Hidden Treasures - Recycling Large-Scale Internet Measurements to Study the Internet's Control Plane

Internet-wide scans are a common active measurement approach to study the Internet, e.g., studying security properties or protocol adoption. They involve probing large address ranges (IPv4 or parts of IPv6) for specific ports or protocols. Besides their primary use for probing (e.g., studying protocol adoption), we show that—at the same time—they provide valuable insights into the Internet control plane informed by ICMP responses to these probes—a currently unexplored secondary use. We collect one week of ICMP responses (637.50M messages) to several Internet-wide ZMap scans covering multiple TCP and UDP ports as well as DNS-based scans covering >50% of the domain name space. This perspective enables us to study the Internet’s control plane as a by-product of Internet measurements. We receive ICMP messages from \(\sim \)171M different IPs in roughly 53K different autonomous systems. Additionally, we uncover multiple control plane problems, e.g., we detect a plethora of outdated and misconfigured routers and uncover the presence of large-scale persistent routing loops in IPv4.

[1]  Jan Rüth,et al.  How HTTP/2 pushes the web: An empirical study of HTTP/2 server push , 2017, 2017 IFIP Networking Conference (IFIP Networking) and Workshops.

[2]  John S. Heidemann,et al.  Detecting ICMP Rate Limiting in the Internet , 2018, PAM.

[3]  Konstantina Papagiannaki,et al.  Is the Web HTTP/2 Yet? , 2016, PAM.

[4]  Christophe Diot,et al.  On the correlation between route dynamics and routing loops , 2003, IMC '03.

[5]  Robert T. Braden,et al.  Requirements for Internet Hosts - Communication Layers , 1989, RFC.

[6]  David Malone,et al.  Analysis of ICMP Quotations , 2007, PAM.

[7]  Benoit Donnet,et al.  copycat: Testing Differential Treatment of New Transport Protocols in the Wild , 2017, ANRW.

[8]  Christophe Diot,et al.  Detection and analysis of routing loops in packet traces , 2002, IMW '02.

[9]  G. G. Finn A connectionless congestion control algorithm , 1989, CCRV.

[10]  Fernando Gont,et al.  ICMP Attacks against TCP , 2010, RFC.

[11]  Jan Rüth,et al.  A First Look at QUIC in the Wild , 2018, PAM.

[12]  Jan Rüth,et al.  Large-scale scanning of TCP's initial window , 2017, Internet Measurement Conference.

[13]  Benoit Donnet,et al.  Revealing MPLS tunnels obscured from traceroute , 2012, CCRV.

[14]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[15]  Steven J. Murdoch,et al.  Scanning the Internet for Liveness , 2018, CCRV.

[16]  Jon Postel,et al.  Internet Control Message Protocol , 1981, RFC.

[17]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[18]  Gorry Fairhurst,et al.  Exploring Usable Path MTU in the Internet , 2018, 2018 Network Traffic Measurement and Analysis Conference (TMA).

[19]  Lixin Gao,et al.  Flooding attacks by exploiting persistent forwarding loops , 2005, IMC '05.

[20]  Donald B. Johnson,et al.  Finding All the Elementary Circuits of a Directed Graph , 1975, SIAM J. Comput..

[21]  Jon Postel,et al.  Assigned Numbers , 1979, RFC.

[22]  Fernando Gont,et al.  Deprecation of ICMP Source Quench Messages , 2012, RFC.

[23]  Matthew J. Luckie,et al.  Using Loops Observed in Traceroute to Infer the Ability to Spoof , 2017, PAM.

[24]  Sally Floyd,et al.  TCP and explicit congestion notification , 1994, CCRV.

[25]  Lixin Gao,et al.  A measurement study of persistent forwarding loops on the Internet , 2007, Comput. Networks.

[26]  W. Marsden I and J , 2012 .

[27]  Fred Baker,et al.  Requirements for IP Version 4 Routers , 1995, RFC.

[28]  Brice Augustin,et al.  Avoiding traceroute anomalies with Paris traceroute , 2006, IMC '06.