Abstract
Current large-scale IPv6 studies mostly rely on non-public datasets, as most public datasets are domain specific. For instance, traceroute-based datasets are biased toward network equipment. In this paper, we present a new methodology to collect IPv6 address datasets that does not require access to restricted network vantage points. We collect a new dataset spanning more than 5.8 million IPv6 addresses by exploiting DNS’ denial of existence semantics (NXDOMAIN). This paper documents our efforts in obtaining new datasets of allocated IPv6 addresses, so others can avoid the obstacles we encountered.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Atkins, D., Austein, R.: Threat Analysis of the Domain Name System (DNS). RFC3833
Bortzmeyer, S., Huque, S.: NXDOMAIN: There Really is Nothing Underneath. RFC8020
Chatzis, N., Smaragdakis, G., Böttger, J., Krenc, T., Feldmann, A.: On the benefits of using a large ixp as an internet vantage point. In: Proceedings of the ACM Internet Measurement Conference, pp. 333–346 (2013)
Czyz, J., Allman, M., Zhang, J., Iekel-Johnson, S., Osterweil, E., Bailey, M.: Measuring IPv6 adoption. Proc. ACM SIGCOMM 44(4), 87–98 (2014)
Czyz, J., Luckie, M., Allman, M., Bailey, M.: Don’t forget to lock the back door! a characterization of ipv6 network security policy. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS), vol. 389 (2016)
Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: Proceedings of the USENIX Security Symposium, pp. 605–620 (2013)
Fiebig, T., Danisevskis, J., Piekarska, M.: A metric for the evaluation and comparison of keylogger performance. In: Proceedings of the USENIX Security Workshop on Cyber Security Experimentation and Test (CSET) (2014)
Foremski, P., Plonka, D., Berger, A.: Entropy/IP: uncovering structure in IPv6 addresses. In: Proceedings of the ACM Internet Measurement Conference (2016)
Gasser, O., Scheitle, Q., Gebhard, S., Carle, G.: Scanning the IPv6 internet: towards a comprehensive hitlist (2016)
Gont, F., Chown, T.: Network Reconnaissance in IPv6 Networks. RFC7707
Hinden, R., Deering, S.: IP Version 6 Addressing Architecture. RFC4291
Mockapetris, P.: Domain names - concepts and facilities. RFC1034
Mockapetris, P.: Domain names - implementation and specification. RFC1035
Nussbaum, L., Neyron, P., Richard, O.: On robust covert channels inside DNS. In: Proceedings of the International Information Security Conference (IFIP), pp. 51–62 (2009)
Plonka, D., Berger, A.: Temporal and spatial classification of active IPv6 addresses. In: Proceedings of the ACM Internet Measurement Conference, pp. 509–522. ACM (2015)
Richter, P., Smaragdakis, G., Plonka, D., Berger, A.: Beyond counting: new perspectives on the active IPv4 address space. In: Proceedings of the ACM Internet Measurement Conference (2016)
Ripe NCC: RIPE atlas. http://atlas.ripe.net
Ripe NCC: RIPE Routing Information Service (RIS). https://www.ripe.net/analyse/internetmeasurements/routing-information-service-ris
ShadowServer Foundation: The scannings will continue until the internet improves (2014). http://blog.shadowserver.org/2014/03/28/the-scannings-will-continue-until-the-internet-improves/
University of Oregon: Route Views Project. http://bgplay.routeviews.org
Vixie, P.A.: It’s time for an internet-wide recommitment to measurement: and here’s how we should do it. In: Proceedings of the International Workshop on Traffic Measurements for Cybersecurity (2016)
Zhang, B., Liu, R., Massey, D., Zhang, L.: Collecting the internet as-level topology. ACM Comput. Commun. Rev. 35(1), 53–61 (2005)
Acknowledgements
We thank the anonymous reviewers for their helpful feedback and suggestions, and Peter van Dijk for suggesting this research path to us. This material is based on research supported or sponsored by the Office of Naval Research (ONR) under Award No. N00014-15-1-2948, the Space and Naval Warfare Systems Command (SPAWAR) under Award No. N66001-13-2-4039, the National Science Foundation (NSF) under Award No. CNS-1408632, the Defense Advanced Research Projects Agency (DARPA) under agreement number FA8750-15-2-0084, a Security, Privacy and Anti-Abuse award from Google, SBA Research, the Bundesministerium fĂĽr Bildung und Forschung (BMBF) under Award No. KIS1DSD032 (Project Enzevalos), a Leibniz Price project by the German Research Foundation (DFG) under Award No. FKZ FE 570/4-1. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The opinions, views, and conclusions contained herein are those of the author(s) and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of ONR, SPAWAR, NSF, DARPA, the U.S. Government, Google, SBA Research, BMBF, or DFG.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Fiebig, T., Borgolte, K., Hao, S., Kruegel, C., Vigna, G. (2017). Something from Nothing (There): Collecting Global IPv6 Datasets from DNS. In: Kaafar, M., Uhlig, S., Amann, J. (eds) Passive and Active Measurement. PAM 2017. Lecture Notes in Computer Science(), vol 10176. Springer, Cham. https://doi.org/10.1007/978-3-319-54328-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-54328-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54327-7
Online ISBN: 978-3-319-54328-4
eBook Packages: Computer ScienceComputer Science (R0)