testing the reachability of new address space
play

Testing the reachability of (new) address space Steve Uhlig Delft - PowerPoint PPT Presentation

Dec 08, 2022 •183 likes •383 views

Testing the reachability of (new) address space Steve Uhlig Delft University of Technology Randy Bush Olaf Maennel University of Adelaide Internet Initiative Japan (IIJ) James Hiebert Matthew Roughan National Oceanic and Atmospheric

  1. Testing the reachability of (new) address space Steve Uhlig Delft University of Technology Randy Bush Olaf Maennel University of Adelaide Internet Initiative Japan (IIJ) James Hiebert Matthew Roughan National Oceanic and Atmospheric Administration University of Adelaide

  2. Outline • Problem statement • Checking reachability • Experiments • Conclusion

  3. Bogon Filters • ISPs often filter unallocated address space to protect themselves from malicious attacks and unwanted traffic • Over time unallocated address space may become allocated and legitimately announced address space... • Problem: Filters need to be updated but seem often not to be

  4. Objective • Develop methodology that is capable of detecting and locating bogon filters, filters that are blocking newly allocated address space • Advertise test and anchor prefixes from 4 probe- sites: Seattle (USA), Munich (DE), Wellington (NZ), Tokyo (JPN) • Analyze reachability status of a newly allocated prefix

  5. Terminology • Test-prefix: newly allocated prefix to be tested • Anchor-prefix: well-established prefix whose reachability should be fine • Probe-site: router that announces both the test- prefix and the anchor-prefix Test-prefix Probe- Internet site Anchor-prefix

  6. Filters and Reachability x “The Internet”

  7. Improving AS Coverage x “The Internet”

  8. Improving AS Coverage x “The Internet”

  9. Out-probes: Principles • Out-probe : probes performed from test-IP and anchor-IP towards external IP addresses • If probes comes back => reachability from target- IP • If probes do not come back => run traceroutes to find out location of bogon-filter(s) Bogon filter Target AS x ? Test-site IP y IP x

  10. Out-probes: Evaluation • Advantages: • Positive reachability exists for target IP • Probing of large fraction of AS topology • Disadvantages: • Building target IP addresses to be probed not trivial • Probe return path is most interesting but unkown

  11. Out-Probes: measurements • Send probe from test-sites (test-IP and anchor-IP) towards a large set of pingable-IP addresses (46,569) in 18,574 different ASs • If probe comes back => reachability exists • ~85% of all probes • If probe does not come back => use heuristic to find out likelihood that AS contains bogon filter • ~10% of all probes • ~5% not pingable anymore, e.g., dial-up

  12. Out-Probes: Initial validation • We derived 443 candidate ASs that are likely to filter • Manual search for 15 traceroute servers within those 443 candidate ASs: – 7 filter – 5 do not filter themselves, but have no usable [up-stream] connectivity => 12 out of 15 (80%) correctly identified – 3 failed, but validation was taken at different time so ASs might have changed filter in the meantime

  13. Limitation x “The Internet”

  14. In-probes: Principles • In-probe : traceroute performed from external IP addresses towards the test and anchor prefixes • In-probes give reachability information towards the test and anchor prefixes • If traceroute from test-prefix address diverges at some point, we conjecture that some bogon filter is responsible traceroute site anchor & test x ? prefix x x ? ?

  15. In-probes: Evaluation • Advantages: • Filter-independent reachability • Details about IP-level path • Disadvantages: • traceroute site MUST be “behind” filter • Not many traceroute sites available

  16. In-Probes: results • Raw results: • 66.9% good (anchor and test take exactly same path) • 20.6% diverging paths (anchor and test take different paths) • 8.6% test stops, but anchor ok • 3.9% failure (either anchor or anchor and test failed) • Derive candidate links, eliminate unlikely candidates, then based on remaining candidate links: • ~ 34 ASs that may contain incorrectly configured filters http://psg.com/filter-candidates.txt

  17. Summary: In- and Out-Probes • Out-probes tell about reachability: + Find areas of non-reachability + Larger topological coverage (currently > 85% of Internet ASs) - No information about: return path and thus non- optimal paths • In-probes tell about filters on the path: + Reachability available + goal: detect intermediate filters - Limited topological coverage - Many traceroute servers are needed at the “edge”

  18. Conclusion • We can identify regions in the Internet that do not have reachability • It is possible to achieve a reasonable coverage of the Internet • We don’t only check reachability: we also detect places where there is "non-optimal" connectivity

  19. Thanks To • ARIN for IP space and commissioning research • CityLink – NZ, a test site • IIJ - JP, a test site • SpaceNet - DE, a test site • PSGnet – US, a test site • Universities of Adelaide & Delft • NSF award ANI-0221435 • Australian Research Council grant DP0557066

Recommend

Protecting Other Styles of Protocols Generally, how do you know you should believe another

Protecting Other Styles of Protocols Generally, how do you know you should believe another

Protecting Other Styles of Protocols Generally, how do you know you should believe another router? About distance to some address space About reachability to some address space About other characteristics of a path About what

482 views • 14 slides
P Starting at address 0, going to address MAX prog 0 But where do addresses come from? MOV

P Starting at address 0, going to address MAX prog 0 But where do addresses come from? MOV

Memory Management Basics 1 Basic Memory Management Concepts Address spaces MAX sys Physical address space The address space supported by the hardware Starting at address 0, going to address MAX sys MAX prog Logical/virtual address space

448 views • 22 slides
Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert May, 2006 Address Space Randomization Theory Randomize location of memory objects Libraries Heap User, kernel-space stack Foils attacks like

560 views • 15 slides
Processs Address Space Linux Address Space 0x7fffffff Stack Data (Heap) Data (Heap)

Processs Address Space Linux Address Space 0x7fffffff Stack Data (Heap) Data (Heap)

10/21/2014 Processes, Address Spaces, and PROCESS Memory Management A running program and its associated data Jonathan Misurda jmisurda@cs.pitt.edu Processs Address Space Linux Address Space 0x7fffffff Stack Data (Heap) Data (Heap)

579 views • 3 slides
Recall: Address Space Map Somet imes St ack Biggest Reserved f or (Space f or local var

Recall: Address Space Map Somet imes St ack Biggest Reserved f or (Space f or local var

Recall: Address Space Map Somet imes St ack Biggest Reserved f or (Space f or local var iables et c. Vir t ual OS 13: Memory Management For each nest ed pr ocedur e call) Address St ack Point er Last Modif ied: Heap (Space f or

322 views • 8 slides
t s Computability and Complexity Nabil Mustafa Nondeterministic Space Complexity Nabil Mustafa

t s Computability and Complexity Nabil Mustafa Nondeterministic Space Complexity Nabil Mustafa

The Problem REACHABILITY REACHABILITY Input: A directed graph G = ( V , E ), | V | = n , | E | = m , and two vertices s , t V Nondeterministic Space Complexity Question: Is there a directed path from s to t in G ? Nabil Mustafa t s

246 views • 6 slides
Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon

Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon

BFOC13. Boston University Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon Goldberg Leonid Reyzin Princeton University Boston University How Secure is Internet Routing Today? (1) I am

375 views • 14 slides
Program address space What does the OS loader do? 0x7ffffffff0000 Stack 8MB reserved Creates

Program address space What does the OS loader do? 0x7ffffffff0000 Stack 8MB reserved Creates

Program address space What does the OS loader do? 0x7ffffffff0000 Stack 8MB reserved Creates new process Sets up address space/segments Read executable file, load instructions, init global data 0x7ffff770000 Shared library

844 views • 16 slides
IP Version 6 The explosive growth of the Internet IPv4 address space, 32-bit Real-time

IP Version 6 The explosive growth of the Internet IPv4 address space, 32-bit Real-time

IP Version 6 The explosive growth of the Internet IPv4 address space, 32-bit Real-time and interactive applications Expanded address space, 128 bits Simplified header format Enabling easier processing of IP datagrams

852 views • 15 slides
Main Memory Goals for Today Protection: Address Spaces What is an Address Space?

Main Memory Goals for Today Protection: Address Spaces What is an Address Space?

Main Memory Goals for Today Protection: Address Spaces What is an Address Space? How is it Implemented? Address Translation Schemes Segmentation Paging Paging Multi-level translation Inverted page tables

461 views • 44 slides
Recap What are the three components of a process? Address space CPU context OS

Recap What are the three components of a process? Address space CPU context OS

Recap What are the three components of a process? Address space CPU context OS resources What are the steps of a context switching? Save & restore CPU context Change address space and other info in the PCB 1 Process

430 views • 18 slides
Virtual Memory Separate the concept of: address space (name) from physical memory address

Virtual Memory Separate the concept of: address space (name) from physical memory address

Virtual Memory Separate the concept of: address space (name) from physical memory address (location) Most common example today: wireless (cell) phones Phone number is your id or name Location varies as you move Maintain a Map between name

208 views • 20 slides
A PKI for IP Address Space and AS Numbers Dr. Stephen Kent Chief Scientist - Information

A PKI for IP Address Space and AS Numbers Dr. Stephen Kent Chief Scientist - Information

A PKI for IP Address Space and AS Numbers Dr. Stephen Kent Chief Scientist - Information Security Why A PKI? All proposals for improving the security of BGP rely on a secure infrastructure that attests to address space and AS number

252 views • 13 slides
Br Breaking Kern rnel Ad Address ss Space La Layout Randomization (KASLR LR) wi with th

Br Breaking Kern rnel Ad Address ss Space La Layout Randomization (KASLR LR) wi with th

Br Breaking Kern rnel Ad Address ss Space La Layout Randomization (KASLR LR) wi with th Intel TSX Yeongjin Jang , Sangho Lee, and Taesoo Kim Georgia Institute of Technology Kernel Address Space Layout Randomization (KASLR) A

1.2k views • 102 slides
New Venice Your Address In Space Master Thesis Defense Suzana Bianco May 3rd, 2018

New Venice Your Address In Space Master Thesis Defense Suzana Bianco May 3rd, 2018

New Venice Your Address In Space Master Thesis Defense Suzana Bianco May 3rd, 2018 sdbianco@uh.edu Imagine... It is the year 2070. The existing space economy is thriving. There are many facilities scattered across Cislunar space

429 views • 42 slides
Plasma-based space radiation mimicking for space radiobiology and electronics testing Scottish

Plasma-based space radiation mimicking for space radiobiology and electronics testing Scottish

Advanced Summer School on Laser-driven Sources of High Energy Particles and Radiation 2017-07-14, CNR Conference Centre, Anacapri, Capri Bernhard Hidding Plasma-based space radiation mimicking for space radiobiology and electronics testing

836 views • 44 slides
File Systems Storing Information Applications can store it in the process address space

File Systems Storing Information Applications can store it in the process address space

File Systems Storing Information Applications can store it in the process address space Why is it a bad idea? Size is limited to size of virtual address space May not be sufficient for airline reservations, banking, etc. The

1.07k views • 69 slides
UMBC M A L F T U M B C I O M Y O T R 1 (April 10, 2000 12:36 pm) I E S R C

UMBC M A L F T U M B C I O M Y O T R 1 (April 10, 2000 12:36 pm) I E S R C

Systems Programming 8086/88 Memory Interface II CMPE 310 Memory Address Decoding The processor can usually address a memory space that is much larger than the memory space covered by an individual memory chip. In order to splice a memory device

713 views • 21 slides
Semantic guidance for unbounded symbolic reachability Martin Suda Max Planck Institute fr

Semantic guidance for unbounded symbolic reachability Martin Suda Max Planck Institute fr

Semantic guidance for unbounded symbolic reachability Martin Suda Max Planck Institute fr Informatik VTSA 2012 b b b b b b b b b b b b Symbolic reachability The algorithm Conclusion Transition system ? G I Reachability Does

601 views • 28 slides
Subnetting Used to subdivide a single IP network, to more efficiently utilize the address

Subnetting Used to subdivide a single IP network, to more efficiently utilize the address

Subnetting Used to subdivide a single IP network, to more efficiently utilize the address space (create subnets ) Also allows introduction of additional hierarchy of address space, so routers throughout internet dont need to know

472 views • 10 slides
Distributed Systems Share single address space Share data in that space Use threads for

Distributed Systems Share single address space Share data in that space Use threads for

Motivation SMP systems Run parts of a program in parallel Distributed Systems Share single address space Share data in that space Use threads for parallelism Use synchronization primitives to prevent race Distributed Shared

235 views • 6 slides
Multi-Core Model Checking Alfons Laarman November 14, 2013 ... Introduction Reachability LTL

Multi-Core Model Checking Alfons Laarman November 14, 2013 ... Introduction Reachability LTL

UNIVERSITY OF TWENTE. Formal Methods & Tools. Multi-Core Model Checking Alfons Laarman November 14, 2013 ... Introduction Reachability LTL Timed Automata LTSmin Conclusions ... State Space Explosion An exponential problem

956 views • 80 slides
& Process Address Space Nima Honarmand Spring 2017 :: CSE 506 Virtual Memory (VM) Recap

& Process Address Space Nima Honarmand Spring 2017 :: CSE 506 Virtual Memory (VM) Recap

Spring 2017 :: CSE 506 Virtual Memory & Process Address Space Nima Honarmand Spring 2017 :: CSE 506 Virtual Memory (VM) Recap Primary purpose? Isolate each process to its own address space Components Address translation

716 views • 36 slides
Architecture for CASM Coordinated Address Space Management

Architecture for CASM Coordinated Address Space Management

IETF 98 th Architecture for CASM Coordinated Address Space Management draft-li-casm-address-pool-management-architecture-00 draft-kumar-casm-requirements-and-framework-00 Chen Li, Chongfeng Xie(China Telecom), Jun Bi(Tsinghua University)

392 views • 14 slides

More recommend