Click here to flash read.
Active Internet measurements face challenges when some measurements require
many remote vantage points. In this paper, we propose a novel technique for
measuring remote IPv6 networks via side channels in ICMP rate limiting, a
required function for IPv6 nodes to limit the rate at which ICMP error messages
are generated. This technique, iVantage, can to some extent use 1.1M remote
routers distributed in 9.5k autonomous systems and 182 countries as our
"vantage points". We apply iVantage to two different, but both challenging
measurement tasks: 1) measuring the deployment of inbound source address
validation (ISAV) and 2) measuring reachability between arbitrary Internet
nodes. We accomplish these two tasks from only one local vantage point without
controlling the targets or relying on other services within the target
networks. Our large-scale ISAV measurements cover ~50% of all IPv6 autonomous
systems and find ~79% of them are vulnerable to spoofing, which is the most
large-scale measurement study of IPv6 ISAV to date. Our method for reachability
measurements achieves over 80% precision and recall in our evaluation. Finally,
we perform an Internet-wide measurement of the ICMP rate limiting
implementations, present a detailed discussion on ICMP rate limiting,
particularly the potential security and privacy risks in the mechanism of ICMP
rate limiting, and provide possible mitigation measures. We make our code
available to the community.
No creative common's license