Server Siblings: Identifying Shared IPv4/IPv6 Infrastructure via Active Fingerprinting
Loading...
Authors
Beverly, Robert
Berger, Arthur
Subjects
Advisors
Date of Issue
2015
Date
Publisher
Language
Abstract
We present, validate, and apply an active measurement tech-
nique that ascertains whether candidate IPv4 and IPv6 server addresses
are “siblings,” i.e., assigned to the same physical machine. In contrast to
prior efforts limited to passive monitoring, opportunistic measurements,
or end-client populations, we propose an active methodology that gen-
eralizes to all TCP-reachable devices, including servers. Our method ex-
tends prior device fingerprinting techniques to improve their feasibility
in modern environments, and uses them to support measurement-based
detection of sibling interfaces. We validate our technique against a di-
verse set of 61 web servers with known sibling addresses and find it to be
over 97% accurate with 99% precision. Finally, we apply the technique
to characterize the top ∼6,400 Alexa IPv6-capable web domains, and
discover that a DNS name in common does not imply that the corre-
sponding IPv4 and IPv6 addresses are on the same machine, network,
or even autonomous system. Understanding sibling and non-sibling rela-
tionships gives insight not only into IPv6 deployment and evolution, but
also helps characterize the potential for correlated failures and suscepti-
bility to certain attacks.
Type
Article
Presentation
Presentation
Description
Includes article and presentation.
PAM 2015 - 16th Passive and Active Measurement Conference
PAM 2015 - 16th Passive and Active Measurement Conference
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
This work supported by in part by NSF grant CNS-1111445 and De- partment of Homeland Security (DHS) S&T contract N66001-2250-58231.
Funder
Format
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.