Abstract
We present, validate, and apply an active measurement technique that ascertains whether candidate IPv4 and IPv6 server addresses are “siblings,” i.e., assigned to the same physical machine. In contrast to prior efforts limited to passive monitoring, opportunistic measurements, or end-client populations, we propose an active methodology that generalizes to all TCP-reachable devices, including servers. Our method extends prior device fingerprinting techniques to improve their feasibility in modern environments, and uses them to support measurement-based detection of sibling interfaces. We validate our technique against a diverse set of 61 web servers with known sibling addresses and find it to be over 97 % accurate with 99 % precision. Finally, we apply the technique to characterize the top \(\sim \)6,400 Alexa IPv6-capable web domains, and discover that a DNS name in common does not imply that the corresponding IPv4 and IPv6 addresses are on the same machine, network, or even autonomous system. Understanding sibling and non-sibling relationships gives insight not only into IPv6 deployment and evolution, but also helps characterize the potential for correlated failures and susceptibility to certain attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alexa: Top 1,000,000 sites (2014). http://www.alexa.com/topsites
Berger, A., Weaver, N., Beverly, R., Campbell, L.: Internet nameserver IPv4 and IPv6 address relationships. In: Proceedings of the ACM Internet Measurement Conference. pp. 91–104 (2013)
Claffy, K.: Tracking IPv6 evolution: data we have and data we need. SIGCOMM Comput. Commun. Rev. 41(3), 43–48 (2011)
Craven, R., Beverly, R., Allman, M.: A middlebox-cooperative TCP for a non end-to-end internet. In: Proceedings of ACM SIGCOMM, pp. 151–162 (2014)
Czyz, J., Allman, M., Zhang, J., Iekel-Johnson, S., Osterweil, E., Bailey, M.: Measuring IPv6 adoption. In: Proceedings of ACM SIGCOMM, pp. 87–98 (2014)
Dhamdhere, A., Luckie, M., Huffaker, B., Elmokashfi, A., Aben, E., et al.: Measuring the deployment of IPv6: topology, routing and performance. In: Proceedings of the ACM Internet Measurement Conference, pp. 537–550 (2012)
Heuse, M.: Recent advances in IPv6 insecurities. In: Chaos Communications Congress (2010)
Jacobson, V., Braden, R., Borman, D.: TCP Extensions for High Performance. RFC 1323 (May 1992)
Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. In: Proceedings of IEEE Security and Privacy, pp. 211–225 (2005)
Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (2009)
Maxmind: IP Geolocation (2014). http://www.maxmind.com
Meyer, D.: University of Oregon RouteViews (2014). http://www.routeviews.org
Moon, S., Skelly, P., Towsley, D.: Estimation and removal of clock skew from network delay measurements. In: Proceedings of INFOCOM, vol. 1 (Mar 1999)
Ripe, NCC: World IPv6 day measurements (2011). http://v6day.ripe.net
Sarrar, N., Maier, G., Ager, B., Sommer, R., Uhlig, S.: Investigating IPv6 Traffic. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol. 7192, pp. 11–20. Springer, Heidelberg (2012)
Silbersack, M.J.: Improving TCP/IP security through randomization without sacrificing interoperability. In: Proceedings of BSDCan (2006)
Zander, S., Andrew, L.L., Armitage, G., Huston, G., Michaelson, G.: Mitigating sampling error when measuring internet client IPv6 capabilities. In: Proceedings of the ACM Internet Measurement Conference, pp. 87–100 (2012)
Acknowledgments
Thanks to kc claffy, Justin Rohrer, Nick Weaver, and Geoffrey Xie for invaluable feedback. This work supported by in part by NSF grant CNS-1111445 and Department of Homeland Security (DHS) S&T contract N66001-2250-58231. Views and conclusions are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. government.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Beverly, R., Berger, A. (2015). Server Siblings: Identifying Shared IPv4/IPv6 Infrastructure Via Active Fingerprinting. In: Mirkovic, J., Liu, Y. (eds) Passive and Active Measurement. PAM 2015. Lecture Notes in Computer Science(), vol 8995. Springer, Cham. https://doi.org/10.1007/978-3-319-15509-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-15509-8_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-15508-1
Online ISBN: 978-3-319-15509-8
eBook Packages: Computer ScienceComputer Science (R0)