Zeroing in on Port 0 Traffic in the Wild

Maghsoudlou, Aniss; Gasser, Oliver; Feldmann, Anja

doi:10.1007/978-3-030-72582-2_32

Cited by 6 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We are able to successfully map all flows to well-known ports in MAWI; except one flow with both high-ports and two flows with reserved value zero as the source port. The latter could be attributed to misconfigured devices [39]. For CAIDA, we find more than 80% of source ports in the well-known range and a majority of destination ports as ephemeral; indicating that the link mostly carries server-to-client upstream traffic.…”

Section: B Mptcp Application Usagementioning

confidence: 82%

From Single Lane to Highways: Analyzing the Adoption of Multipath TCP in the Internet

Aschenbrenner¹,

Shreedhar

Gasser³

et al. 2021

2021 IFIP Networking Conference (IFIP Networking)

Self Cite

View full text Add to dashboard Cite

Multipath TCP (MPTCP) extends traditional TCP to enable simultaneous use of multiple connection endpoints at the source and destination. MPTCP has been under active development since its standardization in 2013, and more recently in February 2020, MPTCP was upstreamed to the Linux kernel.In this paper, we provide the first broad analysis of MPTCPv0 in the Internet. We probe the entire IPv4 address space and an IPv6 hitlist to detect MPTCP-enabled systems operational on port 80 and 443. Our scans reveal a steady increase in MPTCPcapable IPs, reaching 9k+ on IPv4 and a few dozen on IPv6. We also discover a significant share of seemingly MPTCP-capable hosts, an artifact of middleboxes mirroring TCP options. We conduct targeted HTTP(S) measurements towards select hosts and find that middleboxes can aggressively impact the perceived quality of applications utilizing MPTCP. Finally, we analyze two complementary traffic traces from CAIDA and MAWI to shed light on the real-world usage of MPTCP. We find that while MPTCP usage has increased by a factor of 20 over the past few years, its traffic share is still quite low.

show abstract

Section: B Mptcp Application Usagementioning

confidence: 82%

From Single Lane to Highways: Analyzing the Adoption of Multipath TCP in the Internet

Aschenbrenner¹,

Shreedhar

Gasser³

et al. 2021

2021 IFIP Networking Conference (IFIP Networking)

Self Cite

View full text Add to dashboard Cite

show abstract

“…In the period studied, the overall traffic share of port 0 increased approximately by 60%. For more details, see also [7].…”

Section: Application Activity Shiftsmentioning

confidence: 99%

COVID-19 Pandemic and Internet Traffic in Poland: Evidence from Selected Regional Networks

Karpowicz¹

2021

JTIT

View full text Add to dashboard Cite

The COVID-19 pandemic has forced governments all over the world to impose lockdowns keeping citizens at home in order to limit the virus spread rate. The paper compares weekly traffic samples captured in the selected nodes of the network managed by NASK -National Research Institute during the pre-lockdown period, i.e. between January 27 and February 3, 2020, with those captured between March 30 and April 6, 2020, i.e. after the lockdown was announced. The presented results show changes in network traffic observed during the periods of time in question and illustrate the evolution in the popularity of top network services.

show abstract

“…While reserved [52] but never assigned and treated as request for a system-allocated port by socket APIs, port 0 should not be observed in Internet traffic. Prior work [12,37,11,35,21,39] observed low volumes of port 0 Internet traffic. Its origin can be multifold, e.g., as target port for DDoS attacks [37] or scanning [11] and system fingerprinting [37].…”

Section: Introductionmentioning

confidence: 99%

DDoS Never Dies? An IXP Perspective on DDoS Amplification Attacks

Köpp¹,

Dietzel²,

Hohlfeld³

2021

Preprint

View full text Add to dashboard Cite

DDoS attacks remain a major security threat to the continuous operation of Internet edge infrastructures, web services, and cloud platforms. While a large body of research focuses on DDoS detection and protection, to date we ultimately failed to eradicate DDoS altogether. Yet, the landscape of DDoS attack mechanisms is even evolving, demanding an updated perspective on DDoS attacks in the wild. In this paper, we identify up to 2608 DDoS amplification attacks at a single day by analyzing multiple Tbps of traffic flows at a major IXP with a rich ecosystem of different networks. We observe the prevalence of wellknown amplification attack protocols (e.g., NTP, CLDAP), which should no longer exist given the established mitigation strategies. Nevertheless, they pose the largest fraction on DDoS amplification attacks within our observation and we witness the emergence of DDoS attacks using recently discovered amplification protocols (e.g., OpenVPN, ARMS, Ubiquity Discovery Protocol). By analyzing the impact of DDoS on core Internet infrastructure, we show that DDoS can overload backbone-capacity and that filtering approaches in prior work omit 97% of the attack traffic.

show abstract

Zeroing in on Port 0 Traffic in the Wild

Cited by 6 publications

References 17 publications

From Single Lane to Highways: Analyzing the Adoption of Multipath TCP in the Internet

From Single Lane to Highways: Analyzing the Adoption of Multipath TCP in the Internet

COVID-19 Pandemic and Internet Traffic in Poland: Evidence from Selected Regional Networks

DDoS Never Dies? An IXP Perspective on DDoS Amplification Attacks

Contact Info

Product

Resources

About