Something from Nothing (There): Collecting Global IPv6 Datasets from DNS
Abstract
Current large-scale IPv6 studies mostly rely on non-public datasets, as most public datasets are domain specific. For instance, traceroute-based datasets are biased toward network equipment. In this paper, we present a new methodology to collect IPv6 address datasets that does not require access to restricted network vantage points. We collect a new dataset spanning more than 5.8 million IPv6 addresses by exploiting DNS’ denial of existence semantics (NXDOMAIN). This paper documents our efforts in obtaining new datasets of allocated IPv6 addresses, so others can avoid the obstacles we encountered.
Keywords
Covert Channel Border Gateway Protocol Content Delivery Network IPv6 Address Reverse ZoneNotes
Acknowledgements
We thank the anonymous reviewers for their helpful feedback and suggestions, and Peter van Dijk for suggesting this research path to us. This material is based on research supported or sponsored by the Office of Naval Research (ONR) under Award No. N00014-15-1-2948, the Space and Naval Warfare Systems Command (SPAWAR) under Award No. N66001-13-2-4039, the National Science Foundation (NSF) under Award No. CNS-1408632, the Defense Advanced Research Projects Agency (DARPA) under agreement number FA8750-15-2-0084, a Security, Privacy and Anti-Abuse award from Google, SBA Research, the Bundesministerium für Bildung und Forschung (BMBF) under Award No. KIS1DSD032 (Project Enzevalos), a Leibniz Price project by the German Research Foundation (DFG) under Award No. FKZ FE 570/4-1. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The opinions, views, and conclusions contained herein are those of the author(s) and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of ONR, SPAWAR, NSF, DARPA, the U.S. Government, Google, SBA Research, BMBF, or DFG.
References
- 1.Atkins, D., Austein, R.: Threat Analysis of the Domain Name System (DNS). RFC3833Google Scholar
- 2.Bortzmeyer, S., Huque, S.: NXDOMAIN: There Really is Nothing Underneath. RFC8020Google Scholar
- 3.Chatzis, N., Smaragdakis, G., Böttger, J., Krenc, T., Feldmann, A.: On the benefits of using a large ixp as an internet vantage point. In: Proceedings of the ACM Internet Measurement Conference, pp. 333–346 (2013)Google Scholar
- 4.Czyz, J., Allman, M., Zhang, J., Iekel-Johnson, S., Osterweil, E., Bailey, M.: Measuring IPv6 adoption. Proc. ACM SIGCOMM 44(4), 87–98 (2014)CrossRefGoogle Scholar
- 5.Czyz, J., Luckie, M., Allman, M., Bailey, M.: Don’t forget to lock the back door! a characterization of ipv6 network security policy. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS), vol. 389 (2016)Google Scholar
- 6.Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: Proceedings of the USENIX Security Symposium, pp. 605–620 (2013)Google Scholar
- 7.Fiebig, T., Danisevskis, J., Piekarska, M.: A metric for the evaluation and comparison of keylogger performance. In: Proceedings of the USENIX Security Workshop on Cyber Security Experimentation and Test (CSET) (2014)Google Scholar
- 8.Foremski, P., Plonka, D., Berger, A.: Entropy/IP: uncovering structure in IPv6 addresses. In: Proceedings of the ACM Internet Measurement Conference (2016)Google Scholar
- 9.Gasser, O., Scheitle, Q., Gebhard, S., Carle, G.: Scanning the IPv6 internet: towards a comprehensive hitlist (2016)Google Scholar
- 10.Gont, F., Chown, T.: Network Reconnaissance in IPv6 Networks. RFC7707Google Scholar
- 11.Hinden, R., Deering, S.: IP Version 6 Addressing Architecture. RFC4291Google Scholar
- 12.Mockapetris, P.: Domain names - concepts and facilities. RFC1034Google Scholar
- 13.Mockapetris, P.: Domain names - implementation and specification. RFC1035Google Scholar
- 14.Nussbaum, L., Neyron, P., Richard, O.: On robust covert channels inside DNS. In: Proceedings of the International Information Security Conference (IFIP), pp. 51–62 (2009)Google Scholar
- 15.Plonka, D., Berger, A.: Temporal and spatial classification of active IPv6 addresses. In: Proceedings of the ACM Internet Measurement Conference, pp. 509–522. ACM (2015)Google Scholar
- 16.Richter, P., Smaragdakis, G., Plonka, D., Berger, A.: Beyond counting: new perspectives on the active IPv4 address space. In: Proceedings of the ACM Internet Measurement Conference (2016)Google Scholar
- 17.Ripe NCC: RIPE atlas. http://atlas.ripe.net
- 18.Ripe NCC: RIPE Routing Information Service (RIS). https://www.ripe.net/analyse/internetmeasurements/routing-information-service-ris
- 19.ShadowServer Foundation: The scannings will continue until the internet improves (2014). http://blog.shadowserver.org/2014/03/28/the-scannings-will-continue-until-the-internet-improves/
- 20.University of Oregon: Route Views Project. http://bgplay.routeviews.org
- 21.Vixie, P.A.: It’s time for an internet-wide recommitment to measurement: and here’s how we should do it. In: Proceedings of the International Workshop on Traffic Measurements for Cybersecurity (2016)Google Scholar
- 22.Zhang, B., Liu, R., Massey, D., Zhang, L.: Collecting the internet as-level topology. ACM Comput. Commun. Rev. 35(1), 53–61 (2005)CrossRefGoogle Scholar