Detecting network path anomalies generally requires examining large volumes of traffic data to find misbehavior. We observe that wide-area services, such as peerto-peer systems and content distribution networks, exhibit large traffic volumes, spread over large numbers of geographically-dispersed endpoints. This makes them ideal candidates for observing wide-area network behavior. Specifically, we can combine passive monitoring of wide-area traffic to detect anomalous network behavior, with active probes from multiple nodes to quantify and characterize the scope of these anomalies. This approach provides several advantages over other techniques: (1) we obtain more complete and finergrained views of failures since the wide-area nodes already provide geographically diverse vantage points; (2) we incur limited additional measurement cost since most active probing is initiated when passive monitoring detects oddities; and (3) we detect failures at a much higher rate than other researchers have reported since the services provide large volumes of traffic to sample. This paper shows how to exploit this combination of wide-area traffic, passive monitoring, and active probing, to both understand path anomalies and to provide optimization opportunities for the host service. 1

By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at

draft-ietf-sipping-3pcc-04 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at

Manual configuration of IP routers is an expensive, time-consuming, and error prone process. For large Internet service providers, establishing service for new customers is a major part of the financial cost of running the network. Increasingly, these customers want to exchange routing information with their provider(s) using the Border Gateway Protocol (BGP), a complex and highly-programmable interdomain routing protocol. This paper

IP source address forgery, or “spoofing, ” is a long-recognized consequence of the Internet’s lack of packet-level authenticity. Despite historical precedent and filtering and tracing efforts, attackers continue to utilize spoofing for anonymity, indirection, and amplification. Using a distributed infrastructure and approximately 12,000 active measurement clients, we collect data on the prevalence and efficacy of current bestpractice source address validation techniques. Of clients able to test their provider’s source-address filtering rules, we find 31 % able to successfully spoof an arbitrary, routable source address, while 77 % of clients otherwise unable to spoof can forge an address within their own /24 subnetwork. We uncover significant differences in filtering depending upon network geographic region, type, and size. Our new tracefilter tool for filter location inference finds 80 % of filters implemented a single IP hop from sources, with over 95 % of blocked packets observably filtered within the source’s autonomous system. Finally, we provide initial longitudinal results on the evolution of spoofing revealing no mitigation improvement over four years of measurement. Our analysis provides an empirical basis for evaluating incentive and coordination issues surrounding existing and future Internet packet authentication strategies.

As the Internet grows and routing complexity increases, network-level instabilities are be-coming more and more common. End-to-end communications are especially susceptible to service disruptions, while diagnosing and mitigating these disruptions are extremely challenging. In this dissertation, we design and build systems for diagnosing routing anomalies and improving robustness of end-to-end communications. The first piece of this work describes PlanetSeer, a novel distributed system for di-agnosing routing anomalies. PlanetSeer passively monitors traffic in wide-area services, such as Content Distribution Networks (CDNs) or Peer-to-Peer (P2P) systems, to detect anomalous behavior. It then coordinates active probes from multiple vantage points to confirm the anomaly, characterize it, and determine its scope. There are several advan-tages of this approach: first, we obtain more complete and finer-grained views of routing anomalies since the wide-area nodes provide geographically-diverse vantage points. Sec-ond, we incur limited additional measurement cost since most active probes are initiated when passive monitoring detects oddities. Third, we detect anomalies at a much higher

Email-based online phishing is one of the key security threats that greatly deteriorate the trustworthiness of the Internet. Although many spam filters have been developed and deployed, a non-negligible number of phishing emails still sneak into users ’ inboxes each day. Phishing emails often contain suspicious information that separate them from the legitimate ones; however, average non-expert email users are not acquainted with the details of the Internet email system so as to identify the suspicious information in phishing emails. In this paper we develop a simple yet effective system named MDMap to assist email users in identifying phishing emails. MDMap reveals suspicious information in phishing emails in an intuitive and sensible manner. In particular, in addition to other features, MDMap provides a geographical map showing the message delivery path of an email, which helps to caution the user if the email has been originated from or traversed a suspicious region. In this paper we present the design and development of MDMap and perform a preliminary experiment to illustrate the usefulness of MDMap using real-world phishing emails. 1.

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This document is a compilation of special IPv6 addresses defined in other RFCs. It can be used as a checklist of invalid routing prefixes for developing filtering policies for routes and IP packets. It does not discuss addresses that are assigned to operators and users through the Regional Internet Registries.

Abstract not found