A METHOD FOR INCONSPICUOUS TRACEROUTE Jonathan Haber.

Slides:



Advertisements
Similar presentations
RIP V1 W.lilakiatsakun.
Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)
Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.
Chapter 5 The Network Layer.
Examining IP Header Fields
Internet Networking Spring 2003
Measurement in the Internet. Outline Internet topology Bandwidth estimation Tomography Workload characterization Routing dynamics.
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.
User-level Internet Path Diagnosis R. Mahajan, N. Spring, D. Wetherall and T. Anderson.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
ICMP: Ping and Trace CCNA 1 version 3.0 Rick Graziani Spring 2005.
Network Measurement Bandwidth Analysis. Why measure bandwidth? Network congestion has increased tremendously. Network congestion has increased tremendously.
IPv6 Fundamentals Chapter 2: IPv6 Protocol
1 ICMP – Using Ping and Trace CCNA Semester
INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION  Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University.
CCNA Introduction to Networking 5.0 Rick Graziani Cabrillo College
4: Network Layer4a-1 IP datagram format ver length 32 bits data (variable length, typically a TCP or UDP segment) 16-bit identifier Internet checksum time.
Internet Control Message Protocol ICMP. ICMP has two major purposes: –To report erroneous conditions –To diagnose network problems ICMP has two major.
Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Internet Control Message Protocol ICMP author -- J. Postel, September The purpose.
ICMP (Internet Control Message Protocol) Computer Networks By: Saeedeh Zahmatkesh spring.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Network Layer ICMP and fragmentation.
IIT Indore © Neminath Hubballi
Problem Statement Map of OSU Routers Gopi Krishna Tummala Rupam Kundu Graduate Students The Ohio State University.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Internet Control Message Protocol (ICMP) Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.
Exploring the Packet Delivery Process Chapter
Tony McGregor RIPE NCC Visiting Researcher The University of Waikato Optimising Path Discovery Doubletree.
PA3: Router Junxian (Jim) Huang EECS 489 W11 /
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 8 TCP/IP Suite Error and Control Messages.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 9 Basic Router Troubleshooting.
PC1 LAN GW SP RTR1 SP RTR2 DST 4 * 25 ms 21 ms dst [ ] 4. A third packet is sent with TTL=3, which decrements at each hop, and expires after RTR2,
TCOM 515 IP Routing. Syllabus Objectives IP header IP addresses, classes and subnetting Routing tables Routing decisions Directly connected routes Static.
Chapter 22 Q and A Victor Norman CS 332 Spring 2014.
Dr. John P. Abraham Professor UTPA
Chapter 81 Internet Protocol (IP) Our greatest glory is not in never failing, but in rising up every time we fail. - Ralph Waldo Emerson.
Internet Protocol ECS 152B Ref: slides by J. Kurose and K. Ross.
1 Internet Control Message Protocol (ICMP) Used to send error and control messages. It is a necessary part of the TCP/IP suite. It is above the IP module.
CS4550 Computer Networks II IP : internet protocol, part 2 : packet formats, routing, routing tables, ICMP read feit chapter 6.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI Network Layer Network Fundamentals – Chapter 5.
CCNA 2 Week 9 Router Troubleshooting. Copyright © 2005 University of Bolton Topics Routing Table Overview Network Testing Troubleshooting Router Issues.
4: Network Layer4a-1 13: Intro to IP and ICMP Last Modified: 11/9/2015 7:16:06 PM.
Chapter 23 Internet Control Message Protocol used to report information and errors IP uses ICMP when it sends an error message ICMP uses IP to transport.
1 An Error Reporting Mechanism (ICMP). 2 IP Semantics IP is best-effort Datagrams can be –Lost –Delayed –Duplicated –Delivered out of order –Corrupted.
1 Chapter 23 Internetworking Part 3 (Control Messages, Error Handling, ICMP)
Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.
1 Computer Communication & Networks Lecture 19 Network Layer: IP and Address Mapping Waleed Ejaz.
1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives.
Lecture 21: Network Primer 7/9/2003 CSCE 590 Summer 2003.
A METHOD FOR INCONSPICUOUS TRACEROUTE Jonathan Haber.
IP packet filtering Breno de Medeiros. Florida State University Fall 2005 Packet filtering Packet filtering is a network security mechanism that works.
1 Chapter 23 Internetworking Part 3 (Control Messages, Error Handling, ICMP)
Ping and Traceroute by Aleisa A. Drivere Supervisor Graciela Perera.
Avoiding traceroute anomalies with Paris Traceroute
Hping2.
COMPUTER NETWORKS CS610 Lecture-33 Hammad Khalid Khan.
ICMP – Using Ping and Trace
Chapter 2: Static Routing
RESOLVING IP ALIASES USING DISTRIBUTED SYSTEMS
Internet Control Message Protocol (ICMP)
ICMP – Using Ping and Trace
Chapter 2: Static Routing
Internet Control Message Protocol (ICMP)
Multipath tracing with Paris Traceroute
IIT Indore © Neminath Hubballi
46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.
Network Fundamentals – Chapter 5
32 bit destination IP address
Presentation transcript:

A METHOD FOR INCONSPICUOUS TRACEROUTE Jonathan Haber

Internet Protocol  Data broken into packets  Packets have header and data  Packets forwarded to destinations

The Problem?  Internet protocols provide no mechanism for determining what route your data is taking to the destination  Fine when things are working, but routing problems are inevitably going to arise

What is a traceroute?  A tool used to ascertain the path taken by information across the internet  No built-in mechanism to observe these paths, so must devise methods of path inference

How does it work?  Time-to-Live (TTL)  Used to ensure that packets do not float around the Internet indefinitely  Each time a packet is forwarded, its TTL is decremented

How is this used by traceroute?  Send out a packet with TTL of 1, which should cause it to die at the first hop  Wait for message saying where the packet died  Repeat this process, incrementing the TTL each time

Traceroute Graphic TTL = 4 Source Destination

Traceroute Graphic TTL = 4 Source Destination

Traceroute Graphic TTL = 4 TTL = 1 Source Destination

Traceroute Graphic TTL = 2 4 TTL = 1 Source Destination

Traceroute Graphic TTL = 2 4 TTL = 1 TTL = 3 Source Destination

Traceroute Graphic TTL = 2 TTL = 4 TTL = 1 TTL = 3 Source Destination

Traceroute Graphic TTL = 2 TTL = 4 TTL = 1 TTL = 3 TTL = 5 Source Destination

So what’s the problem?  Traceroute information can not be verified  A network might want to falsify this information  Common traceroute implementations have characteristics that make it easy to identify traceroute packets

Example traceroute A router might see: UDP Packet From: To: :33489 TTL: 1 ID: Length: 38 UDP Packet From: To: :33490 TTL: 2 ID: Length: 38 UDP Packet From: To: :33491 TTL: 3 ID: Length: 38

What are falsified responses? A router might:  Respond to a traceroute probe with an incorrect IP address  Intercept traceroute traffic before its destination and spoof responses  Intentionally treat traceroute traffic differently than normal traffic

So far  Implemented new traceroute method using TCP Packets  Goal is to make traceroute traffic harder to identify  Why TCP and not UDP or ICMP?

Details  Implemented in Tcl using hping  Sends TCP probes (SYN) with increasing TTL’s  Has delay between sending probes (variable)  Looks for response, if none found will change packet type

So far  Began collecting data  Still experimenting with traceroute program to maximize responses  Begin to look at data for anomalies

Example traceroute to Youtube.com 11 core lga.net.google.com ( ) ( ) ( ) ( ) ( ) 16 iw-in-f93.1e100.net ( ) 11 core lga.net.google.com ( ) ( ) 13 * * * ( ) ( ) 16 iw-in-f93.1e100.net ( ) New MethodOld Method (TCP/UDP)

Example traceroute to Youtube.com 11 core lga.net.google.com ( ) ( ) ( ) ( ) ( ) 16 iw-in-f93.1e100.net ( ) 11 core lga.net.google.com ( ) ( ) 13 * * * ( ) ( ) 16 iw-in-f93.1e100.net ( ) New MethodOld Method (TCP/UDP)

Example traceroute to Youtube.com 11 core lga.net.google.com ( ) ( ) ( ) ( ) ( ) 16 iw-in-f93.1e100.net ( ) 11 core lga.net.google.com ( ) ( ) 13 * * * ( ) ( ) 16 iw-in-f93.1e100.net ( ) New MethodOld Method (TCP/UDP)

Example traceroute to Youtube.com 11 core lga.net.google.com ( ) ( ) ( ) ( ) ( ) 16 iw-in-f93.1e100.net ( ) 11 core lga.net.google.com ( ) ( ) 13 * * * ( ) ( ) 16 iw-in-f93.1e100.net ( ) New MethodOld Method (TCP/UDP)

Example traceroute to Youtube.com 11 core lga.net.google.com ( ) ( ) ( ) ( ) ( ) 16 iw-in-f93.1e100.net ( ) 11 core lga.net.google.com ( ) ( ) 13 * * * ( ) ( ) 16 iw-in-f93.1e100.net ( ) New MethodOld Method (TCP/UDP)

Example traceroute to Youtube.com 11 core lga.net.google.com ( ) ( ) ( ) ( ) ( ) 16 iw-in-f93.1e100.net ( ) 11 core lga.net.google.com ( ) ( ) 13 * * * ( ) ( ) 16 iw-in-f93.1e100.net ( ) New MethodOld Method (TCP/UDP)

Example traceroute to Youtube.com 11 core lga.net.google.com ( ) ( ) ( ) ( ) ( ) 16 iw-in-f93.1e100.net ( ) 11 core lga.net.google.com ( ) ( ) 13 * * * ( ) ( ) 16 iw-in-f93.1e100.net ( ) New MethodOld Method (TCP/UDP)

Example traceroute to Youtube.com 11 core lga.net.google.com ( ) ( ) ( ) ( ) ( ) 16 iw-in-f93.1e100.net ( ) 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 iw-in-f93.1e100.net ( ) New MethodOld Method (ICMP)

Possible Explanations  Different packet types routed differently  Artifact of load balancing  Traceroute traffic intentionally routed differently  Responding falsely to detected traceroute traffic

To Do  Finish tweaking traceroute program  Continue collecting data  Path differences have already begun to emerge  Try to characterize these differences, their causes, etc.

Papers Referenced  Traceroute Probe Method and Forward IP Path Inference Matthew Luckie, Young Hyun, Bradley Huffaker  Avoiding traceroute anomalies with Paris traceroute Brice Augustin, Xavier Cuvellier, Benjamin Orgogozo, Fabien Viger, Timur Friedman, Matthieu Latapy, Clémence Magnien, Renata Teixeira  Traceroute Data Integrity and Route Concealment Oliver Jensen

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.