发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2013 conference on Internet measurement conference最新文献

筛选
英文 中文
Analysis of the HTTPS certificate ecosystem HTTPS证书生态系统分析
Proceedings of the 2013 conference on Internet measurement conference Pub Date : 2013-10-23 DOI: 10.1145/2504730.2504755
Z. Durumeric, James Kasten, Michael Bailey, J. A. Halderman
{"title":"Analysis of the HTTPS certificate ecosystem","authors":"Z. Durumeric, James Kasten, Michael Bailey, J. A. Halderman","doi":"10.1145/2504730.2504755","DOIUrl":"https://doi.org/10.1145/2504730.2504755","url":null,"abstract":"We report the results of a large-scale measurement study of the HTTPS certificate ecosystem---the public-key infrastructure that underlies nearly all secure web communications. Using data collected by performing 110 Internet-wide scans over 14 months, we gain detailed and temporally fine-grained visibility into this otherwise opaque area of security-critical infrastructure. We investigate the trust relationships among root authorities, intermediate authorities, and the leaf certificates used by web servers, ultimately identifying and classifying more than 1,800 entities that are able to issue certificates vouching for the identity of any website. We uncover practices that may put the security of the ecosystem at risk, and we identify frequent configuration problems that lead to user-facing errors and potential vulnerabilities. We conclude with lessons and recommendations to ensure the long-term health and security of the certificate ecosystem.","PeriodicalId":155913,"journal":{"name":"Proceedings of the 2013 conference on Internet measurement conference","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114865348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 304
D-mystifying the D-root address change d -神秘化d -根地址的变化
Proceedings of the 2013 conference on Internet measurement conference Pub Date : 2013-10-23 DOI: 10.1145/2504730.2504772
Matthew Lentz, Dave Levin, Jason Castonguay, N. Spring, Bobby Bhattacharjee
{"title":"D-mystifying the D-root address change","authors":"Matthew Lentz, Dave Levin, Jason Castonguay, N. Spring, Bobby Bhattacharjee","doi":"10.1145/2504730.2504772","DOIUrl":"https://doi.org/10.1145/2504730.2504772","url":null,"abstract":"On January 3, 2013, the D-root DNS server hosted at the University of Maryland changed IP address. To avoid service disruption, the old address continues to answer queries. In this paper, we perform an initial investigation of the traffic at both the new and old addresses before, during, and since the flag day. The data we collected show non-obvious behavior: the overall query volume to the D-roots increases by roughly 50%, the old address continues to receive a high volume of queries months after the changeover, and far more queries to the old address succeed than those to the new one. Our analysis provides a window into how compliant resolvers change over and how non-standard and seemingly malicious resolvers react (or not) to the IP address change. We provide evidence that a relatively small number of implementation errors account for nearly all discrepancies that are not misconfigurations or attacks.","PeriodicalId":155913,"journal":{"name":"Proceedings of the 2013 conference on Internet measurement conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129765110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Indexing million of packets per second using GPUs 使用gpu每秒索引数百万个数据包
Proceedings of the 2013 conference on Internet measurement conference Pub Date : 2013-10-23 DOI: 10.1145/2504730.2504756
F. Fusco, M. Vlachos, X. Dimitropoulos, L. Deri
{"title":"Indexing million of packets per second using GPUs","authors":"F. Fusco, M. Vlachos, X. Dimitropoulos, L. Deri","doi":"10.1145/2504730.2504756","DOIUrl":"https://doi.org/10.1145/2504730.2504756","url":null,"abstract":"Network traffic recorders are devices that record massive volumes of network traffic for security applications, like retrospective forensic investigations. When deployed over very high-speed networks, traffic recorders must process and store millions of packets per second. To enable interactive explorations of such large traffic archives, packet indexing mechanisms are required. Indexing packets at wire rates (10 Gbps and above) on commodity hardware imposes unparalleled requirements for high throughput index creation. Such indexing throughputs are presently untenable with modern indexing technologies and current processor architectures. In this work, we propose to intelligently offload indexing to commodity General Processing Units (GPUs). We introduce algorithms for building compressed bitmap indexes in real time on GPUs and show that we can achieve indexing throughputs of up to 185 millions records per second, which is an improvement by one order of magnitude compared to the state-of-the-art. This shows that indexing network traffic at multi-10-Gbps rates is well within reach.","PeriodicalId":155913,"journal":{"name":"Proceedings of the 2013 conference on Internet measurement conference","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122061203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 43
Understanding the domain registration behavior of spammers 了解垃圾邮件发送者的域名注册行为
Proceedings of the 2013 conference on Internet measurement conference Pub Date : 2013-10-23 DOI: 10.1145/2504730.2504753
S. Hao, Matthew Thomas, V. Paxson, N. Feamster, C. Kreibich, Chris Grier, S. Hollenbeck
{"title":"Understanding the domain registration behavior of spammers","authors":"S. Hao, Matthew Thomas, V. Paxson, N. Feamster, C. Kreibich, Chris Grier, S. Hollenbeck","doi":"10.1145/2504730.2504753","DOIUrl":"https://doi.org/10.1145/2504730.2504753","url":null,"abstract":"Spammers register a tremendous number of domains to evade blacklisting and takedown efforts. Current techniques to detect such domains rely on crawling spam URLs or monitoring lookup traffic. Such detection techniques are only effective after the spammers have already launched their campaigns, and thus these countermeasures may only come into play after the spammer has already reaped significant benefits from the dissemination of large volumes of spam. In this paper we examine the registration process of such domains, with a particular eye towards features that might indicate that a given domain likely has a malicious purpose at registration time, before it is ever used for an attack. Our assessment includes exploring the characteristics of registrars, domain life cycles, registration bursts, and naming patterns. By investigating zone changes from the .com TLD over a 5-month period, we discover that spammers employ bulk registration, that they often re-use domains previously registered by others, and that they tend to register and host their domains over a small set of registrars. Our findings suggest steps that registries or registrars could use to frustrate the efforts of miscreants to acquire domains in bulk, ultimately reducing their agility for mounting large-scale attacks.","PeriodicalId":155913,"journal":{"name":"Proceedings of the 2013 conference on Internet measurement conference","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127211734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 99
A comparison of syslog and IS-IS for network failure analysis 对比syslog和IS-IS,用于网络故障分析
Proceedings of the 2013 conference on Internet measurement conference Pub Date : 2013-10-23 DOI: 10.1145/2504730.2504766
D. Turner, Kirill Levchenko, S. Savage, A. Snoeren
{"title":"A comparison of syslog and IS-IS for network failure analysis","authors":"D. Turner, Kirill Levchenko, S. Savage, A. Snoeren","doi":"10.1145/2504730.2504766","DOIUrl":"https://doi.org/10.1145/2504730.2504766","url":null,"abstract":"Accurate reporting and analysis of network failures has historically required instrumentation (e.g., dedicated tracing of routing protocol state) that is rarely available in practice. In previous work, our group has proposed that a combination of common data sources could be substituted instead. In particular, by opportunistically stitching together data from router configuration logs and syslog messages, we demonstrated that a granular picture of network failures could be resolved and verified with human trouble tickets. In this paper, we more fully evaluate the fidelity of this approach, by comparing with high-quality \"ground truth\" data derived from an analysis of contemporaneous IS-IS routing protocol messages. We identify areas of agreement and disparity between these data sources, as well as potential ways to correct disparities when possible.","PeriodicalId":155913,"journal":{"name":"Proceedings of the 2013 conference on Internet measurement conference","volume":"294 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133543420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Identifiability of link metrics based on end-to-end path measurements 基于端到端路径度量的链路度量的可识别性
Proceedings of the 2013 conference on Internet measurement conference Pub Date : 2013-10-23 DOI: 10.1145/2504730.2504738
Liang Ma, T. He, K. Leung, A. Swami, D. Towsley
{"title":"Identifiability of link metrics based on end-to-end path measurements","authors":"Liang Ma, T. He, K. Leung, A. Swami, D. Towsley","doi":"10.1145/2504730.2504738","DOIUrl":"https://doi.org/10.1145/2504730.2504738","url":null,"abstract":"We investigate the problem of identifying individual link metrics in a communication network from end-to-end path measurements, under the assumption that link metrics are additive and constant. To uniquely identify the link metrics, the number of linearly independent measurement paths must equal the number of links. Our contribution is to characterize this condition in terms of the network topology and the number/placement of monitors, under the constraint that measurement paths must be cycle-free. Our main results are: (i) it is generally impossible to identify all the link metrics by using two monitors; (ii) nevertheless, metrics of all the interior links not incident to any monitor are identifiable by two monitors if the topology satisfies a set of necessary and sufficient connectivity conditions; (iii) these conditions naturally extend to a necessary and sufficient condition for identifying all the link metrics using three or more monitors. We show that these conditions not only allow efficient identifiability tests, but also enable an efficient algorithm to place the minimum number of monitors in order to identify all link metrics. Our evaluations on both random and real topologies show that the proposed algorithm achieves identifiability using a much smaller number of monitors than a baseline solution.","PeriodicalId":155913,"journal":{"name":"Proceedings of the 2013 conference on Internet measurement conference","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116585807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 67
Internet nameserver IPv4 and IPv6 address relationships Internet域名服务器IPv4和IPv6地址关系
Proceedings of the 2013 conference on Internet measurement conference Pub Date : 2013-10-23 DOI: 10.1145/2504730.2504745
A. Berger, N. Weaver, Robert Beverly, L. Campbell
{"title":"Internet nameserver IPv4 and IPv6 address relationships","authors":"A. Berger, N. Weaver, Robert Beverly, L. Campbell","doi":"10.1145/2504730.2504745","DOIUrl":"https://doi.org/10.1145/2504730.2504745","url":null,"abstract":"The modern Domain Name System (DNS) provides not only resolution, but also enables intelligent client routing, e.g. for Content Distribution Networks (CDNs). The adoption of IPv6 presents CDNs the opportunity to utilize different paths when optimizing traffic, and the challenge of appropriately mapping IPv6 DNS queries. This work seeks to discover the associations between Internet DNS client resolver IPv6 address(es) and IPv4 address(es). We design and implement two new techniques, one passive and one active, to gather resolver pairings. The passive technique, deployed in Akamai's production DNS infrastructure, opportunistically discovered 674k (IPv4, IPv6) associated address pairs within a six-month period. We find that 34% of addresses are one-to-one, i.e. appear in no other pair, a fraction that increases to ~50% when aggregating IPv6 addresses into /64 prefixes. The one-to-one associations are suggestive, but not a sufficient condition, of dual-stack DNS recursive resolvers. We further substantiate our inferences via PTR records and software versions, and manual verification of sample pairings by three major Network Operators. Complex associations, where e.g. distributed DNS resolution leads to inferred address groupings that span continents and many autonomous systems exist, a subset of which we explore in more depth using the active probing technique. Among potential uses, Akamai is currently utilizing screened output from the passive technique, in conjunction with prior knowledge of IPv4, to inform IPv6 geolocation within its CDN.","PeriodicalId":155913,"journal":{"name":"Proceedings of the 2013 conference on Internet measurement conference","volume":"13 12","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121010070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Exploring EDNS-client-subnet adopters in your free time 在空闲时间探索edns -客户机-子网采用者
Proceedings of the 2013 conference on Internet measurement conference Pub Date : 2013-10-23 DOI: 10.1145/2504730.2504767
Florian Streibelt, Jan Böttger, N. Chatzis, Georgios Smaragdakis, A. Feldmann
{"title":"Exploring EDNS-client-subnet adopters in your free time","authors":"Florian Streibelt, Jan Böttger, N. Chatzis, Georgios Smaragdakis, A. Feldmann","doi":"10.1145/2504730.2504767","DOIUrl":"https://doi.org/10.1145/2504730.2504767","url":null,"abstract":"The recently proposed DNS extension, EDNS-Client-Subnet (ECS), has been quickly adopted by major Internet companies such as Google to better assign user requests to their servers and improve end-user experience. In this paper, we show that the adoption of ECS also offers unique, but likely unintended, opportunities to uncover details about these companies' operational practices at almost no cost. A key observation is that ECS allows to resolve domain names of ECS adopters on behalf of any arbitrary IP/prefix in the Internet. In fact, by utilizing only a single residential vantage point and relying solely on publicly available information, we are able to (i) uncover the global footprint of ECS adopters with very little effort, (ii) infer the DNS response cacheability and end-user clustering of ECS adopters for an arbitrary network in the Internet, and (iii) capture snapshots of user to server mappings as practiced by major ECS adopters. While pointing out such new measurement opportunities, our work is also intended to make current and future ECS adopters aware of which operational information gets exposed when utilizing this recent DNS extension.","PeriodicalId":155913,"journal":{"name":"Proceedings of the 2013 conference on Internet measurement conference","volume":"153 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123264927","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 65
Mapping the expansion of Google's serving infrastructure 绘制谷歌服务基础设施的扩展图
Proceedings of the 2013 conference on Internet measurement conference Pub Date : 2013-10-23 DOI: 10.1145/2504730.2504754
Matt Calder, Xun Fan, Z. Hu, Ethan Katz-Bassett, J. Heidemann, R. Govindan
{"title":"Mapping the expansion of Google's serving infrastructure","authors":"Matt Calder, Xun Fan, Z. Hu, Ethan Katz-Bassett, J. Heidemann, R. Govindan","doi":"10.1145/2504730.2504754","DOIUrl":"https://doi.org/10.1145/2504730.2504754","url":null,"abstract":"Modern content-distribution networks both provide bulk content and act as \"serving infrastructure\" for web services in order to reduce user-perceived latency. Serving infrastructures such as Google's are now critical to the online economy, making it imperative to understand their size, geographic distribution, and growth strategies. To this end, we develop techniques that enumerate IP addresses of servers in these infrastructures, find their geographic location, and identify the association between clients and clusters of servers. While general techniques for server enumeration and geolocation can exhibit large error, our techniques exploit the design and mechanisms of serving infrastructure to improve accuracy. We use the EDNS-client-subnet DNS extension to measure which clients a service maps to which of its serving sites. We devise a novel technique that uses this mapping to geolocate servers by combining noisy information about client locations with speed-of-light constraints. We demonstrate that this technique substantially improves geolocation accuracy relative to existing approaches. We also cluster server IP addresses into physical sites by measuring RTTs and adapting the cluster thresholds dynamically. Google's serving infrastructure has grown dramatically in the ten months, and we use our methods to chart its growth and understand its content serving strategy. We find that the number of Google serving sites has increased more than sevenfold, and most of the growth has occurred by placing servers in large and small ISPs across the world, not by expanding Google's backbone.","PeriodicalId":155913,"journal":{"name":"Proceedings of the 2013 conference on Internet measurement conference","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130788110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 203
Speedtrap: internet-scale IPv6 alias resolution Speedtrap:互联网规模的IPv6别名解析
Proceedings of the 2013 conference on Internet measurement conference Pub Date : 2013-10-23 DOI: 10.1145/2504730.2504759
M. Luckie, Robert Beverly, William Brinkmeyer, K. Claffy
{"title":"Speedtrap: internet-scale IPv6 alias resolution","authors":"M. Luckie, Robert Beverly, William Brinkmeyer, K. Claffy","doi":"10.1145/2504730.2504759","DOIUrl":"https://doi.org/10.1145/2504730.2504759","url":null,"abstract":"Impediments to resolving IPv6 router aliases have precluded understanding the emerging router-level IPv6 Internet topology. In this work, we design, implement, and validate the first Internet-scale alias resolution technique for IPv6. Our technique, speedtrap, leverages the ability to induce fragmented IPv6 responses from router interfaces in a particular temporal pattern that produces distinguishing per-router fingerprints. Our algorithm surmounts three fundamental challenges to Internet-scale IPv6 alias resolution using fragment identifier values: (1) unlike for IPv4, the identifier counters on IPv6 routers have no natural velocity, (2) the values of these counters are similar across routers, and (3) the packet size required to collect inferences is 46 times larger than required in IPv4. We demonstrate the efficacy of the technique by producing router-level Internet IPv6 topologies using measurements from CAIDA's distributed infrastructure. Our preliminary work represents a step toward understanding the Internet's IPv6 router-level topology, an important objective with respect to IPv6 network resilience, security, policy, and longitudinal evolution.","PeriodicalId":155913,"journal":{"name":"Proceedings of the 2013 conference on Internet measurement conference","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128560315","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信