On The Power and Limitations of Detecting Network Filtering via Passive Observation

TitleOn The Power and Limitations of Detecting Network Filtering via Passive Observation
Publication TypeConference Paper
Year of Publication2015
AuthorsSargent, M., Czyz J., Allman M., & Bailey M.
Published inProceedings of the Passive and Active Management Conference (PAM 2015)
Other Numbers3769
Abstract

Network operators often apply policy-based traffic filtering at the egress of edge networks. These policies can be detected by performing active measurements; however, doing so involves instrumenting every network one wishes to study. We investigate a methodology for detecting policy-based service-level traffic filtering from passive observation of traffic markers within darknets. Such markers represent traffic we expect to arrive and, therefore, whose absence is suggestive of network filtering. We study the approach with data from five large darknets over the course of one week. While we show the approach has utility to expose filtering in some cases, there are also limits to the methodology.

Acknowledgment

This work was partially supported by funding provided to ICSI through National Science Foundation grants CNS : 1237265 (“Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives”) and CNS : 1213157 ("User-Centric Network Measurement"). Additional funding was provided through National Science Foundation grants CNS : 1505790 ("EPICA: Empowering People to Overcome Information Controls and Attacks") and CNS : 1111699 ("Measuring and Modeling the Dynamics of IPv4 Address Exhaustion"). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation.

URLhttps://www.icsi.berkeley.edu/pubs/networking/powerlimitations15.pdf
Bibliographic Notes

Proceedings of the Passive and Active Management Conference (PAM 2015), New York, New York

Abbreviated Authors

M. Sargent, J. Czyz, M. Allman, and M. Bailey

ICSI Research Group

Networking and Security

ICSI Publication Type

Article in conference proceedings