BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
Slides Mpls Tunnel
1. Introduction
Scans
Course project for AANSW
Revealing MPLS Tunnels obscured by traceroute
Adriano Donato De Matteis, Daniele Di Proietto, Enrico D’Urso
Tutor: Ing. Valerio Luconi
Universit` Di Pisa
a
16 Marzo 2013
1 / 10
3. Introduction
Scans
Paper
We reproduced the experiment in the paper
Revealing MPLS tunnels obscured from traceroute, B. Donnet, M.
Luckie, P. M´rindol, and J. Pansiot, 2012
e
3 / 10
4. Introduction
Scans
Paper
We reproduced the experiment in the paper
Revealing MPLS tunnels obscured from traceroute, B. Donnet, M.
Luckie, P. M´rindol, and J. Pansiot, 2012
e
Goals
Understand the deployment of MPLS
The presented techniques do not help very much in refining
the internet topology.
3 / 10
5. Introduction
Scans
Paper
We reproduced the experiment in the paper
Revealing MPLS tunnels obscured from traceroute, B. Donnet, M.
Luckie, P. M´rindol, and J. Pansiot, 2012
e
Goals
Understand the deployment of MPLS
The presented techniques do not help very much in refining
the internet topology.
The paper presents some improvements to the traceroute
techniques, to detect MPLS tunnels
3 / 10
6. Introduction
Scans
MPLS features of interest
RFC 4950 It allows routers to embed MPLS information into an
ICMP time-exceeded message
ttl-propagate Router option to copy IP TTL into MPLS TTL
when creating an MPLS label for an IP packet
4 / 10
7. Introduction
Scans
Tunnel taxonomy
aa
aa ttl-propagate
aa
aa Enabled Disabled
RFC4950 aa
a
Enabled Explicit Opaque
Disabled Implicit Invisible
5 / 10
8. Introduction
Scans
Tunnel taxonomy
aa
aa ttl-propagate
aa
aa Enabled Disabled
RFC4950 aa
a
Enabled Opaque
Explicit
Disabled Implicit Invisible
Explicit
Explicit tunnels are those in which both RFC4950 and
ttl-propagate are enabled.
A common traceroute can correctly detect all the hops, and the
attached MPLS label unveils us the tunnel.
5 / 10
9. Introduction
Scans
Tunnel taxonomy
aa
aa ttl-propagate
aa
aa Enabled Disabled
RFC4950 aa
a
Enabled Explicit Opaque
Disabled Invisible
Implicit
Implicit
Implicit tunnels are those in which only ttl-propagate is enabled.
They do not hide hops from common traceroute techniques.
5 / 10
10. Introduction
Scans
Tunnel taxonomy
aa
aa ttl-propagate
aa
aa Enabled Disabled
RFC4950 aa
a
Enabled Explicit
Opaque
Disabled Implicit Invisible
Opaque
Opaque tunnels are those in which ttl-propagate is disabled,
but RFC4950 is enabled.
Since ttl-propagate is disabled, traceroute techniques (which
rely on TTL expiration) do not work.
Only the last hop is revealed, but we can recognize it as the end of
a tunnel.
5 / 10
11. Introduction
Scans
Tunnel taxonomy
aa
aa ttl-propagate
aa
aa Enabled Disabled
RFC4950 aa
a
Enabled Explicit Opaque
Disabled Implicit
Invisible
Invisible
Invisible tunnels are those in which both ttl-propagate and
RFC4950 are disabled.
Again, they hide the internal hops from traceroute discovery.
We can not even detect the presence of the tunnel.
5 / 10
12. Introduction
Scans
Dataset
Goal
Our goal is to analyze the Italian infrastructure
We have identified a list of italian ip relying on two files taken from
www.isolario.it and http://dev.maxmind.com:
GeoIPCountryWhois.csv
prefix as
6 / 10
16. Introduction
Scans
Scans
We have launched four scans from
four different places, two different
cities (same target list ).
Pisa. ISP: Fastweb
Pisa. ISP: Infostrada
Pisa. ISP: GARR
Orbetello (GR). ISP:
TelecomItalia
10 / 10
17. Introduction
Scans
Scamper
To launch traceroute and to ping we used the tool scamper.
Scamper
Scamper: a Scalable and Extensible Packet Prober for Active
Measurement of the Internet.
scamper -c "trace -P UDP-paris" -i "$ipdst" -O warts ...
scamper -c "ping -c $probecount" -i "$line" -O warts ...
11 / 10