morin COMP 2405 Outline Origins of the Internet Internet

History of the Internet Pat Morin COMP 2405 Outline Origins of the Internet Internet timeline from 1970s until today The Internet today 2 Origins of the Internet J.C.R. Licklider of MIT in August 1962 wrote about the

562 views • 13 slides
Internet routing is based on routing protocols that collect the input data No off-line route

Internet routing is based on routing protocols that collect the input data No off-line route

Introduction to Routing in Internet Internet basics IPv4 and ICMP Internet Addressing ARP - Address Resolution Protocol Routing Information (Distance Vector ) Protocol Principles 3-1 S-38.121 S-02 Rka, NB Internet routing is based on

214 views • 18 slides
1 Internet Email Internet Commercialization SMTP is Internet Email protocol Rapid and

1 Internet Email Internet Commercialization SMTP is Internet Email protocol Rapid and

Background of Chapter Software Infrastructure of the Commercializing Internet Not finished Mostly journalistic Recounting of basic events from secondary sources Focus on interplay between technology and business models Thomas

463 views • 3 slides
CS 457 Networking and the Internet Fall 2016 The Global Internet (Then) The tree structure of

CS 457 Networking and the Internet Fall 2016 The Global Internet (Then) The tree structure of

10/4/16 CS 457 Networking and the Internet Fall 2016 The Global Internet (Then) The tree structure of the Internet in 1990 The Global Internet (And Now) A simple multi-provider Internet 1 10/4/16 The Global Internet Some large

307 views • 12 slides
The Internet of Things Afloat by Digital Yacht What is the Internet of Things ? The

The Internet of Things Afloat by Digital Yacht What is the Internet of Things ? The

The Internet of Things Afloat by Digital Yacht What is the Internet of Things ? The Internet of Things (IoT ). A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send

575 views • 24 slides
The History of the Internet Presented by the St. Martins Episcopal Technology Department

The History of the Internet Presented by the St. Martins Episcopal Technology Department

The History of the Internet Presented by the St. Martins Episcopal Technology Department Agenda Internet History Internet Evolution Internet Pioneers Internet Growth The Future of the Internet Conclusion

540 views • 24 slides
Welcome to the Indian Prairie Librarys Internet Class I What Is the Internet? The Internet

Welcome to the Indian Prairie Librarys Internet Class I What Is the Internet? The Internet

Welcome to the Indian Prairie Librarys Internet Class I What Is the Internet? The Internet is the largest computer network in the world, connecting millions of computers. A network can also be a group of two or more computer systems linked

371 views • 13 slides
Networking 101.101.101.101 The Internet The Internet is governed by a series of protocols

Networking 101.101.101.101 The Internet The Internet is governed by a series of protocols

Networking 101.101.101.101 The Internet The Internet is governed by a series of protocols that form the rules for how communications should happen The Internet is a network of networks. There is no centralized point. There are no

763 views • 34 slides
Jan Mller Co-founder, CTO Chainalysis How Does Bitcoin Actually Work?

Jan Mller Co-founder, CTO Chainalysis How Does Bitcoin Actually Work?

Jan Mller Co-founder, CTO Chainalysis How Does Bitcoin Actually Work? This talk is not about the poli:cal or economical impact of Bitcoin. This talk is

862 views • 40 slides
Categorizing, Analyzing, &amp; Managing Third Party Trust Andy Sayler TPRC44 10/01/16 The

Categorizing, Analyzing, &amp; Managing Third Party Trust Andy Sayler TPRC44 10/01/16 The

Categorizing, Analyzing, &amp; Managing Third Party Trust Andy Sayler TPRC44 10/01/16 The Internet By Randall Munroe, xkcd.com Third Party Services Questions What capabilities are we entrusting to third parties? What capabilities are we

1.15k views • 95 slides
FinTech Workshop No. 1: Blockchain Brussels, Nov. 14 th - 2017 Prof. Dr. Rainer Lenz Technology

FinTech Workshop No. 1: Blockchain Brussels, Nov. 14 th - 2017 Prof. Dr. Rainer Lenz Technology

FinTech Workshop No. 1: Blockchain Brussels, Nov. 14 th - 2017 Prof. Dr. Rainer Lenz Technology &gt; Individual &gt; Society Technology Technology Individual Applications Communication Computer Search/Exchange of Change of

95 views • 8 slides
1 2 Overview What is the blockchain? How does it work? Why is there so much interest? Some

1 2 Overview What is the blockchain? How does it work? Why is there so much interest? Some

1 2 Overview What is the blockchain? How does it work? Why is there so much interest? Some example applications Implications of blockchain technology 3 The Blockchain A digital ledger that records the transfer of digital assets. But also

579 views • 36 slides
Tutorial Slides for Week 4 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng

Tutorial Slides for Week 4 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng

Tutorial Slides for Week 4 ENEL 353: Digital Circuits Fall 2013 Term Steve Norman, PhD, PEng Electrical &amp; Computer Engineering Schulich School of Engineering University of Calgary 1 October, 2013 slide 2/8 ENEL 353 F13 T02 Tutorial

117 views • 8 slides
Gossip Peer Sampling in Real World Amir H. Payberah (amir@sics.se) Amir H. Payberah 22 June

Gossip Peer Sampling in Real World Amir H. Payberah (amir@sics.se) Amir H. Payberah 22 June

Gossip Peer Sampling in Real World Amir H. Payberah (amir@sics.se) Amir H. Payberah 22 June 2010 1/55 Gossip Peer Sampling Amir H. Payberah 22 June 2010 2/55 Peer Sampling Service The peer sampling service provides each node with

597 views • 55 slides
ARM Assembler Data Movement Beginning Programs p. 1/10 Memory Access Load Register from

ARM Assembler Data Movement Beginning Programs p. 1/10 Memory Access Load Register from

Systems Architecture ARM Assembler Data Movement Beginning Programs p. 1/10 Memory Access Load Register from memory cc : MAR op2 LDR cc R d , op2 cc : MBR M(MAR) cc : R d MBR

506 views • 31 slides
APOC Pearls Michael Hunger Developer Relations Engineering, Neo4j Follow @mesirii APOC Unicorns

APOC Pearls Michael Hunger Developer Relations Engineering, Neo4j Follow @mesirii APOC Unicorns

APOC Pearls Michael Hunger Developer Relations Engineering, Neo4j Follow @mesirii APOC Unicorns Michael Hunger Developer Relations Engineering, Neo4j Follow @mesirii All Images by TeeTurtle.com &amp; Unstable Unicorns Power Up

1.04k views • 60 slides

More recommend