Inferring Internet server IPv4 and IPv6 address relationships
MetadataShow full item record
While IPv6 is finally experiencing non-trivial deployment, IPv4 and IPv6 are expected to co-exist for the foreseeable future, implying dual-stacked devices, and protocol interdependence. We develop and deploy a system for characterizing the association between IPv4 and IPv6 addresses ("siblings") within network server infrastructure, with specific forcus on Internet DNS and web servers. We develop two novel techniques for finding DNS resolver sibling groups, one passive and one active. For 674k observed (IPv4, IPv6) address pairs, we find that 34% of the addresses are one-to-one, i.e. appear in no other pair. Yet there are also complex cases, where distributed DNS resolution creates interconnected series of nameserver address pairs that can span continents and autonomous systems, compexity confirmed using active probing. We then describe a targeted method to actively interrogate candidate (IPv4, IPv6) pairs to determine if they are assigned to the same device. We find that the IPv4 and IPv6 addresses of Internet servers frequently belong to different interfaces, machines, and even autonomous systems Our results have important implications on network resilience, security, geolocation and performance measurement.
Showing items related by title, author, creator and subject.
Rye, Erik C.; Martin, Jeremy; Beverly, Robert ;This position paper considers the privacy and security implications of EUI-64-based IPv6 addresses. By encoding MAC addresses, EUI-64 addresses violate layers by exposing hardware identifiers in IPv6 addresses. The ...
Rowe, Neil C.; Schwamm, Riqui; McCarrin, Michael R.; Gera, Ralucca (ADFSL, 2016);Drives found during investigations often have useful information in the form of email addresses, which can be acquired by search in the raw drive data independent of the file system. Using these data, we can build a picture ...
Allen, Gregory (Monterey, California: Naval Postgraduate School, 2016-09);Email addresses extracted from secondary storage devices are important to a forensic analyst when conducting an investigation. They can provide insight into the user's social network and help identify other potential persons ...