Advertisement

Alias Resolution Based on ICMP Rate Limiting

  • Kevin VermeulenEmail author
  • Burim LjumaEmail author
  • Vamsi AddankiEmail author
  • Matthieu GouelEmail author
  • Olivier FourmauxEmail author
  • Timur FriedmanEmail author
  • Reza RejaieEmail author
Conference paper
  • 52 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12048)

Abstract

Alias resolution techniques (e.g., Midar) associate, mostly through active measurement, a set of IP addresses as belonging to a common router. These techniques rely on distinct router features that can serve as a signature. Their applicability is affected by router support of the features and the robustness of the signature. This paper presents a new alias resolution tool called Limited Ltd. that exploits ICMP rate limiting, a feature that is increasingly supported by modern routers that has not previously been used for alias resolution. It sends ICMP probes toward target interfaces in order to trigger rate limiting, extracting features from the probe reply loss traces. It uses a machine learning classifier to designate pairs of interfaces as aliases. We describe the details of the algorithm used by Limited Ltd. and illustrate its feasibility and accuracy. Limited Ltd. not only is the first tool that can perform alias resolution on IPv6 routers that do not generate monotonically increasing fragmentation IDs (e.g., Juniper routers) but it also complements the state-of-the-art techniques for IPv4 alias resolution. All of our code and the collected dataset are publicly available.

Notes

Acknowledgments

We thank Niels den Otter from SURFnet and Simon Leinen from Switch network for their time in conducting joint experiments of Limited Ltd. We thank people from Internet2 and Switch for providing the ground truth of their network. We thank the anonymous reviewers from both the PAM TPC and our shepherd, for their careful reading of this paper and suggestions for its improvement. Kevin Vermeulen, Olivier Fourmaux, and Timur Friedman are associated with Sorbonne Université, CNRS, Laboratoire d’informatique de Paris 6, LIP6, F-75005 Paris, France. Kevin Vermeulen and Timur Friedman are associated with the Laboratory of Information, Networking and Communication Sciences, LINCS, F-75013 Paris, France. A research grant from the French Ministry of Defense has made this work possible.

Supplementary material

References

  1. 1.
    PlanetLab Europe. https://www.planet-lab.eu
  2. 2.
    Private communication with CAIDAGoogle Scholar
  3. 3.
  4. 4.
    Alvarez, P., Oprea, F., Rule, J.: Rate-limiting of IPv6 traceroutes is widespread: measurements and mitigations. In: Proceedings of IETF, vol. 99 (2017)Google Scholar
  5. 5.
    Aminikhanghahi, S., Cook, D.J.: A survey of methods for time series change point detection. Knowl. Inf. Syst. 51(2), 339–367 (2017)CrossRefGoogle Scholar
  6. 6.
    Augustin, B., et al.: Avoiding traceroute anomalies with Paris Traceroute. In: Proceedings of IMC (2006)Google Scholar
  7. 7.
    Bender, A., Sherwood, R., Spring, N.: Fixing Ally’s growing pains with velocity modeling. In: Proceedings of IMC (2008)Google Scholar
  8. 8.
    Breiman, L., Friedman, J., Olshen, R., Stone, C.: Classification and Regression Trees. Wadsworth and Brooks, Monterey (1984)zbMATHGoogle Scholar
  9. 9.
    Cisco: Cisco IOS quality of service solutions configuration guide, release 12.2SR. In: Policing and Shaping Overview. https://www.cisco.com/c/en/us/td/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book/polcing_shping_oview.html
  10. 10.
  11. 11.
    Cisco: Control plane policing implementation best practices. https://www.cisco.com/c/en/us/about/security-center/copp-best-practices.html#7
  12. 12.
  13. 13.
    Conta, A., Gupta, M.: RFC 4443, Internet Control Message Protocol (ICMPv6) for the Internet Protocol version 6 (IPv6) specification. IETF (2006)Google Scholar
  14. 14.
    Deal, R.A.: Cisco router firewall security: DoS protection. http://www.ciscopress.com/articles/article.asp?p=345618&seqNum=5
  15. 15.
    Ensafi, R., Knockel, J., Alexander, G., Crandall, J.R.: Detecting intentional packet drops on the Internet via TCP/IP side channels. In: Proceedings of PAM (2014)Google Scholar
  16. 16.
    Govindan, R., Tangmunarunkit, H.: Heuristics for Internet map discovery. In: Proceedings of INFOCOM (2000)Google Scholar
  17. 17.
    Gunes, M.H., Sarac, K.: Resolving IP aliases in building traceroute-based Internet maps. IEEE/ACM Trans. Netw. 17(6), 1738–1751 (2009)CrossRefGoogle Scholar
  18. 18.
    Gunes, M.H., Sarac, K.: Importance of IP alias resolution in sampling Internet topologies. In: Proceedings of GI (2007)Google Scholar
  19. 19.
    Guo, H., Heidemann, J.: Detecting ICMP rate limiting in the Internet. In: Proceedings of PAM (2018)Google Scholar
  20. 20.
    Juniper: Default ICMP rate limit on the system for host inbound connections. https://kb.juniper.net/InfoCenter/index?page=content&id=KB28184&cat=SRX_SERIES&actp=LIST
  21. 21.
    Juniper: IPv6 multicast routing on E series broadband services routers, release 15.1. Access-list. https://www.juniper.net/documentation/en_US/junose15.1/topics/reference/command-summary/access-list.html
  22. 22.
  23. 23.
    Juniper: System management and monitoring feature guide for switches. Internet-options (ICMPv4). https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/icmpv4-rate-limit-edit-system.html
  24. 24.
    Juniper: System management and monitoring feature guide for switches. Internet-options (ICMPv6). https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/icmpv6-rate-limit-edit-system.html
  25. 25.
    Keys, K.: Internet-scale IP alias resolution techniques. ACM SIGCOMM Comput. Commun. Rev. 40(1), 50–55 (2010)CrossRefGoogle Scholar
  26. 26.
    Keys, K., Hyun, Y., Luckie, M., Claffy, K.: Internet-scale IPv4 alias resolution with MIDAR. IEEE/ACM Trans. Netw. 21(2), 383–399 (2013)CrossRefGoogle Scholar
  27. 27.
    Killick, R., Eckley, I.A.: changepoint: an R package for changepoint analysis. J. Stat. Softw. 58(3), 1–19 (2014). http://www.jstatsoft.org/v58/i03/CrossRefGoogle Scholar
  28. 28.
    Kim, S., Harfoush, K.: Efficient estimation of more detailed Internet IP maps. In: Proceedings of ICC (2007)Google Scholar
  29. 29.
    Luckie, M., Beverly, R., Brinkmeyer, W., et al.: SpeedTrap: Internet-scale IPv6 alias resolution. In: Proceedings of IMC (2013)Google Scholar
  30. 30.
    Marchetta, P., Persico, V., Pescapè, A.: Pythia: yet another active probing technique for alias resolution. In: Proceedings of CoNEXT (2013)Google Scholar
  31. 31.
    Padmanabhan, R., Li, Z., Levin, D., Spring, N.: UAv6: alias resolution in IPv6 using unused addresses. In: Proceedings of PAM (2015)Google Scholar
  32. 32.
    Pansiot, J.J., Grad, D.: On routes and multicast trees in the Internet. ACM SIGCOMM Comput. Commun. Rev. 28(1), 41–50 (1998)CrossRefGoogle Scholar
  33. 33.
    Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)MathSciNetzbMATHGoogle Scholar
  34. 34.
    Postel, J.: RFC 792. Internet Control Message Protocol, IETF (1981)Google Scholar
  35. 35.
    Qian, S., Wang, Y., Xu, K.: Utilizing destination options header to resolve IPv6 alias resolution. In: Proceedings of GLOBECOM (2010)Google Scholar
  36. 36.
    Qian, S., Xu, M., Qiao, Z., Xu, K.: Route positional method for IPv6 alias resolution. In: Proceedings of ICCCN (2010)Google Scholar
  37. 37.
    Ravaioli, R., Urvoy-Keller, G., Barakat, C.: Characterizing ICMP rate limitation on routers. In: Proceedings of ICC (2015)Google Scholar
  38. 38.
    Sherry, J., Katz-Bassett, E., Pimenova, M., Madhyastha, H.V., Anderson, T., Krishnamurthy, A.: Resolving IP aliases with prespecified timestamps. In: Proceedings of IMC (2010)Google Scholar
  39. 39.
    Sherwood, R., Bender, A., Spring, N.: Discarte: a disjunctive Internet cartographer. ACM SIGCOMM Comput. Commun. Rev. 38(4), 303–314 (2008)CrossRefGoogle Scholar
  40. 40.
    Spring, N., Mahajan, R., Wetherall, D.: Measuring ISP topologies with rocketfuel. ACM SIGCOMM Comput. Commun. Rev. 32(4), 133–145 (2002)CrossRefGoogle Scholar
  41. 41.
    Vermeulen, K., Strowes, S.D., Fourmaux, O., Friedman, T.: Multilevel MDA-lite Paris Traceroute. In: Proceedings of IMC (2018)Google Scholar
  42. 42.
    Willinger, W., Alderson, D., Doyle, J.C.: Mathematics and the Internet: a source of enormous confusion and great potential. Not. Am. Math. Soc. 56(5), 586–599 (2009)MathSciNetzbMATHGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Sorbonne UniversitéParisFrance
  2. 2.University of OregonEugeneUSA

Personalised recommendations