Pushing Alias Resolution to the Limit (2309.15622v1)
Abstract: In this paper, we show that utilizing multiple protocols offers a unique opportunity to improve IP alias resolution and dual-stack inference substantially. Our key observation is that prevalent protocols, e.g., SSH and BGP, reply to unsolicited requests with a set of values that can be combined to form a unique device identifier. More importantly, this is possible by just completing the TCP hand-shake. Our empirical study shows that utilizing readily available scans and our active measurements can double the discovered IPv4 alias sets and more than 30x the dual-stack sets compared to the state-of-the-art techniques. We provide insights into our method's accuracy and performance compared to popular techniques.
- Third Time’s Not a Charm: Exploiting SNMPv3 for Router Fingerprinting. In ACM IMC.
- Pushing Alias Resolution to the Limit (artifacts). https://routerfingerprinting.github.io/.
- Fixing Ally’s Growing Pains with Velocity Modeling. In ACM IMC.
- Internet Nameserver IPv4 and IPv6 Address Relationships. In ACM IMC.
- CAIDA. 2023. iffinder. https://catalog.caida.org/software/iffinder.
- Ravi Chandra and John Scudder. 2009. Capabilities Advertisement with BGP-4. IETF RFC 5492.
- A Server-to-Server View of the Internet. In ACM CoNEXT.
- kc claffy. 2011. Tracking IPv6 Evolution: Data We Have and Data We Need. ACM Computer Communication Review 3 (2011). Issue 41.
- Don’t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy. In NDSS.
- The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research. U.S. Department of Homeland Security (2012).
- Active and Passive Collection of SSH Key Material for Cyber Threat Intelligence. Digital Threats (2022).
- A Search Engine Backed by Internet-Wide Scanning. In ACM CCS.
- ZMap: Fast Internet-Wide Scanning and its Security Applications. In USENIX Security Symposium.
- A Deeper Understanding of SSH: Results from Internet-wide scans. In IEEE/IFIP Network Operations and Management Symposium.
- Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists. In ACM IMC.
- ZGrab 2.0 GitHub. 2023. Fast Go Application Scanner. urlhttps://github.com/zmap/zgrab2.
- Mehmet Hadi Gunes and Kamil Sarac. 2007. Importance of IP Alias Resolution in Sampling Internet Topologies. In IEEE Global Internet Symposium.
- John A. Hawkinson and Tony J. Bates. 1996. Guidelines for creation, selection, and registration of an Autonomous System (AS). https://www.rfc-editor.org/info/rfc1930
- Mining your Ps and Qs: Detection of widespreadweak keys in network devices. In USENIX Security Symposium.
- Internet-Scale IPv4 Alias Resolution with MIDAR. IEEE/ACM Trans. Networking 21 (2013). Issue 2.
- Chris M. Lonvick and Tatu Ylonen. 2006. The Secure Shell (SSH) Transport Layer Protocol. https://www.rfc-editor.org/info/rfc4253
- Speedtrap: Internet-Scale IPv6 Alias Resolution. In ACM IMC.
- Learning Regexes to Extract Router Names from Hostnames. In ACM IMC.
- DynamIPs: Analyzing address assignment practices in IPv4 and IPv6. In ACM CoNEXT.
- Craig Partridge and Mark Allman. 2016. Ethical Considerations in Network Measurement Papers. Comm. of the ACM 59, 10 (2016).
- Understanding the Share of IPv6 Traffic in a Dual-stack ISP. In PAM.
- A Border Gateway Protocol 4 (BGP-4). IEFT RFC 4271.
- Measuring ISP topologies with Rocketfuel. In ACM SIGCOMM.
- Internet Scale Reverse Traceroute. In ACM IMC.
- On the Origin of Scanning: The Impact of Location on Internet-Wide Scans. In ACM IMC.
- Fingerprinting Bots in a Hybrid Honeypot. In SoutheastCon 2023. 76–80.
- Rusty Clusters? Dusting an IPv6 Research Foundation. In ACM IMC.
Sponsor
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Collections
Sign up for free to add this paper to one or more collections.