Transcript Internet Measurements

Lecture 27:
Internet Measurement
CS 765: Complex Networks
Traffic Measurements
 Monitoring and measuring network traffic
 to produce better models of network behavior
 to diagnose failures and detect anomalies
 to defend against unwanted traffic
 Live weather map
 Internernet2
 PlanetLab
2
A Census of
the Internet
Address
Space
http://www.isi.edu/ant/address/browse/
3
Code-Red Worm
 On July 19, 2001, more than 359,000 computers connected to the
Internet were infected with the Code-Red (CRv2) worm in less than
14 hours
 Spread
4
Sapphire Worm
 was the fastest computer worm in history
 doubled in size every 8.5 seconds
 infected more than 90 percent of vulnerable hosts within 10
minutes.
5
Witty Worm
 reached its peak activity after approximately 45 minutes
 at which point the majority of vulnerable hosts had been infected
 World
 USA
6
Nyxem Email Virus
 Estimate of total number of infected computers is
between 470K and 945K
 At least 45K of the infected computers were also
compromised by other forms of spyware or botware
 Spread
7
Scam Hosting
 Study dynamics of scam hosting infrastructure
8
Sipscan scan
 a botnet-orchestrated stealth scan of the entire IPv4
address space
 during 31 Jan - 12 Feb 2011
 originated from ~3 million IP addresses
 heavily coordinated
 unusually covert scanning strategy
 to discover and compromise VoIP-related (SIP server) infrastructure
http://www.youtube.com/watch?v=n6MRlEJeD8M
9
Anonymizer Usage
 Anonymity network usage analysis
 205 million packets
 about 1.44TB data
 Analyzed Anonymity Networks
Network
Servers
Service
Tor
61,798
General
I2P
2,267
P2P
JAP
11
General
Remailers
15
Email
Proxies
7,246
General
Commercial
Anomymizer,Gotrusted
General
Anonymity Network Geolocation
Tor usage
12
Host Classification
Client vs Server
Personal vs Public
Web vs Email Server
Two Colleges
13
Measurement Studies
 Glasnost
 tests whether BitTorrent is being blocked or throttled
 BW-meter
 Measurement tools for the capacity and load of Internet paths
 NPAD Diagnostics Servers
 Automatic diagnostic server for troubleshooting end-systems and
last-mile network problems
 iPlane
 construct a router interface-level atlas of the Internet
 measuring link attributes
 Hubble
 find persistent Internet black holes as they occur
14
Measurement Studies
 Japanese ISP traffic
 http://www.caida.org/tools/visualization/cuttlefish/pics/japan-
traces.gif
 DNS workload
 http://www.caida.org/research/dns/cl/animated_maps/images/cl-
worldmap.animated.queries.gif
 Egypt Internet Blackout
 http://www.caida.org/publications/papers/2013/coordinated_view
_internet_events/supplemental/egypt.composite.mp4
 http://youtu.be/4Khc0XgvdbM
 http://youtu.be/YWXgWfNxR9Q
15
Internet Measurements
 The Internet is man-made, so why do we need to
measure it?
 Because we still don’t really understand it
 Sometimes things go wrong
 Malicious users
 Measurement for network operations
 Detecting and diagnosing problems
 What-if analysis of future changes
 Measurement for scientific discovery
 Creating accurate models that represent reality
 Identifying new features and phenomena
16