当前位置: X-MOL 学术Comput. Netw. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Spoofed traffic inference at IXPs: Challenges, methods and analysis
Computer Networks ( IF 4.4 ) Pub Date : 2020-08-01 , DOI: 10.1016/j.comnet.2020.107452
Lucas Müller , Matthew Luckie , Bradley Huffaker , kc claffy , Marinho Barcellos

Ascertaining that a network will forward spoofed traffic usually requires an active probing vantage point in that network, effectively preventing a comprehensive view of this global Internet vulnerability. Recently, researchers have proposed using Internet Exchange Points (IXPs) as observatories to detect spoofed packets, by leveraging Autonomous System (AS) topology knowledge extracted from Border Gateway Protocol (BGP) data to infer which source addresses should legitimately appear across parts of the IXP switch fabric. We demonstrate that the existing literature does not capture several fundamental challenges to this approach, including noise in BGP data sources, heuristic AS relationship inference, and idiosyncrasies in IXP interconnectivity fabrics. We propose Spoofer-IX, a novel method to navigate these challenges, leveraging customer cone semantics of AS relationships to guide precise classification of inter-domain traffic as in-cone, out-of-cone (spoofed), unverifiable, bogon, and unassigned. We apply our method in three distinct periods to two IXPs, with 200+ and 1,600+ members each, and find an upper bound volume of out-of-cone traffic to be more than an order of magnitude less than the previous method inferred on the same data, revealing the practical importance of customer cone semantics in such analysis. We observed no significant improvement in deployment of Source Address Validation (SAV) in networks using the mid-size IXP between 2017 and 2019. In hopes that our methods and tools generalize to use by other IXPs who want to avoid use of their infrastructure for launching spoofed-source DoS attacks, we explore the feasibility of scaling the system to larger and more diverse IXP infrastructures. To promote this goal, and broad replicability of our results, we make the source code of Spoofer-IX publicly available.



中文翻译:

IXP上的假流量推断:挑战,方法和分析

确定网络将转发欺骗的流量通常需要该网络中的一个主动探测有利位置,从而有效地防止了对该全球Internet漏洞的全面了解。最近,研究人员建议使用Internet交换点(IXP)作为观测站,通过利用从边界网关协议(BGP)数据中提取的自治系统(AS)拓扑知识来推断哪些源地址应合法出现在IXP的各个部分,以检测欺骗性数据包。交换结构。我们证明,现有文献并未捕获此方法的几个基本挑战,包括BGP数据源中的噪声,启发式AS关系推断以及IXP互连结构中的特质。我们提出Spoofer-IX,这是一种利用这些挑战来应对这些挑战的新颖方法AS关系的客户锥体语义,以指导将域间流量精确分类为圆锥内,圆锥外(欺骗)),不可验证,无边距和未分配。我们在三个不同的时期将我们的方法应用于两个IXP,每个IXP分别拥有200+和1,600+成员,并且发现圆锥外流量的上限比根据之前推论得出的方法小一个数量级。相同的数据,揭示了客户锥体语义在此类分析中的实际重要性。我们发现,在2017年至2019年之间,使用中型IXP的网络中的源地址验证(SAV)部署没有显着改善。希望我们的方法和工具能被其他希望避免使用其基础架构来启动的其他IXP普遍使用通过欺骗性源DoS攻击,我们探索了将系统扩展到更大,更多样化的IXP基础架构的可行性。为了实现这一目标并广泛推广我们的结果,

更新日期:2020-08-12
down
wechat
bug