TY - GEN
T1 - Original SYN
T2 - 34th IEEE Annual Conference on Computer Communications and Networks, IEEE INFOCOM 2015
AU - Zhang, Xu
AU - Knockel, Jeffrey
AU - Crandall, Jedidiah R.
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/8/21
Y1 - 2015/8/21
N2 - We present an Internet measurement technique for finding machines that are hidden behind firewalls. That is, if a firewall prevents outside IP addresses from sending packets to an internal protected machine that is only accessible on the local network, our technique can still find the machine. We employ a novel TCP/IP side channel technique to achieve this. The technique uses side channels in 'zombie' machines to learn information about the network from the perspective of a zombie. Unlike previous TCP/IP side channel techniques, our technique does not require a high packet rate and does not cause denial-of-service. We also make no assumptions about globally incrementing IPIDs, as do idle scans. This paper addresses two key questions about our technique: how many machines are there on the Internet that are hidden behind firewalls, and how common is ingress filtering that prevents our scan by not allowing spoofed IP packets into the network. We answer both of these questions, respectively, by finding 1,296 hidden machines and measuring that only 23.9% of our candidate zombie machines are on networks that perform ingress filtering.
AB - We present an Internet measurement technique for finding machines that are hidden behind firewalls. That is, if a firewall prevents outside IP addresses from sending packets to an internal protected machine that is only accessible on the local network, our technique can still find the machine. We employ a novel TCP/IP side channel technique to achieve this. The technique uses side channels in 'zombie' machines to learn information about the network from the perspective of a zombie. Unlike previous TCP/IP side channel techniques, our technique does not require a high packet rate and does not cause denial-of-service. We also make no assumptions about globally incrementing IPIDs, as do idle scans. This paper addresses two key questions about our technique: how many machines are there on the Internet that are hidden behind firewalls, and how common is ingress filtering that prevents our scan by not allowing spoofed IP packets into the network. We answer both of these questions, respectively, by finding 1,296 hidden machines and measuring that only 23.9% of our candidate zombie machines are on networks that perform ingress filtering.
UR - http://www.scopus.com/inward/record.url?scp=84954205267&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84954205267&partnerID=8YFLogxK
U2 - 10.1109/INFOCOM.2015.7218441
DO - 10.1109/INFOCOM.2015.7218441
M3 - Conference contribution
AN - SCOPUS:84954205267
T3 - Proceedings - IEEE INFOCOM
SP - 720
EP - 728
BT - 2015 IEEE Conference on Computer Communications, IEEE INFOCOM 2015
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 26 April 2015 through 1 May 2015
ER -