2015
DOI: 10.1007/978-3-319-15509-8_12
|View full text |Cite
|
Sign up to set email alerts
|

Server Siblings: Identifying Shared IPv4/IPv6 Infrastructure Via Active Fingerprinting

Abstract: Abstract. We present, validate, and apply an active measurement technique that ascertains whether candidate IPv4 and IPv6 server addresses are "siblings," i.e., assigned to the same physical machine. In contrast to prior efforts limited to passive monitoring, opportunistic measurements, or end-client populations, we propose an active methodology that generalizes to all TCP-reachable devices, including servers. Our method extends prior device fingerprinting techniques to improve their feasibility in modern envi… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

1
22
0

Year Published

2016
2016
2024
2024

Publication Types

Select...
5
3
1

Relationship

1
8

Authors

Journals

citations
Cited by 29 publications
(23 citation statements)
references
References 11 publications
1
22
0
Order By: Relevance
“…Finally, iGreedy could be useful in general, adding e.g., a relevant feature for troubleshooting [56], including e.g., ensuring reachability of specific anycast replicas, or detecting unexpected affinity between a specific replica and (a faraway) vantage point. Additionally, some inference techniques could be applied only on the unicast context [57], [58], where authors generally have to resort to some heuristic to discard suspiciously anycasted instances: in this context, iGreedy could either automatically validate the assumption, or raise a flag forbidding to use such unicast-only techniques in case of positive detection.…”
Section: Applicationsmentioning
confidence: 99%
“…Finally, iGreedy could be useful in general, adding e.g., a relevant feature for troubleshooting [56], including e.g., ensuring reachability of specific anycast replicas, or detecting unexpected affinity between a specific replica and (a faraway) vantage point. Additionally, some inference techniques could be applied only on the unicast context [57], [58], where authors generally have to resort to some heuristic to discard suspiciously anycasted instances: in this context, iGreedy could either automatically validate the assumption, or raise a flag forbidding to use such unicast-only techniques in case of positive detection.…”
Section: Applicationsmentioning
confidence: 99%
“…This technique only works on DNS clients or open resolvers, and requires a DNS server backend infrastructure. In 2015, Beverly and Berger [10] refine prior work on remote clock skew estimation through TCP timestamps and apply it to actively probe IPv6-IPv4 servers for sibling classification. Their algorithm is as follows: First, they filter non-siblings based on different TCP option signatures.…”
Section: Related Workmentioning
confidence: 99%
“…This level of relation may help to draw deeper conclusions from service-level IPv6-IPv4 comparative studies, e.g., on latency [7] or security comparisons [12]. We base our classification approach on active measurements of TCP timestamps, based on prior work by Kohno [19], Zander [32], and Beverly and Berger [10]. Our approach leverages novel features, such as the identification of unique nonlinear patterns caused by variable skew.…”
Section: Introductionmentioning
confidence: 99%
“…Stack fingerprinting is often used in market-share analysis [19], [20], Internet characterization [11], [14], research measurements [4], [8], [15], and security, where administrators aim to discover vulnerable devices and/or stealth intruders in the network [1], [17], [26]. We split the work across two main categories in Fig.…”
Section: A Remote Os Classificationmentioning
confidence: 99%