challenges in inferring spoofed traffic at ixps
play

Challenges in Inferring Spoofed Traffic at IXPs Matthew Luckie - PowerPoint PPT Presentation

Mar 10, 2024 •226 likes •1.05k views

Challenges in Inferring Spoofed Traffic at IXPs Matthew Luckie Bradley Huffaker Lucas Mller University of Waikato CAIDA/UC San Diego UFRGS/CAIDA Kc Claffy Marinho Barcellos CAIDA/UC San Diego UFRGS/University of Waikato ACM CoNEXT

  1. Challenges in Inferring Spoofed Traffic at IXPs Matthew Luckie Bradley Huffaker Lucas Müller 
 University of Waikato CAIDA/UC San Diego UFRGS/CAIDA Kc Claffy Marinho Barcellos CAIDA/UC San Diego UFRGS/University of Waikato ACM CoNEXT 2019 — Orlando, Florida, U.S.A. December 9-12, 2019

  2. Broader visibility of networks that 
 do not filter spoofed packets 2

  3. Consequences: 
 spoofed denial-of-service (DoS) attacks 3

  4. Consequences: 
 spoofed denial-of-service (DoS) attacks 3

  5. Consequences: 
 spoofed denial-of-service (DoS) attacks 3

  6. Consequences: 
 spoofed denial-of-service (DoS) attacks 3

  7. IP Spoofing Architectural limitation that provides an attacker with the ability to send packets using spoofed source IP addresses IPv4 header 4

  8. IP Spoofing Architectural limitation that provides an attacker with the ability to send packets using spoofed source IP addresses IPv4 header IETF introduced Best Current Practices (BCPs) recommending that networks block these packets — i.e., implement 
 Source Address Validation (SAV) 4

  9. IP Spoofing Architectural limitation that provides an attacker with the ability to send packets using spoofed source IP addresses IPv4 header IETF introduced Best Current Practices • Compliance with these filtering practices (BCPs) recommending that networks has misaligned incentives block these packets — i.e., implement 
 • Deploying SAV is primarily for the benefit Source Address Validation (SAV) of other networks 4

  10. Remediation and Policy Interventions 5

  11. Remediation and Policy Interventions We need to identify networks lacking SAV deployment, but doing this is challenging at Internet scale 5

  12. Remediation and Policy Interventions We need to identify networks lacking SAV deployment, but doing this is challenging at Internet scale • Definitive method requires an active probing vantage point in each network being tested 5

  13. Remediation and Policy Interventions We need to identify networks lacking SAV deployment, but doing this is challenging at Internet scale • Definitive method requires an active probing vantage point in each network being tested • ~65K independently routed networks CAIDA's 2017 visualization of IPv4 Internet topology at the Autonomous System (AS) level 5

  14. Remediation and Policy Interventions We need to identify networks lacking SAV deployment, but doing this is challenging at Internet scale • Definitive method requires an active probing vantage point in each network being tested • ~65K independently routed networks • Limited feasibility for a comprehensive assessment of Internet spoofing CAIDA's 2017 visualization of IPv4 Internet topology at the Autonomous System (AS) level 5

  15. Remediation and Policy Interventions We need to identify networks lacking SAV deployment, but doing this is challenging at Internet scale • Definitive method requires an active probing vantage point in each network being tested • ~65K independently routed networks • Limited feasibility for a comprehensive assessment of Internet spoofing 700+ Internet Exchange Points (IXP) [PeeringDB, 2019] Broader visibility may lie in the capability to infer lack of SAV compliance from aggregated Internet traffic data 6

  16. our goal design and develop a methodology 
 to identify spoofed traffic crossing an IXP and infer lack of SAV 7

  17. 8

  18. Contributions 9

  19. Contributions 1. Challenges Provide detailed analysis of methodological challenges for inferring spoofed packets at IXPs 9

  20. Contributions 1. Challenges 2. Methodology Provide detailed analysis of Developed a methodology methodological challenges to classify flows, navigating for inferring spoofed through all challenges packets at IXPs identified 9

  21. Contributions 3. Observations 
 1. Challenges 2. Methodology and Lessons Provide detailed analysis of Developed a methodology Used our methodology and methodological challenges to classify flows, navigating compare it with the 
 for inferring spoofed through all challenges state-of-the-art[1] at 
 packets at IXPs identified an IXP in Brazil, 
 reporting our findings [1] Lichtblau et al. Detection, Classification, and Analysis of Inter-domain Traffic with Spoofed Source IP Addresses. In: ACM IMC, 2017. 9

  22. Bird’s Eye View 10

  23. Bird’s Eye View IXP traffic flow data and topology information 10

  24. Bird’s Eye View IXP traffic flow data and valid IP address space topology information per Autonomous System (AS) 10

  25. Bird’s Eye View IXP traffic flow data and valid IP address space topology information per Autonomous System (AS) Classification Pipeline Methodology list of networks with and without SAV, with evidence to support 10

  26. Challenges: Pieces of the Puzzle 11

  27. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space 11

  28. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space - there is no global registry that contains ground truth 11

  29. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space - there is no global registry that contains ground truth - need to infer the set of valid source addresses 
 11

  30. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space - there is no global registry that contains ground truth - need to infer the set of valid source addresses 
 2. Tackle IXP Topology and Traffic Visibility Properties 11

  31. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space - there is no global registry that contains ground truth - need to infer the set of valid source addresses 
 2. Tackle IXP Topology and Traffic Visibility Properties - understand modern IXP interconnection practices 11

  32. Challenges: Pieces of the Puzzle 1. Identify Valid Source Address Space - there is no global registry that contains ground truth - need to infer the set of valid source addresses 
 2. Tackle IXP Topology and Traffic Visibility Properties - understand modern IXP interconnection practices - implications on visibility of both topology and traffic 11

  33. 1. Identify Valid Source Address Space IP Address 
 Space 12

  34. 1. Identify Valid Source Address Space IP Address 
 Space IETF Reserved 
 Usable Bogons 12

  35. 1. Identify Valid Source Address Space IP Address 
 Space IETF Reserved 
 Usable Bogons Routed Unassigned 12

  36. 1. Identify Valid Source Address Space IP Address 
 Space IETF Reserved 
 Usable Bogons Routed Unassigned Inferred based on BGP data and 
 the links established by each AS 12

  37. 1. Identify Valid Source Address Space IP Address 
 Space IETF Reserved 
 Usable Bogons Routed Unassigned Inferred based on BGP data and 
 Customer Cones the links established by each AS Define the set of ASes a given AS can reach through its customers 12

  38. 2. Tackle IXP Topology and Traffic Visibility Properties Focus on understanding operational complexities of the vantage point AS64505 Prefix-level Customer Cone 168.228.252.0/22 200.17.80.0/20 200.132.59.0/24 200.236.32.0/19 200.19.0.0/21 200.238.0.0/18 IXP … 13.32.136.2/23 52.216.180/24 75.2.82.0/24 161.38.206.0/23 216.137.62.0/24 … Amazon’s AS Prefix-level Customer Cone 13

  39. 2. Tackle IXP Topology and Traffic Visibility Properties Focus on understanding operational complexities of the vantage point AS64505 Prefix-level Customer Cone 168.228.252.0/22 200.17.80.0/20 200.132.59.0/24 200.236.32.0/19 200.19.0.0/21 200.238.0.0/18 IXP … 13.32.136.2/23 52.216.180/24 75.2.82.0/24 161.38.206.0/23 216.137.62.0/24 … Amazon’s AS Prefix-level Customer Cone 13

  40. 2. Tackle IXP Topology and Traffic Visibility Properties IXP switching fabric #X Legend: Core Switch Switch 14

  41. 2. Tackle IXP Topology and Traffic Visibility Properties IXP switching fabric #X Legend: CF #1 Core Switch CF #2 Switch Physical connection CF: Colocation Facility CF #3 CF #4 15

  42. 2. Tackle IXP Topology and Traffic Visibility Properties IXP switching fabric #X Legend: CF #1 Core Switch CF #2 Switch AS A AS B Physical connection AS C AS D Physical connection and VLAN configured to neighbor CF: Colocation Facility Autonomous AS Z System CF #3 CF #4 16

  43. 2. Tackle IXP Topology and Traffic Visibility Properties IXP switching fabric #X Legend: CF #1 Core Switch CF #2 Switch AS A AS B Physical connection AS C AS D Physical connection and VLAN configured AS E to neighbor AS F Res J CF: Colocation Facility AS G AS H Autonomous AS Z Res Z Reseller System CF #3 CF #4 Reseller-Tag: Stacked VLAN (IEEE 802.1q, QinQ) IXP-Tag: 17

  44. 2. Tackle IXP Topology and Traffic Visibility Properties IXP switching fabric #X Legend: CF #1 Core Switch CF #2 Switch AS A AS B Physical connection AS C AS D Physical connection and VLAN configured AS E to neighbor AS F Res J CF: Colocation Facility AS G AS H Autonomous AS Z Res Z Reseller System CF #3 CF #4 Reseller-Tag: Stacked VLAN (IEEE 802.1q, QinQ) IXP-Tag: IXP switching fabric #Y CF #5 Core Switch CF #6 AS E 18

Recommend

Challenges in Inferring Spoofed Traffic at IXPs Lucas Mller, Matthew Luckie, Bradley

Challenges in Inferring Spoofed Traffic at IXPs Lucas Mller, Matthew Luckie, Bradley

Challenges in Inferring Spoofed Traffic at IXPs Lucas Mller, Matthew Luckie, Bradley Huffaker, Kc Claffy, Marinho Barcellos {lfmuller, marinho}@inf.ufrgs.br Federal University of Rio Grande do Sul (INF/UFRGS) Center for Applied

404 views • 28 slides
Detection, Classification, and Analysis of Inter-Domain Traffic with Spoofed Source IP Addresses

Detection, Classification, and Analysis of Inter-Domain Traffic with Spoofed Source IP Addresses

1.13k views • 64 slides
Route Servers, Mergers, Features, and More. Integration of IXPs.

Route Servers, Mergers, Features, and More. Integration of IXPs.

Route Servers, Mergers, Features, and More. Integration of IXPs. Route Server challenges Chris Malayter cmalayter@equinix.com What drives a RS integra6on? Two IXs merging into

433 views • 17 slides
Is Anybody Home? Inferring Activity from Smart Home Network Traffic Bogdan Copos Matt Bishop

Is Anybody Home? Inferring Activity from Smart Home Network Traffic Bogdan Copos Matt Bishop

Is Anybody Home? Inferring Activity from Smart Home Network Traffic Bogdan Copos Matt Bishop Karl Levitt Jeff Rowe University of California, Davis 1 / 21 2 / 21 3 / 21 4 / 21 Security Many things can go wrong... malicious firmware

803 views • 36 slides
Past, Present, and Future of Spoofed-source IP Packets Paul Vixie Chairman and Founder Internet

Past, Present, and Future of Spoofed-source IP Packets Paul Vixie Chairman and Founder Internet

Past, Present, and Future of Spoofed-source IP Packets Paul Vixie Chairman and Founder Internet Systems Consortium Overview IP Spoofing: the root of most evil DNS RRL: radical DDoS opt-out Spoofed Source Attacks: Essence attacker

335 views • 14 slides
Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs

Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs

Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs 78 affjliated members 54 IXPs in the Euro-IX region, 49 countries, operating over 100 peering LANs 24 IXPs from the rest of the world

326 views • 21 slides
The potential and challenges of inferring thermal comfort at home using commodity sensors

The potential and challenges of inferring thermal comfort at home using commodity sensors

The potential and challenges of inferring thermal comfort at home using commodity sensors Chuan-Che (Jeff) Huang Rayoung Yang Mark W. Newman Understand the connection between psychological and physiological factors You seem to feel cool,

770 views • 57 slides
IXPS and Peering in the Caribbean Growing the Caribbean Digital Economy Global Context By 2020,

IXPS and Peering in the Caribbean Growing the Caribbean Digital Economy Global Context By 2020,

Presenter: Bevil M. Wooding Caribbean Outreach Manager, Packet Clearing House IXPS and Peering in the Caribbean Growing the Caribbean Digital Economy Global Context By 2020, smartphones will generate 30% of total IP traffic Global broadband

365 views • 18 slides
National legal frameworks for establishment of IXPs Sofie Maddens The Internet Society 11

National legal frameworks for establishment of IXPs Sofie Maddens The Internet Society 11

National legal frameworks for establishment of IXPs Sofie Maddens The Internet Society 11 November 2014 What is an IXP An Internet Exchange Point (IXP) is a physical location where different IP networks meet to exchange traffic (switch,

715 views • 18 slides
CHALLENGES IN INFERRING INTERNET CONGESTION USING THROUGHPUT TESTS Amogh Dhamdhere

CHALLENGES IN INFERRING INTERNET CONGESTION USING THROUGHPUT TESTS Amogh Dhamdhere

CHALLENGES IN INFERRING INTERNET CONGESTION USING THROUGHPUT TESTS Amogh Dhamdhere amogh@caida.org with Srikanth Sundaresan (Princeton) Danny Lee (Georgia Tech) Xiaohong Deng, Yun Feng (UNSW) 1 w w w . cai da. or In the Press

570 views • 54 slides
GeoEcho: Inferring User Interests from Geotag Reports in Network Traffic Ning Xia (Northwestern

GeoEcho: Inferring User Interests from Geotag Reports in Network Traffic Ning Xia (Northwestern

GeoEcho: Inferring User Interests from Geotag Reports in Network Traffic Ning Xia (Northwestern University) Stanislav Miskovic (Narus Inc.) Mario Baldi (Narus Inc.) Aleksandar Kuzmanovic (Northwestern University) Antonio Nucci (Narus Inc.)

418 views • 19 slides
High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges & Approaches Security: Challenges & Approaches C-DAC Asia-Pacific Advanced Network 32 nd Meeting, India Habitat Centre, New Delhi APAN 32nd Meeting,

647 views • 28 slides
Foxfield Traffic Committee IDENTIFY TRAFFIC CHALLENGES AND FORMULATE SOLUTIONS BASED ON EXTENSIVE

Foxfield Traffic Committee IDENTIFY TRAFFIC CHALLENGES AND FORMULATE SOLUTIONS BASED ON EXTENSIVE

Foxfield Traffic Committee IDENTIFY TRAFFIC CHALLENGES AND FORMULATE SOLUTIONS BASED ON EXTENSIVE RESEARCH AND FEEDBACK FROM RESIDENTS PRESENT RECOMMENDATION TO FOXFIELD BOARD OF TRUSTEES COMMUNITY PRESENTATION ON AUGUST 23, 2018 1 Foxfield

533 views • 28 slides
On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies

On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies

On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies Internet Routing Policies Feng Wang Lixin Gao Department of Electrical and Computer Engineering University of Massachusetts, Amherst MA 01002, USA 1

450 views • 18 slides
What are the threats at IXPs and how to protect your Internet architecture? Raphael Maunier

What are the threats at IXPs and how to protect your Internet architecture? Raphael Maunier

What are the threats at IXPs and how to protect your Internet architecture? Raphael Maunier raphael@acorus.net @rmaunier What are the threats at IXPs and how to protect your Internet architecture? Why using IXPs to protect your Internet

552 views • 21 slides
SAFETY ISSUE #8 Santa Cruz Traffic & Bike Lanes Reconfiguration Solution Challenges no

SAFETY ISSUE #8 Santa Cruz Traffic & Bike Lanes Reconfiguration Solution Challenges no

SAFETY ISSUE #8 Santa Cruz Traffic & Bike Lanes Reconfiguration Solution Challenges no bike lanes no guidance for vehicles & cyclists at Y no mans land at Y Limited width of SCA (64) High Traffic Volume - especially at Peak

571 views • 9 slides
The need for IXPs Shamika Sirimanne Director Information and Communications Technology and

The need for IXPs Shamika Sirimanne Director Information and Communications Technology and

Connecting economies and empowering people The Asia Pacific information superhighway and regional cooperation for better ICT connectivity: The need for IXPs Shamika Sirimanne Director Information and Communications Technology and Disaster

682 views • 10 slides
Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin

Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin

Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin Nawrocki, Jeremias Blendin, Christoph Dietzel, Thomas C. Schmidt, Matthias Whlisch Christmas is near!

1.15k views • 80 slides
QoS Challenges for Real Time Traffic [tj] tj@enoti.me NEAT is funded by the European

QoS Challenges for Real Time Traffic [tj] tj@enoti.me NEAT is funded by the European

QoS Challenges for Real Time Traffic [tj] tj@enoti.me NEAT is funded by the European Unions Horizon 2020 research and innovation programme under grant agreement no. 644334. 2 Packets Me You 3 Middleboxes Middlebox Me You

364 views • 25 slides
Regional Strategy for Developing Interconnection Infrastructure IXPs, Regional Terrestrial

Regional Strategy for Developing Interconnection Infrastructure IXPs, Regional Terrestrial

Regional Strategy for Developing Interconnection Infrastructure IXPs, Regional Terrestrial Carriers and Carrier Neutral data center opportunities Different Folks have different Interconnection Strategies! National incumbent Telco or

321 views • 16 slides
Criminal Law Facing Challenges of AI: Who is Liable for a Traffic Accident Caused by Autonomous

Criminal Law Facing Challenges of AI: Who is Liable for a Traffic Accident Caused by Autonomous

Criminal Law Facing Challenges of AI: Who is Liable for a Traffic Accident Caused by Autonomous Vehicle? Igor Vuleti, PhD Associate Professor Chair of Criminal Law, Faculty of Law Osijek Josip Juraj Strossmayer University, Croatia Where AI

918 views • 20 slides
SDN IXP Marc Bruyere The University of Tokyo Agenda SDN momentum for IXPs - Umbrella

SDN IXP Marc Bruyere The University of Tokyo Agenda SDN momentum for IXPs - Umbrella

SDN IXP Marc Bruyere The University of Tokyo Agenda SDN momentum for IXPs - Umbrella Toulouse IXP - TouIX to TouSIX Tokyo IXP - DIX-IE to PIX-IE Osaka - NSPIXP-3 to FAUCET Umbrella Issues with today IXP switching fabric IXP

247 views • 24 slides
On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate

On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate

On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate Professor at UPC BarcelonaTech (pbarlet@ac.upc.edu) Joint work with: Valentn Carela-Espaol, Tomasz Bujlow and Josep Sol-Pareta This project

544 views • 26 slides
The Safety Research Challenges for the Air Traffic Management of Of Unmanned Aerial Systems (UAS)

The Safety Research Challenges for the Air Traffic Management of Of Unmanned Aerial Systems (UAS)

The Safety Research Challenges for the Air Traffic Management of Of Unmanned Aerial Systems (UAS) Prof. Chris Johnson, Department of Computing Science, University of Glasgow, Scotland. http://www.dcs.gla.ac.uk/~johnson Summary of ATM-UAV

459 views • 41 slides

More recommend