High Fidelity Off-Path Round-Trip Time Measurement via TCP/IP Side Channels with Duplicate SYNs

Off-path round-trip time (RTT) measurement has many potential applications, including: improved geolocation capabilities, measuring the performance of parts of the Internet where there is not much measurement infrastructure (e.g., PlanetLab), and providing data plane measurements to better understand global Internet routing. Off-path means that the measurement machine is not on the path being measured. More specifically, we can measure the RTT between essentially any two machines (A and B) on the Internet without having special access to A or B or having any presence in the path between A and B. Alexander and Crandall proposed a new technique for off-path RTT measurements that made fewer assumptions than previous techniques, such as King (based on DNS). Alexander and Crandall's technique assumed only that one of A or B was a standard Linux machine with at least one open port and the other replied to unsolicited SYN-ACKs with RSTs. Thus, their technique is widely applicable across many parts of the Internet. However, their technique's accuracy was severely impacted by short RTTs or high packet loss rates. In this paper, we propose an improved technique that overcomes both of these limitations. Our new technique is shown to have 82.95% of the RTT measurement results within 10% of the actual RTT, and 91.18% of the results within 20% of the actual RTT; while the previous technique by Alexander and Crandall only had 60.7% of the results within 10% and 81.33% of the results within 20%.

[1]  Jedidiah R. Crandall,et al.  Off-path round trip time measurement via TCP/IP side channels , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[2]  Deepak Kapur,et al.  Idle Port Scanning and Non-interference Analysis of Network Protocol Stacks Using Model Checking , 2010, USENIX Security Symposium.

[3]  Zhuoqing Morley Mao,et al.  Off-path TCP Sequence Number Inference Attack - How Firewall Middleboxes Reduce Security , 2012, 2012 IEEE Symposium on Security and Privacy.

[4]  Jon Postel,et al.  Transmission Control Protocol , 1981, RFC.

[5]  David E. Culler,et al.  PlanetLab: an overlay testbed for broad-coverage services , 2003, CCRV.

[6]  Xu Zhang,et al.  Original SYN: Finding machines hidden behind firewalls , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[7]  Thomas E. Anderson,et al.  Reverse traceroute , 2010, NSDI.

[8]  Jeffrey Knockel,et al.  Detecting Intentional Packet Drops on the Internet via TCP/IP Side Channels , 2014, PAM.

[9]  Krishna P. Gummadi,et al.  King: estimating latency between arbitrary internet end hosts , 2002, IMW '02.

[10]  Ítalo S. Cunha,et al.  PoiRoot: investigating the root cause of interdomain path changes , 2013, SIGCOMM.

[11]  Miguel Rio,et al.  The large-scale geography of Internet round trip times , 2013, 2013 IFIP Networking Conference.

[12]  Paul Francis,et al.  IDMaps: a global internet host distance estimation service , 2001, TNET.

[13]  Arun Venkataramani,et al.  iPlane: an information plane for distributed services , 2006, OSDI '06.

[14]  Donald F. Towsley,et al.  Exploiting the IPID Field to Infer Network Path and End-System Characteristics , 2005, PAM.

[15]  Cheng Huang,et al.  Queen: Estimating Packet Loss Rate between Arbitrary Internet Hosts , 2009, PAM.