-
Illuminating Router Vendor Diversity Within Providers and Along Network Paths
Authors:
Taha Albakour,
Oliver Gasser,
Robert Beverly,
Georgios Smaragdakis
Abstract:
The Internet architecture has facilitated a multi-party, distributed, and heterogeneous physical infrastructure where routers from different vendors connect and inter-operate via IP. Such vendor heterogeneity can have important security and policy implications. For example, a security vulnerability may be specific to a particular vendor and implementation, and thus will have a disproportionate imp…
▽ More
The Internet architecture has facilitated a multi-party, distributed, and heterogeneous physical infrastructure where routers from different vendors connect and inter-operate via IP. Such vendor heterogeneity can have important security and policy implications. For example, a security vulnerability may be specific to a particular vendor and implementation, and thus will have a disproportionate impact on particular networks and paths if exploited. From a policy perspective, governments are now explicitly banning particular vendors, or have threatened to do so. Despite these critical issues, the composition of router vendors across the Internet remains largely opaque. Remotely identifying router vendors is challenging due to their strict security posture, indistinguishability due to code sharing across vendors, and noise due to vendor mergers. We make progress in overcoming these challenges by develo** LFP, a tool that improves the coverage, accuracy, and efficiency of router fingerprinting as compared to the current state-of-the-art. We leverage LFP to characterize the degree of router vendor homogeneity within networks and the regional distribution of vendors. We then take a path-centric view and apply LFP to better understand the potential for correlated failures and fate-sharing. Finally, we perform a case study on inter- and intra-United States data paths to explore the feasibility to make vendor-based routing policy decisions, i.e., whether it is possible to avoid a particular vendor given the current infrastructure.
△ Less
Submitted 27 September, 2023;
originally announced September 2023.
-
IP Neo-colonialism: Geo-auditing RIR Address Registrations
Authors:
Robert Beverly
Abstract:
Allocation of the global IP address space is under the purview of IANA, who distributes management responsibility among five geographically distinct Regional Internet Registries (RIRs). Each RIR is empowered to bridge technical (e.g., address uniqueness and aggregatability) and policy (e.g., contact information and IP scarcity) requirements unique to their region. While different RIRs have differe…
▽ More
Allocation of the global IP address space is under the purview of IANA, who distributes management responsibility among five geographically distinct Regional Internet Registries (RIRs). Each RIR is empowered to bridge technical (e.g., address uniqueness and aggregatability) and policy (e.g., contact information and IP scarcity) requirements unique to their region. While different RIRs have different policies for out-of-region address use, little prior systematic analysis has studied where addresses are used post-allocation.
In this preliminary work, we e IPv4 prefix registrations across the five RIRs (50k total prefixes) and utilize the Atlas distributed active measurement infrastructure to geolocate prefixes at RIR-region granularity. We define a taxonomy of registration ``geo-consistency'' by comparing a prefixes' inferred physical location to the allocating RIR's coverage region as well as the registered organization's location. We then apply this methodology and taxonomy to audit the geo-consistency of 10k random IPv4 prefix allocations within each RIR (50k total prefixes). While we find registry information to largely be consistent with our geolocation inferences, we show that some RIRs have a non-trivial fraction of prefixes that are used both outside of the RIR's region and outside of the registered organization's region. A better understanding of such discrepancies can increase transparency for the community and inform ongoing discussions over in-region address use and policy.
△ Less
Submitted 23 August, 2023;
originally announced August 2023.
-
IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation
Authors:
Erik Rye,
Robert Beverly
Abstract:
We present IPvSeeYou, a privacy attack that permits a remote and unprivileged adversary to physically geolocate many residential IPv6 hosts and networks with street-level precision. The crux of our method involves: 1) remotely discovering wide area (WAN) hardware MAC addresses from home routers; 2) correlating these MAC addresses with their WiFi BSSID counterparts of known location; and 3) extendi…
▽ More
We present IPvSeeYou, a privacy attack that permits a remote and unprivileged adversary to physically geolocate many residential IPv6 hosts and networks with street-level precision. The crux of our method involves: 1) remotely discovering wide area (WAN) hardware MAC addresses from home routers; 2) correlating these MAC addresses with their WiFi BSSID counterparts of known location; and 3) extending coverage by associating devices connected to a common penultimate provider router.
We first obtain a large corpus of MACs embedded in IPv6 addresses via high-speed network probing. These MAC addresses are effectively leaked up the protocol stack and largely represent WAN interfaces of residential routers, many of which are all-in-one devices that also provide WiFi. We develop a technique to statistically infer the map** between a router's WAN and WiFi MAC addresses across manufacturers and devices, and mount a large-scale data fusion attack that correlates WAN MACs with WiFi BSSIDs available in wardriving (geolocation) databases. Using these correlations, we geolocate the IPv6 prefixes of $>$12M routers in the wild across 146 countries and territories. Selected validation confirms a median geolocation error of 39 meters. We then exploit technology and deployment constraints to extend the attack to a larger set of IPv6 residential routers by clustering and associating devices with a common penultimate provider router. While we responsibly disclosed our results to several manufacturers and providers, the ossified ecosystem of deployed residential cable and DSL routers suggests that our attack will remain a privacy threat into the foreseeable future.
△ Less
Submitted 15 September, 2022; v1 submitted 13 August, 2022;
originally announced August 2022.
-
AS-Level BGP Community Usage Classification
Authors:
Thomas Krenc,
Robert Beverly,
Georgios Smaragdakis
Abstract:
BGP communities are a popular mechanism used by network operators for traffic engineering, blackholing, and to realize network policies and business strategies. In recent years, many research works have contributed to our understanding of how BGP communities are utilized, as well as how they can reveal secondary insights into real-world events such as outages and security attacks. However, one fun…
▽ More
BGP communities are a popular mechanism used by network operators for traffic engineering, blackholing, and to realize network policies and business strategies. In recent years, many research works have contributed to our understanding of how BGP communities are utilized, as well as how they can reveal secondary insights into real-world events such as outages and security attacks. However, one fundamental question remains unanswered: "Which ASes tag announcements with BGP communities and which remove communities in the announcements they receive?" A grounded understanding of where BGP communities are added or removed can help better model and predict BGP-based actions in the Internet and characterize the strategies of network operators.
In this paper we develop, validate, and share data from the first algorithm that can infer BGP community tagging and cleaning behavior at the AS-level. The algorithm is entirely passive and uses BGP update messages and snapshots, e.g. from public route collectors, as input. First, we quantify the correctness and accuracy of the algorithm in controlled experiments with simulated topologies. To validate in the wild, we announce prefixes with communities and confirm that more than 90% of the ASes that we classify behave as our algorithm predicts. Finally, we apply the algorithm to data from four sets of BGP collectors: RIPE, RouteViews, Isolario, and PCH. Tuned conservatively, our algorithm ascribes community tagging and cleaning behaviors to more than 13k ASes, the majority of which are large networks and providers. We make our algorithm and inferences available as a public resource to the BGP research community.
△ Less
Submitted 7 October, 2021;
originally announced October 2021.
-
Third Time's Not a Charm: Exploiting SNMPv3 for Router Fingerprinting
Authors:
Taha Albakour,
Oliver Gasser,
Robert Beverly,
Georgios Smaragdakis
Abstract:
In this paper, we show that adoption of the SNMPv3 network management protocol standard offers a unique -- but likely unintended -- opportunity for remotely fingerprinting network infrastructure in the wild. Specifically, by sending unsolicited and unauthenticated SNMPv3 requests, we obtain detailed information about the configuration and status of network devices including vendor, uptime, and the…
▽ More
In this paper, we show that adoption of the SNMPv3 network management protocol standard offers a unique -- but likely unintended -- opportunity for remotely fingerprinting network infrastructure in the wild. Specifically, by sending unsolicited and unauthenticated SNMPv3 requests, we obtain detailed information about the configuration and status of network devices including vendor, uptime, and the number of restarts. More importantly, the reply contains a persistent and strong identifier that allows for lightweight Internet-scale alias resolution and dual-stack association. By launching active Internet-wide SNMPv3 scan campaigns, we show that our technique can fingerprint more than 4.6 million devices of which around 350k are network routers. Not only is our technique lightweight and accurate, it is complementary to existing alias resolution, dual-stack inference, and device fingerprinting approaches. Our analysis not only provides fresh insights into the router deployment strategies of network operators worldwide, but also highlights potential vulnerabilities of SNMPv3 as currently deployed.
△ Less
Submitted 6 October, 2021; v1 submitted 30 September, 2021;
originally announced September 2021.
-
Longitudinal Study of an IP Geolocation Database
Authors:
Matthieu Gouel,
Kevin Vermeulen,
Olivier Fourmaux,
Timur Friedman,
Robert Beverly
Abstract:
IP geolocation - the process of map** network identifiers to physical locations - has myriad applications. We examine a large collection of snapshots from a popular geolocation database and take a first look at its longitudinal properties. We define metrics of IP geo-persistence, prevalence, coverage, and movement, and analyse 10 years of geolocation data at different location granularities. Acr…
▽ More
IP geolocation - the process of map** network identifiers to physical locations - has myriad applications. We examine a large collection of snapshots from a popular geolocation database and take a first look at its longitudinal properties. We define metrics of IP geo-persistence, prevalence, coverage, and movement, and analyse 10 years of geolocation data at different location granularities. Across different classes of IP addresses, we find that significant location differences can exist even between successive instances of the database - a previously underappreciated source of potential error when using geolocation data: 47% of end users IP addresses move by more than 40 km in 2019. To assess the sensitivity of research results to the instance of the geo database, we reproduce prior research that depended on geolocation lookups. In this case study, which analyses geolocation database performance on routers, we demonstrate impact of these temporal effects: median distance from ground truth shifted from 167 km to 40 km when using a two months apart snapshot. Based on our findings, we make recommendations for best practices when using geolocation databases in order to best encourage reproducibility and sound measurement.
△ Less
Submitted 8 July, 2021;
originally announced July 2021.
-
Follow the Scent: Defeating IPv6 Prefix Rotation Privacy
Authors:
Erik C. Rye,
Robert Beverly,
kc claffy
Abstract:
IPv6's large address space allows ample freedom for choosing and assigning addresses. To improve client privacy and resist IP-based tracking, standardized techniques leverage this large address space, including privacy extensions and provider prefix rotation. Ephemeral and dynamic IPv6 addresses confound not only tracking and traffic correlation attempts, but also traditional network measurements,…
▽ More
IPv6's large address space allows ample freedom for choosing and assigning addresses. To improve client privacy and resist IP-based tracking, standardized techniques leverage this large address space, including privacy extensions and provider prefix rotation. Ephemeral and dynamic IPv6 addresses confound not only tracking and traffic correlation attempts, but also traditional network measurements, logging, and defense mechanisms. We show that the intended anti-tracking capability of these widely deployed mechanisms is unwittingly subverted by edge routers using legacy IPv6 addressing schemes that embed unique identifiers.
We develop measurement techniques that exploit these legacy devices to make tracking such moving IPv6 clients feasible by combining intelligent search space reduction with modern high-speed active probing. Via an Internet-wide measurement campaign, we discover more than 9M affected edge routers and approximately 13k /48 prefixes employing prefix rotation in hundreds of ASes worldwide. We mount a six-week campaign to characterize the size and dynamics of these deployed IPv6 rotation pools, and demonstrate via a case study the ability to remotely track client address movements over time. We responsibly disclosed our findings to equipment manufacturers, at least one of which subsequently changed their default addressing logic.
△ Less
Submitted 18 December, 2021; v1 submitted 31 January, 2021;
originally announced February 2021.
-
Keep your Communities Clean: Exploring the Routing Message Impact of BGP Communities
Authors:
Thomas Krenc,
Robert Beverly,
Georgios Smaragdakis
Abstract:
BGP communities are widely used to tag prefix aggregates for policy, traffic engineering, and inter-AS signaling. Because individual ASes define their own community semantics, many ASes blindly propagate communities they do not recognize. Prior research has shown the potential security vulnerabilities when communities are not filtered. This work sheds light on a second unintended side-effect of co…
▽ More
BGP communities are widely used to tag prefix aggregates for policy, traffic engineering, and inter-AS signaling. Because individual ASes define their own community semantics, many ASes blindly propagate communities they do not recognize. Prior research has shown the potential security vulnerabilities when communities are not filtered. This work sheds light on a second unintended side-effect of communities and permissive propagation: an increase in unnecessary BGP routing messages. Due to its transitive property, a change in the community attribute induces update messages throughout established routes, just updating communities. We ground our work by characterizing the handling of updates with communities, including when filtered, on multiple real-world BGP implementations in controlled laboratory experiments. We then examine 10 years of BGP messages observed in the wild at two route collector systems. In 2020, approximately 25% of all announcements modify the community attribute, but retain the AS path of the most recent announcement; an additional 25% update neither community nor AS path. Using predictable beacon prefixes, we demonstrate that communities lead to an increase in update messages both at the tagging AS and at neighboring ASes that neither add nor filter communities. This effect is prominent for geolocation communities during path exploration: on a single day, 63% of all unique community attributes are revealed exclusively due to global withdrawals.
△ Less
Submitted 2 November, 2020; v1 submitted 1 October, 2020;
originally announced October 2020.
-
Reading In-Between the Lines: An Analysis of Dissenter
Authors:
Erik Rye,
Jeremy Blackburn,
Robert Beverly
Abstract:
Efforts by content creators and social networks to enforce legal and policy-based norms, e.g. blocking hate speech and users, has driven the rise of unrestricted communication platforms. One such recent effort is Dissenter, a browser and web application that provides a conversational overlay for any web page. These conversations hide in plain sight - users of Dissenter can see and participate in t…
▽ More
Efforts by content creators and social networks to enforce legal and policy-based norms, e.g. blocking hate speech and users, has driven the rise of unrestricted communication platforms. One such recent effort is Dissenter, a browser and web application that provides a conversational overlay for any web page. These conversations hide in plain sight - users of Dissenter can see and participate in this conversation, whereas visitors using other browsers are oblivious to their existence. Further, the website and content owners have no power over the conversation as it resides in an overlay outside their control.
In this work, we obtain a history of Dissenter comments, users, and the websites being discussed, from the initial release of Dissenter in Feb. 2019 through Apr. 2020 (14 months). Our corpus consists of approximately 1.68M comments made by 101k users commenting on 588k distinct URLs. We first analyze macro characteristics of the network, including the user-base, comment distribution, and growth. We then use toxicity dictionaries, Perspective API, and a Natural Language Processing model to understand the nature of the comments and measure the propensity of particular websites and content to elicit hateful and offensive Dissenter comments. Using curated rankings of media bias, we examine the conditional probability of hateful comments given left and right-leaning content. Finally, we study Dissenter as a social network, and identify a core group of users with high comment toxicity.
△ Less
Submitted 26 September, 2020; v1 submitted 3 September, 2020;
originally announced September 2020.
-
Discovering the IPv6 Network Periphery
Authors:
Erik C. Rye,
Robert Beverly
Abstract:
We consider the problem of discovering the IPv6 network periphery, i.e., the last hop router connecting endhosts in the IPv6 Internet. Finding the IPv6 periphery using active probing is challenging due to the IPv6 address space size, wide variety of provider addressing and subnetting schemes, and incomplete topology traces. As such, existing topology map** systems can miss the large footprint of…
▽ More
We consider the problem of discovering the IPv6 network periphery, i.e., the last hop router connecting endhosts in the IPv6 Internet. Finding the IPv6 periphery using active probing is challenging due to the IPv6 address space size, wide variety of provider addressing and subnetting schemes, and incomplete topology traces. As such, existing topology map** systems can miss the large footprint of the IPv6 periphery, disadvantaging applications ranging from IPv6 census studies to geolocation and network resilience. We introduce "edgy," an approach to explicitly discover the IPv6 network periphery, and use it to find >~64M IPv6 periphery router addresses and >~87M links to these last hops -- several orders of magnitude more than in currently available IPv6 topologies. Further, only 0.2% of edgy's discovered addresses are known to existing IPv6 hitlists.
△ Less
Submitted 30 January, 2020; v1 submitted 23 January, 2020;
originally announced January 2020.
-
Sundials in the Shade: An Internet-wide Perspective on ICMP Timestamps
Authors:
Erik C. Rye,
Robert Beverly
Abstract:
ICMP timestamp request and response packets have been standardized for nearly 40 years, but have no modern practical application, having been superseded by NTP. However, ICMP timestamps are not deprecated, suggesting that while hosts must support them, little attention is paid to their implementation and use. In this work, we perform active measurements and find 2.2 million hosts on the Internet r…
▽ More
ICMP timestamp request and response packets have been standardized for nearly 40 years, but have no modern practical application, having been superseded by NTP. However, ICMP timestamps are not deprecated, suggesting that while hosts must support them, little attention is paid to their implementation and use. In this work, we perform active measurements and find 2.2 million hosts on the Internet responding to ICMP timestamp requests from over 42,500 unique autonomous systems. We develop a methodology to classify timestamp responses, and find 13 distinct classes of behavior. Not only do these behaviors enable a new fingerprinting vector, some behaviors leak important information about the host e.g., OS, kernel version, and local timezone.
△ Less
Submitted 19 March, 2019;
originally announced March 2019.
-
EUI-64 Considered Harmful
Authors:
Erik C. Rye,
Jeremy Martin,
Robert Beverly
Abstract:
This position paper considers the privacy and security implications of EUI-64-based IPv6 addresses. By encoding MAC addresses, EUI-64 addresses violate layers by exposing hardware identifiers in IPv6 addresses. The hypothetical threat of EUI-64 addresses is well-known, and the adoption of privacy extensions in operating systems (OSes) suggests this vulnerability has been mitigated. Instead, our wo…
▽ More
This position paper considers the privacy and security implications of EUI-64-based IPv6 addresses. By encoding MAC addresses, EUI-64 addresses violate layers by exposing hardware identifiers in IPv6 addresses. The hypothetical threat of EUI-64 addresses is well-known, and the adoption of privacy extensions in operating systems (OSes) suggests this vulnerability has been mitigated. Instead, our work seeks to quantify the empirical existence of EUI-64 IPv6 addresses in today's Internet. By analyzing: i) traceroutes; ii) DNS records; and iii) mobile phone behaviors, we find surprisingly significant use of EUI-64. We characterize the origins and behaviors of these EUI-64 IPv6 addresses, and advocate for changes in provider IPv6 addressing policies.
△ Less
Submitted 24 February, 2019;
originally announced February 2019.
-
An Internet Heartbeat
Authors:
Robert Beverly,
Mark Allman
Abstract:
Obtaining sound inferences over remote networks via active or passive measurements is difficult. Active measurement campaigns face challenges of load, coverage, and visibility. Passive measurements require a privileged vantage point. Even networks under our own control too often remain poorly understood and hard to diagnose. As a step toward the democratization of Internet measurement, we consider…
▽ More
Obtaining sound inferences over remote networks via active or passive measurements is difficult. Active measurement campaigns face challenges of load, coverage, and visibility. Passive measurements require a privileged vantage point. Even networks under our own control too often remain poorly understood and hard to diagnose. As a step toward the democratization of Internet measurement, we consider the inferential power possible were the network to include a constant and predictable stream of dedicated lightweight measurement traffic. We posit an Internet "heartbeat," which nodes periodically send to random destinations, and show how aggregating heartbeats facilitates introspection into parts of the network that are today generally obtuse. We explore the design space of an Internet heartbeat, potential use cases, incentives, and paths to deployment.
△ Less
Submitted 29 January, 2019;
originally announced January 2019.
-
In the IP of the Beholder: Strategies for Active IPv6 Topology Discovery
Authors:
Robert Beverly,
Ramakrishnan Durairajan,
David Plonka,
Justin P. Rohrer
Abstract:
Existing methods for active topology discovery within the IPv6 Internet largely mirror those of IPv4. In light of the large and sparsely populated address space, in conjunction with aggressive ICMPv6 rate limiting by routers, this work develops a different approach to Internet-wide IPv6 topology map**. We adopt randomized probing techniques in order to distribute probing load, minimize the effec…
▽ More
Existing methods for active topology discovery within the IPv6 Internet largely mirror those of IPv4. In light of the large and sparsely populated address space, in conjunction with aggressive ICMPv6 rate limiting by routers, this work develops a different approach to Internet-wide IPv6 topology map**. We adopt randomized probing techniques in order to distribute probing load, minimize the effects of rate limiting, and probe at higher rates. Second, we extensively analyze the efficiency and efficacy of various IPv6 hitlists and target generation methods when used for topology discovery, and synthesize new target lists based on our empirical results to provide both breadth (coverage across networks) and depth (to find potential subnetting). Employing our probing strategy, we discover more than 1.3M IPv6 router interface addresses from a single vantage point. Finally, we share our prober implementation, synthesized target lists, and discovered IPv6 topology results.
△ Less
Submitted 9 October, 2018; v1 submitted 29 May, 2018;
originally announced May 2018.
-
SDN as Active Measurement Infrastructure
Authors:
Erik Rye,
Robert Beverly
Abstract:
Active measurements are integral to the operation and management of networks, and invaluable to supporting empirical network research. Unfortunately, it is often cost-prohibitive and logistically difficult to widely deploy measurement nodes, especially in the core. In this work, we consider the feasibility of tightly integrating measurement within the infrastructure by using Software Defined Netwo…
▽ More
Active measurements are integral to the operation and management of networks, and invaluable to supporting empirical network research. Unfortunately, it is often cost-prohibitive and logistically difficult to widely deploy measurement nodes, especially in the core. In this work, we consider the feasibility of tightly integrating measurement within the infrastructure by using Software Defined Networks (SDNs). We introduce "SDN as Active Measurement Infrastructure" (SAAMI) to enable measurements to originate from any location where SDN is deployed, removing the need for dedicated measurement nodes and increasing vantage point diversity. We implement ** and traceroute using SAAMI, as well as a proof-of-concept custom measurement protocol to demonstrate the power and ease of SAAMI's open framework. Via a large-scale measurement campaign using SDN switches as vantage points, we show that SAAMI is accurate, scalable, and extensible.
△ Less
Submitted 25 February, 2017;
originally announced February 2017.
-
Principles for Measurability in Protocol Design
Authors:
Mark Allman,
Robert Beverly,
Brian Trammell
Abstract:
Measurement has become fundamental to the operation of networks and at-scale services---whether for management, security, diagnostics, optimization, or simply enhancing our collective understanding of the Internet as a complex system. Further, measurements are useful across points of view---from end hosts to enterprise networks and data centers to the wide area Internet. We observe that many measu…
▽ More
Measurement has become fundamental to the operation of networks and at-scale services---whether for management, security, diagnostics, optimization, or simply enhancing our collective understanding of the Internet as a complex system. Further, measurements are useful across points of view---from end hosts to enterprise networks and data centers to the wide area Internet. We observe that many measurements are decoupled from the protocols and applications they are designed to illuminate. Worse, current measurement practice often involves the exploitation of side-effects and unintended features of the network, or, in other words, the artful piling of hacks atop one another. This state of affairs is a direct result of the relative paucity of diagnostic and measurement capabilities built into today's network stack.
Given our modern dependence on ubiquitous measurement, we propose measurability as an explicit low-level goal of current protocol design, and argue that measurements should be available to all network protocols throughout the stack. We seek to generalize the idea of measurement within protocols, e.g., the way in which TCP relies on measurement to drive its end-to-end behavior. Rhetorically, we pose the question: what if the stack had been built with measurability and diagnostic support in mind? We start from a set of principles for explicit measurability, and define primitives that, were they supported by the stack, would not only provide a solid foundation for protocol design going forward, but also reduce the cost and increase the accuracy of measuring the network.
△ Less
Submitted 15 May, 2017; v1 submitted 8 December, 2016;
originally announced December 2016.
-
Yarrp'ing the Internet: Randomized High-Speed Active Topology Discovery
Authors:
Robert Beverly
Abstract:
Obtaining a "snapshot" of the Internet topology remains an elusive task. Existing active topology discovery techniques and systems require significant probing time -- time during which the underlying network may experience transient dynamics. This work considers how active probing can gather the Internet topology in minutes rather than days. Conventional approaches to active topology map** face…
▽ More
Obtaining a "snapshot" of the Internet topology remains an elusive task. Existing active topology discovery techniques and systems require significant probing time -- time during which the underlying network may experience transient dynamics. This work considers how active probing can gather the Internet topology in minutes rather than days. Conventional approaches to active topology map** face two primary speed and scale impediments: i) per-trace state maintenance; and ii) a low-degree of parallelism. Based on this observation, we develop Yarrp (Yelling at Random Routers Progressively), a new traceroute technique designed for high-rate, Internet-scale probing. Yarrp is stateless, reconstituting all necessary information from ICMP replies as they arrive asynchronously. To avoid overloading routers or links with probe traffic, Yarrp randomly permutes an input IP x TTL space. We run Yarrp at 100Kpps, a rate at which the paths to all /24's on the IPv4 Internet can be mapped in approximately one hour from a single vantage point. We compare Yarrp against existing systems, and present examples of topological dynamics exposed via the high sampling rates Yarrp enables.
△ Less
Submitted 29 May, 2018; v1 submitted 12 May, 2016;
originally announced May 2016.