server siblings identifying shared ipv4 ipv6
play

Server Siblings: Identifying Shared IPv4/IPv6 Infrastructure via - PowerPoint PPT Presentation

Aug 08, 2023 •245 likes •583 views

Server Siblings: Identifying Shared IPv4/IPv6 Infrastructure via Active Fingerprinting Robert Beverly , Arthur Berger Naval Postgraduate School MIT/Akamai March 20, 2015 PAM 2015 - 16th Passive and Active Measurement Conference

  1. Server Siblings: Identifying Shared IPv4/IPv6 Infrastructure via Active Fingerprinting Robert Beverly ∗ , Arthur Berger † ∗ Naval Postgraduate School † MIT/Akamai March 20, 2015 PAM 2015 - 16th Passive and Active Measurement Conference R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 1 / 24

  2. What/Why Outline What/Why 1 Methodology 2 Results 3 R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 2 / 24

  3. What/Why IPv4/IPv6 Siblings IPv4/IPv6 “Siblings:” Given a candidate ( IPv 4 , IPv 6 ) address pair, determine if these addresses are assigned to the same physical machine. Related IPv6 Research: IPv6 adoption, routing, performance [DLHEA12], [CAZIOB14] Passive client IPv4/IPv6 sibling associations: e.g. web-bugs, javascript, flash [ZAAHM12] DNS server IPv4/IPv6 siblings [BWBC13] Our work: Targeted, active test: on-demand for any given pair Infrastructure: finding server siblings R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 3 / 24

  4. What/Why IPv4/IPv6 Siblings IPv4/IPv6 “Siblings:” Given a candidate ( IPv 4 , IPv 6 ) address pair, determine if these addresses are assigned to the same physical machine. Related IPv6 Research: IPv6 adoption, routing, performance [DLHEA12], [CAZIOB14] Passive client IPv4/IPv6 sibling associations: e.g. web-bugs, javascript, flash [ZAAHM12] DNS server IPv4/IPv6 siblings [BWBC13] Our work: Targeted, active test: on-demand for any given pair Infrastructure: finding server siblings R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 3 / 24

  5. What/Why Motivation Question? Is IPv6 infrastructure being deployed with separate hardware or by adding IPv6 to existing machines? Why? Adoption: Track IPv6 infrastructure evolution, how deployed Bootstrapping: IPv6 geolocation, reputation by correlating to IPv4 counterpart Security: Better understand correlated failures Lack of IPv6 security, tunnel to circumvent firewalls (e.g. an attack on IPv6 resource affecting IPv4 service) Performance: Isolate path vs. host performance when comparing IPv4 and IPv6 R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 4 / 24

  6. What/Why Motivation Question? Is IPv6 infrastructure being deployed with separate hardware or by adding IPv6 to existing machines? Why? Adoption: Track IPv6 infrastructure evolution, how deployed Bootstrapping: IPv6 geolocation, reputation by correlating to IPv4 counterpart Security: Better understand correlated failures Lack of IPv6 security, tunnel to circumvent firewalls (e.g. an attack on IPv6 resource affecting IPv4 service) Performance: Isolate path vs. host performance when comparing IPv4 and IPv6 R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 4 / 24

  7. What/Why Motivation Question? Is IPv6 infrastructure being deployed with separate hardware or by adding IPv6 to existing machines? Why? Adoption: Track IPv6 infrastructure evolution, how deployed Bootstrapping: IPv6 geolocation, reputation by correlating to IPv4 counterpart Security: Better understand correlated failures Lack of IPv6 security, tunnel to circumvent firewalls (e.g. an attack on IPv6 resource affecting IPv4 service) Performance: Isolate path vs. host performance when comparing IPv4 and IPv6 R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 4 / 24

  8. What/Why Motivation Question? Is IPv6 infrastructure being deployed with separate hardware or by adding IPv6 to existing machines? Why? Adoption: Track IPv6 infrastructure evolution, how deployed Bootstrapping: IPv6 geolocation, reputation by correlating to IPv4 counterpart Security: Better understand correlated failures Lack of IPv6 security, tunnel to circumvent firewalls (e.g. an attack on IPv6 resource affecting IPv4 service) Performance: Isolate path vs. host performance when comparing IPv4 and IPv6 R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 4 / 24

  9. What/Why Motivation Question? Is IPv6 infrastructure being deployed with separate hardware or by adding IPv6 to existing machines? Why? Adoption: Track IPv6 infrastructure evolution, how deployed Bootstrapping: IPv6 geolocation, reputation by correlating to IPv4 counterpart Security: Better understand correlated failures Lack of IPv6 security, tunnel to circumvent firewalls (e.g. an attack on IPv6 resource affecting IPv4 service) Performance: Isolate path vs. host performance when comparing IPv4 and IPv6 R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 4 / 24

  10. What/Why Contributions IPv4/IPv6 Server Sibling Inference, Contributions Develop an active IPv4/IPv6 sibling inference measurement 1 technique by extending prior fingerprinting work Validate and evaluate technique on ground-truth 2 Use technique to survey top Alexa IPv6 capable web servers 3 R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 5 / 24

  11. Methodology Outline What/Why 1 Methodology 2 Results 3 R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 6 / 24

  12. Methodology Sibling Identification Targeted, Active Sibling Identification Intuition: IPv4 and IPv6 share a common transport-layer (TCP) Combine, extend, and reappraise prior TCP fingerprinting work: Coarse-grained: TCP options signature [Nmap] Fine-grained: TCP timestamp clockskew [Kohno 2005] R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 7 / 24

  13. Methodology Course-Grained Sibling Identification Course-Grained Sibling Identification Presence of TCP options is common-case Order and packing of options is implementation dependent, e.g.: Win: <mss, nop, wscale 5, nop, nop, TS, sackOK> FreeBSD: <mss, nop, wscale 3, sackOK, TS> Linux: <mss, sackOK, TS, nop, wscale 4> We: Strip timestamp value Strip MSS value (unreliable, not just IPv4 MSS-20) Preserve order, compare between IPv4 and IPv6 R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 8 / 24

  14. Methodology Fine-Grained Sibling Identification Fine-Grained Sibling Identification TCP timestamp option: “TCP Extensions for High Performance” [RFC1323, May 1992]. Universally supported, enabled by default. Option value: 4 bytes containing current clock TS clock: Value not specified in RFC (only used to detect duplicate segments) � = system clock Frequently unaffected by system clock adjustments (e.g. NTP) Connect to remote TCP periodically over time, fetch TS Fingerprint is TS clock skew or drift R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 9 / 24

  15. Methodology Examples TCP Timestamp Clock Skew Skew-based Fingerprinting Idea: Use linear program to find 40 slope of points 30 Here, different skews (one 20 observed offset (msec) 10 negative) 0 -10 y = 0 . 0299 x skew ( ≈ -20 1.8ms/min, ≈ 15 min/year) -30 -40 Then: Host A (IPv6) -50 Host B (IPv4) α =0.029938 β =-3.519 -60 Compare IPv4 and IPv6 α =-0.058276 β =-1.139 -70 slopes 0 200 400 600 800 1000 measurement time(sec) Siblings if angle less than threshold R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 10 / 24

  16. Methodology Examples Example: Ground Truth Visualization 40 10 30 0 20 -10 observed offset (msec) 10 observed offset (msec) 0 -20 -10 -30 -20 -40 -30 -40 -50 Host A (IPv6) Host A (IPv6) -50 Host B (IPv4) Host A (IPv4) -60 α =0.029938 β =-3.519 α =-0.058253 β =-1.178 -60 α =-0.058276 β =-1.139 α =-0.058276 β =-1.139 -70 -70 0 200 400 600 800 1000 0 200 400 600 800 1000 measurement time(sec) measurement time(sec) Non-Siblings Siblings Host A IPv4 vs. Host A IPv6: identical slopes ( θ = 0 . 0098) Host A IPv6 vs. Host B IPv4: different slopes ( θ = 31 . 947) Of course, more complicated in practice! R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 11 / 24

  17. Methodology Examples Probing Outcomes No options returned: Infrequent, limits to coarse Timestamps: Not present: e.g., middlebox, limits to coarse Non-monotonic: (between connections) e.g., load-balancer Random: e.g., BSD’s random per-flow offset Monotonic: fine-grained fingerprinting For example, raw TCP timestamps: 2e+15 4.5e+09 209.85.225.160 apache.org V4 2001:4860:b007::a0 apache.org V6 0 4e+09 -2e+15 3.5e+09 -4e+15 3e+09 observed offset (msec) -6e+15 TCP Timestamp 2.5e+09 -8e+15 -1e+16 2e+09 -1.2e+16 1.5e+09 -1.4e+16 1e+09 -1.6e+16 5e+08 -1.8e+16 -2e+16 0 0 10000 20000 30000 40000 50000 60000 70000 0 50 100 150 200 measurement time(sec) TCP Packet Sample Random across connects Non-monotonic across connects R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 12 / 24

  18. Methodology Examples Methodology Server Sibling Inference Propose and evaluate two algorithms: Options signature and basic timestamp skew (Alg 1) 1 Additional, parameterized logic (Alg 2) 2 (See paper for gory algorithm details) Test against ground truth Periodically probe Alexa IPv4 and IPv6 targets once every ∼ 3.5 hours for ∼ 17 days R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 13 / 24

  19. Results Outline What/Why 1 Methodology 2 Results 3 R. Beverly & A. Berger (NPS) IPv4/IPv6 Server Siblings PAM 2015 14 / 24

Recommend

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool IPv4 with NAT/Tunnels But we can use IPv4 and NAT or Tunnels!!! Yeah, right IPv6 IPv6 Readiness Laptops, pads, mobile phones, dongles,

477 views • 19 slides
Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 &amp; IPv6 IPv6-only

675 views • 25 slides
IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address IPv4 allowed for 4.3 billion possible addresses, IPv6 allows for 340 undecillion addresses 3.40E38, 7.9E28 more than IPv4 addresses, ~ 4.8x10

1.07k views • 28 slides
Inferring Internet Server IPv4 and IPv6 Address Relationships Robert Beverly, Arthur Berger ,

Inferring Internet Server IPv4 and IPv6 Address Relationships Robert Beverly, Arthur Berger ,

Inferring Internet Server IPv4 and IPv6 Address Relationships Robert Beverly, Arthur Berger , Nicholas Weaver , Larry Campbell Naval Postgraduate School Akamai ICSI/UCSD rbeverly@nps.edu, awberger@mit.edu February 7, 2013

323 views • 19 slides
SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36, London, January 2017 Incremental IPv6 deployment in DC IPv4-only IPv4-only + IPv6 via NAT/proxy/etc Dual-stacked public frontend, IPv4 BE Full

550 views • 15 slides
Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic ac7vity Geoff Huston APNIC February 2012 The IPv4 Table: 2004 - now The IPv6

770 views • 47 slides
Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA &lt;keiichi@iijlab.net&gt; IIJ Research Laboratory / WIDE project Contents IPv6 service in Japan How I live Example of IPv6 configuration Some news of IPv6

653 views • 16 slides
IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4 exhaustion (link to RIRs and highlight relevant trends for your region) Regional Internet Authorities are in various phases of IPv4 exhaustion

486 views • 13 slides
Large-scale introduction of IPv6 system - 280 sites all over Japan VoIP carrier IPv4 - IPv6 Node

Large-scale introduction of IPv6 system - 280 sites all over Japan VoIP carrier IPv4 - IPv6 Node

Large-scale introduction of IPv6 system - 280 sites all over Japan VoIP carrier IPv4 - IPv6 Node as many as 20,000 IPv6/IPv4 The IP Centrex service, &quot;IP Business Phone&quot;, Translator developed by FreeBit, has got a major contract with

752 views • 5 slides
Dual-stack IPv4+IPv6 monitoring with Nagios Teemu Kiviniemi, CSC/Funet 6th June 2012 6th TF-NOC

Dual-stack IPv4+IPv6 monitoring with Nagios Teemu Kiviniemi, CSC/Funet 6th June 2012 6th TF-NOC

Dual-stack IPv4+IPv6 monitoring with Nagios Teemu Kiviniemi, CSC/Funet 6th June 2012 6th TF-NOC meeting Dublin, Ireland Introduction World IPv6 Launch is today! When enabling IPv6 support in services, it is crucial to monitor with both IPv4

1.09k views • 27 slides
1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion

1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion

1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion practice) 3. IPv6 advantages over IPv4 4. IPv4 address structure 5. IPv6 address structure IPv4 Address 32 bit address (computer stores information

655 views • 53 slides
IPv6 Only Hosting Pete Stevens Mythic Beasts Ltd mythic beasts What's wrong with IPv4?

IPv6 Only Hosting Pete Stevens Mythic Beasts Ltd mythic beasts What's wrong with IPv4?

IPv6 Only Hosting Pete Stevens Mythic Beasts Ltd mythic beasts What's wrong with IPv4? 2005: One IP per server. 2010: One IP per VM. Single server now requires ~ 50 IPs. 2015: Ideally one IP per container. Single VM now requires

593 views • 24 slides
IPv4 address exhaustion and IPv6 Glen Turner 2008-12-09 AARNet staff meeting aar net

IPv4 address exhaustion and IPv6 Glen Turner 2008-12-09 AARNet staff meeting aar net

IPv4 address exhaustion and IPv6 Glen Turner 2008-12-09 AARNet staff meeting aar net Australia's Academic and Research Network IPv6 policy Going forward, we seek to support IPv6 to the same extent as we support IPv4. Exceptions require

631 views • 52 slides
Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4 addresses have 32 bits only not enough for 1 IP address per person dynamic IPs, NAT, Manual configuration time consuming (in larger

655 views • 16 slides
IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There are 4,294,967,296 IPv4 addresses (32 bits long) but not all of them can be used Looks like a lot, right? But... World popula)on currently stands

501 views • 27 slides
Transicin a IPv6 rea de Ingeniera Telemtica Dpto. Automtica y Computacin

Transicin a IPv6 rea de Ingeniera Telemtica Dpto. Automtica y Computacin

Transicin a IPv6 rea de Ingeniera Telemtica Dpto. Automtica y Computacin http://www.tlm.unavarra.es/ Soluciones Doble pila Dispositivos con IPv4 e IPv6 Tneles Comunicar IPv6 a travs de zonas IPv4 Traduccin

631 views • 24 slides
From IPv4 to IPv6 From IPv4 to IPv6 T.R. Dua, Deputy Director General, COAI July 21, 2009

From IPv4 to IPv6 From IPv4 to IPv6 T.R. Dua, Deputy Director General, COAI July 21, 2009

From IPv4 to IPv6 From IPv4 to IPv6 T.R. Dua, Deputy Director General, COAI July 21, 2009 @ New Delhi

312 views • 27 slides
1 Problems with IPv4: Header Limitations Problems with IPv4: Header Limitations Problems with

1 Problems with IPv4: Header Limitations Problems with IPv4: Header Limitations Problems with

Outline Outline IPv6: An Introduction IPv6: An Introduction Problems with IPv4 Problems with IPv4 Basic IPv6 Protocol Basic IPv6 Protocol IPv6 features IPv6 features Dheeraj Sanghi Dheeraj Sanghi Auto

512 views • 7 slides
Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition from IPv4 to IPv6 Typical Tunnel Broker Tunnel Broker Utilizing IPv4 Anycast From IPv4 to IPv6 IPv6 = Internet Protocol Version 6

722 views • 14 slides
Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security

Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security

A Comparative Security Evaluation for IPv4 and IPv6 Addresses Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security Scanning the Internet for profit, ethically. 2 Why do we need to know this? IPv6

279 views • 16 slides
Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible with IPv4. Alain Durand The Internet must support continued, un-interrupted growth regardless of IPv4 address availability DISCLAIMER:

614 views • 17 slides
Introduction to IPv6 - I Basics of IPv6 Alvaro Vives | 26 June 2017 | Workshop on Open Source

Introduction to IPv6 - I Basics of IPv6 Alvaro Vives | 26 June 2017 | Workshop on Open Source

Introduction to IPv6 - I Basics of IPv6 Alvaro Vives | 26 June 2017 | Workshop on Open Source Solutions for the IoT Contents Digital Data Transmission Packet-Switched Networks Layered Model IPv4 and IPv6 basics - IPv4 Header -

1.38k views • 32 slides
Some Sample LFBs: Netdevice, IPV4, and IPV6 Jamal Hadi Salim &lt;hadi@znyx.com&gt; Sample LFB

Some Sample LFBs: Netdevice, IPV4, and IPV6 Jamal Hadi Salim &lt;hadi@znyx.com&gt; Sample LFB

Some Sample LFBs: Netdevice, IPV4, and IPV6 Jamal Hadi Salim &lt;hadi@znyx.com&gt; Sample LFB topology Local: ICMP, IPV4 FWD UDP TCP etc ARP MPLS IPV6 IPV4 Ingress Egress Netdevice Netdevice Goal to show A simple example topology -

438 views • 18 slides
dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R.

dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R.

dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R. Asati, C. Xie, Q. Sun 2011-11-12 Introduction The dIVI-PD is an extension of stateless IPv4/IPv6 translation with address sharing RFC6052:

890 views • 15 slides

More recommend