SlideShare une entreprise Scribd logo

2017 01-31-cgns

G
GeoffHuston

A look at how the widespread use of NATs and IPv6 transition technologies complicates the role of network forensic analsysis

Internet
1  sur  48
Télécharger pour lire hors ligne
Forensic Tracing in the Internet: An Update Geoff Huston Chief Scientist APNIC
The story so far… • The status of the transition to IPv6 is not going according to the original plan: • We have exhausted the remaining pools of IPv4 addresses in all regions except Africa - this was never meant to have happened • We we meant to have IPv6 fully deployed by now • What we are seeing is the pervasive use of Carrier Grade NATs as a means of extending the useable life of the IPv4 Internet • Around 10% of users use both IPv6 and IPv4 – the other 90% are IPv4 only • It appears that most IPv4 use today uses NATs in the path • This has some major implications for LEA functions, principally in traceback and metadata record keeping 2
Traceback – Version 1 3 A: 192.0.2.1 Ftp Server Internet Lets start by looking way back to the Internet of the 1980’s ftpserver.net 192.0.2.1 [31/Aug/2013:00:00:08 +0000] Ftp Server Log $ whois 192.0.2.1 NetRange: 192.0.2.0 - 192.0.2.255 NetName: TEST-NET-1 Contact: User Contact Details There was a rudimentary whois service and it listed all end users!
Assumptions: • Each end site used a stable IP address range • Each address range was recorded in a registry, together with the end user data • Each end device was manually configured with a stable IP address • Traceback was keyed from the IP address 4
Assumptions: • Each end site used a stable IP address range • Each address range was recorded in a registry, together with the end user data • Each end device was manually configured with a stable IP address • Traceback is keyed from the IP address 5
+ NATs 6 A: 10.0.0.1 B: 10.0.0.2 C: 10.0.0.3 CPE NAT/ DHCP Server 192.0.2.1 ISP
Traceback – Version 2 7 A: 10.0.0.1 Web Server ISP webserver.net 192.0.2.1 [31/Aug/2013:00:00:08 +0000] "GET /1x1.png HTTP/1.1" 200 Web Server Log $ whois 192.0.2.1 NetRange: 192.0.2.0 - 192.0.2.255 CIDR: 192.0.2.0/24 OriginAS: NetName: TEST-NET-1 NetHandle: NET-192-0-2-0-1 Parent: NET-192-0-0-0-0 NetType: IANA Special Use CPE NAT/ DHCP Server 192.0.2.1 ISP RADIUS Log 15/Aug/2013:18:01:02: user XXX IP: 192.0.2.1
Assumptions • The ISP operates an address pool • Each end site is dynamically assigned a single IP address upon login (AAA) • The site is dynamically addressed using a private address range and a DHCP server • The single public address is shared by the private devices through a CPE NAT 8
Changes • Traceback to an end site is keyed by an IP address and a date/time • Requires access to WHOIS records to identify the ISP and the ISP’s AAA logs to identify the end site • No traceback to an individual device – the trace stops at the edge NAT 9
IPv4 Address Exhaustion 10 What are ISP’s doing in response? • It’s not viable to switch over to all-IPv6 yet • But the supply of further IPv4 addresses to fuel service platform growth has dried up • How do ISPs continue to offer IPv4 services to customers in the interim?
Carrier Grade NATs 11 By sharing public IPv4 addresses across multiple customers!
Traceback – Version 3 12 A: 10.0.0.1 B: 10.0.0.2 C: 10.0.0.3 CPE NAT/ DHCP Server ISP CGN 192.0.2.0/24 Web Server Internet webserver.net [192.0.2.1]::45800 [31/Aug/2013:00:00:08 +0000] "GET /1x1.png HTTP/1.1" 200 Web Server Log $ whois 192.0.2.1 NetRange: 192.0.2.0 - 192.0.2.255 CIDR: 192.0.2.0/24 OriginAS: NetName: TEST-NET-1 NetHandle: NET-192-0-2-0-1 Parent: NET-192-0-0-0-0 NetType: IANA Special Use ISP CGN Log 31/Aug/2013:00:00:02 172.16.5.6:34233 128.66.0.0:80 -> 192.0.2.1:45800 128.66.0.0:80 ISP RADIUS Log 15/Aug/2013:18:01:02: user XXX IP: 172.16.5.6:34000-40000 172.16.5.6
Assumptions • The ISP operates a public address pool and a private address pool • The access into the public address pool is via an ISP- operated NAT (CGN) • Each end site is dynamically assigned a single private IP address upon login (AAA) • The site is dynamically addressed using a private address range and a DHCP server • The single public address is shared by the private devices through a CPE NAT 13
Assumptions • Traceback to an end site is keyed by a source IP address and a source port address, and a date/time • Requires access to • WHOIS records to identify the ISP, • The ISP’s CGN logs to identify the ISP’s private address and • The ISP’s AAA logs to identify the end site 14
ISP CGN Logging CGN bindings are formed for EVERY unique TCP and UDP session That can be a LOT of data to retain… 15http://www.nanog.org/meetings/nanog54/presentations/Tuesday/GrundemannLT.pdf
It could be better than this… • Use Port Blocks per customer or • Use a mix of Port Blocks and Shared Port Pool overflow and • Compress the log data (which will reduce storage but may increase search overhead) 16
Or it could be worse… 17
18 We are going to see a LOT of transition middleware being deployed!
19 And we are going to see a significant diversity in what that transition middleware does We are going to see a LOT of transition middleware being deployed!
What does this mean for Forensic tracing? 20 LEAs have traditionally focused on the NETWORK as the point of interception and tracing They are used to a consistent model to trace activity: • get an IP address and a time range • trace back based on these two values to uncover a set of network transactions
What does this mean for Forensic tracing? 21 In a world of densely deployed CGNs and ALGs the IP address loses coherent meaning in terms of end party identification.
What does this mean for Forensic tracing? 22 And instead of shifting to a single “new” model of IP address use, we are going to see widespread diversity in the use of transition mechanisms and NATs in carrier networks Which implies that there will no longer be a useful single model of how to perform traceback on the network Or even a single coherent model of “what is an IP address” in the network
Variants of NAT CGN Technologies 23 Variant: CGN with per user port blocks CGN with per user port blocks + pooled overflow CGN with pooled ports CGN with 5-tuple binding maps Address Compression Ratio 10:1 100:1 1,000:1 >>10,000:1 The same public address and port is used simultaneously by multiple different internal users ISP Internet CGN Source: 192.0.2.1:1234 Dest: 128.66.0.0:80 Source: 192.0.2.1:1234 Dest: 128.66.2.2:80 Customer A Customer B
Adding IPv6 to the CGN Mix • The space is not exclusively an IPv4 space. • While CGNs using all-IPv4 technologies are common today, we are also looking at how to use CGN variants with a mix of IPv6 and IPv4 For example: Dual-Stack Light connects IPv4 end users to the IPv4 Internet across an IPv6 ISP infrastructure. • We see many more variants of ISP’s address transforming middleware when they IPv6 into the mix 24
++IPv6: Transition Technologies 25 Randy Bush, APPRICOT 2012: http://meetings.apnic.net/__data/assets/pdf_file/0016/45241/120229.apops-v4-life-extension.pdf
Transition Technologies Example: 464XLAT 26Masataka Mawatari, Apricot 2012, http://meetings.apnic.net/__data/assets/pdf_file/0020/45542/jpix_464xlat_apricot2012_for_web.pdf
What does this mean for Forensic tracing? 27 There is no single consistent model of how an IP network manages IPv4 and IPv6 addresses There is no fixed relationship between IPv4 and IPv6 addresses What you see in terms of network trace information is strongly dependent on where the trace data is collected
What does this mean for LEAs? 28 What’s the likely response from LEAs and regulators? One likely response is to augment the record keeping rules for ISPs
What does this mean for ISPs and LEAs? 29 But what are the new record keeping rules? In order to map a “external” IP address and time to a subscriber as part of a traceback exercise then: for every active middleware element you now need to hold the precise time and the precise transforms that were applied to a packet flow and you need to be able to cross-match these records accurately
What does this mean for ISPs and LEAs? 30 But what are the new record keeping rules? In order to map a “external” IP address and time to a subscriber as part of a traceback exercise then: for every active middleware element you now need to hold the precise time and the precise transforms that were applied to a packet flow and you need to be able to cross-match these records accurately
What does this mean for LEAs? 31 What’s the likely response from LEAs and regulators? One likely response is to augment the record keeping rules for ISPs: “record absolutely everything, and keep the records for years”
What does this mean for ISPs and LEAs? 32 How many different sets of record keeping rules are required for each CGN / dual stack transition model being used? And are these record keeping practices affordable? (granularity of the records is shifting from “session” records to “transition” and even individual packet records in this diverse model) Are they even practical within today’s technology capability? Is this scaleable? Is it even useful any more?
Making it hard... 33 The V6 transition was challenging enough The combination of V4 exhaustion and V6 transition is far harder The combination of varying exhaustion times, widespread confusion, diverse agendas, diverse pressures, V4 exhaustion and V6 transition is now amazingly challenging
Making it very hard... The problem we are facing is that we are heading away from a single service architecture in our IP networks Different providers are seeing different pressures and opportunities, and are using different technology solutions in their networks And the longer we sit in this “exhaustion + transitioning” world, the greater the diversity and internal complexity of service networks that will be deployed 34
35 Does it ever get easier? Is there light at the end of this tunnel?
That was then The material so far refers to the Internet of late 2013 Three years later, has it got any easier? Or has it just got harder? 36
Sessions are the Key We assumed that there is a “session” that maps between a service and a client, and this session is visible in some manner to the network The forensic task was to take a partial record of a “session” and identify the other party to the session by using ancilliary information (whois registries, web logs, metadata data sets, etc) But maybe the entire concept of a “session” no longer exists! Do we still use “sessions” in applications? What is changing? 37
38
The new Paranoid Internet Service Architecture The entire concept of open network transactions is now over We are shifting into an environment where user information is deliberately withheld from the network, withheld from the platform and even withheld from other applications We circulate large self-contained applications that attempt to insulate themselves completely from the host platform Application Service Providers see the platform provider as representing a competitive interest in the user, and they want to prevent information leakage from their application to the platform Application Service Providers see other applications as as representing a competitive interest in the user, and they want to prevent information leakage from their application to other applications in the same platform 39
40
41 These technologies are already deployed, and enjoy significant use in today’s network They break down the concept of a “session” and splay the encrypted traffic across multiple networks, and even multiple protocols They use opportunistic encryption to limit third party access to information about users’ actions The result is that only the endpoints see the entirety of a session, while individual networks see disparate fragments of pseudo-sessions
42
The Bottom Line It’s no longer just an issue with IPv4 and NATs and a visible reluctance to shift to IPv6 Networks, platforms and applications now regard each other with mutual suspicion Platforms seek to hide users’ activities from the network Applications seek to hide their information from the platform and from other applications The DNS is sealing itself into private tunnels that resist external examination, intervention and intervention “Sessions” are being deconstructed into opaque fragments Opportunistic encryption is being applied ubiquitously 43
Its not just “the IPv6 transition” any more These are not just temporary steps to make IPv4 last longer for the transition to IPv6 Even if we complete the transition to an all-IPv6 Internet, this paranoia, complexity and deliberate obfuscation will not go away This is now the Internet we have to live with 44
We are never coming back from here – this is the new “ground state” for the Internet! 45
46 Does it ever get easier? Is there light at the end of this tunnel?
47 No!
Thank You! Me: gih@apnic.netThis pack: http://bit.ly/2iCcQGK

Recommandé

2017 03-01-forensics 1488330715
2017 03-01-forensics 14883307152017 03-01-forensics 1488330715
2017 03-01-forensics 1488330715APNIC
 
Route Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsRoute Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsBangladesh Network Operators Group
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
 
31, Get more from your IPv4 resources
31, Get more from your IPv4 resources31, Get more from your IPv4 resources
31, Get more from your IPv4 resourcesBangladesh Network Operators Group
 
Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoSFakrul Alam
 
BGPalerter: BGP prefix monitoring
BGPalerter: BGP prefix monitoringBGPalerter: BGP prefix monitoring
BGPalerter: BGP prefix monitoringBangladesh Network Operators Group
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaBangladesh Network Operators Group
 
Route Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachRoute Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachBangladesh Network Operators Group
 

Recommandé

2017 03-01-forensics 1488330715
2017 03-01-forensics 14883307152017 03-01-forensics 1488330715
2017 03-01-forensics 1488330715APNIC
 
Route Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsRoute Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsBangladesh Network Operators Group
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
 
31, Get more from your IPv4 resources
31, Get more from your IPv4 resources31, Get more from your IPv4 resources
31, Get more from your IPv4 resourcesBangladesh Network Operators Group
 
Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoSFakrul Alam
 
BGPalerter: BGP prefix monitoring
BGPalerter: BGP prefix monitoringBGPalerter: BGP prefix monitoring
BGPalerter: BGP prefix monitoringBangladesh Network Operators Group
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaBangladesh Network Operators Group
 
Route Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachRoute Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachBangladesh Network Operators Group
 
Open stackdaykorea2016 wedge
Open stackdaykorea2016 wedgeOpen stackdaykorea2016 wedge
Open stackdaykorea2016 wedgeJunho Suh
 
BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSAPNIC
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaMyNOG
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshBangladesh Network Operators Group
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisBangladesh Network Operators Group
 
MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12Bangladesh Network Operators Group
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1stigerj
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersSolarWinds
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
 
OARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemOARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemAPNIC
 
Wli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 WebWli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 Web925351jay1
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydneyMiguel Lavalle
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersĐồng Quốc Vương
 
Route Hijaking and the role of RPKI
Route Hijaking and the role of RPKIRoute Hijaking and the role of RPKI
Route Hijaking and the role of RPKIAPNIC
 
Performace analysis of mipv4 vs mipv6
Performace analysis of mipv4 vs mipv6Performace analysis of mipv4 vs mipv6
Performace analysis of mipv4 vs mipv6Habibur Rahman
 
Module17 nat v2
Module17 nat v2Module17 nat v2
Module17 nat v2Ratanang kabalano
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRBangladesh Network Operators Group
 
PacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKIPacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKIAPNIC
 
On her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyOn her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyStephen Kho
 
NFA - Middle East Workshop
NFA - Middle East WorkshopNFA - Middle East Workshop
NFA - Middle East WorkshopManageEngine, Zoho Corporation
 
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYIJMIT JOURNAL
 
Network Forensics Puzzle Contest に挑戦 #1
Network Forensics Puzzle Contest に挑戦 #1Network Forensics Puzzle Contest に挑戦 #1
Network Forensics Puzzle Contest に挑戦 #1彰 村地
 

Contenu connexe

Tendances

Open stackdaykorea2016 wedge
Open stackdaykorea2016 wedgeOpen stackdaykorea2016 wedge
Open stackdaykorea2016 wedgeJunho Suh
 
BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSAPNIC
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaMyNOG
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1stigerj
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersSolarWinds
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
 
OARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemOARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemAPNIC
 
Wli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 WebWli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 Web925351jay1
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydneyMiguel Lavalle
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersĐồng Quốc Vương
 
Route Hijaking and the role of RPKI
Route Hijaking and the role of RPKIRoute Hijaking and the role of RPKI
Route Hijaking and the role of RPKIAPNIC
 
Performace analysis of mipv4 vs mipv6
Performace analysis of mipv4 vs mipv6Performace analysis of mipv4 vs mipv6
Performace analysis of mipv4 vs mipv6Habibur Rahman
 
PacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKIPacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKIAPNIC
 
On her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyOn her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyStephen Kho
 

Tendances (20)

Open stackdaykorea2016 wedge
Open stackdaykorea2016 wedgeOpen stackdaykorea2016 wedge
Open stackdaykorea2016 wedge
 
BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoS
 
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaCloud Traffic Engineer – Google Espresso Project by Shaowen Ma
Cloud Traffic Engineer – Google Espresso Project by Shaowen Ma
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
 
MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet Routing
 
OARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemOARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server System
 
Wli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 WebWli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 Web
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydney
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
 
Route Hijaking and the role of RPKI
Route Hijaking and the role of RPKIRoute Hijaking and the role of RPKI
Route Hijaking and the role of RPKI
 
Performace analysis of mipv4 vs mipv6
Performace analysis of mipv4 vs mipv6Performace analysis of mipv4 vs mipv6
Performace analysis of mipv4 vs mipv6
 
Module17 nat v2
Module17 nat v2Module17 nat v2
Module17 nat v2
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
 
PacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKIPacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKI
 
On her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyOn her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy Agency
 
NFA - Middle East Workshop
NFA - Middle East WorkshopNFA - Middle East Workshop
NFA - Middle East Workshop
 

En vedette

USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYIJMIT JOURNAL
 
Network Forensics Puzzle Contest に挑戦 #1
Network Forensics Puzzle Contest に挑戦 #1Network Forensics Puzzle Contest に挑戦 #1
Network Forensics Puzzle Contest に挑戦 #1彰 村地
 
Http Request Smuggling
Http Request SmugglingHttp Request Smuggling
Http Request Smugglingguestc27cd9
 
Wireless Investigations using Xplico
Wireless Investigations using XplicoWireless Investigations using Xplico
Wireless Investigations using XplicoChris Harrington
 
Http requesting smuggling
Http requesting smugglingHttp requesting smuggling
Http requesting smugglingApijay Kumar
 
Network Forensic Packet Analysis Using Wireshark
Network Forensic Packet Analysis Using WiresharkNetwork Forensic Packet Analysis Using Wireshark
Network Forensic Packet Analysis Using Wiresharktitanlambda
 
Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.cnetworks
 
Anti-Forensic Rootkits
Anti-Forensic RootkitsAnti-Forensic Rootkits
Anti-Forensic Rootkitsamiable_indian
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Islam Azeddine Mennouchi
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensicssdavis532
 
Computer And Network Forensics
Computer And Network ForensicsComputer And Network Forensics
Computer And Network ForensicsPituphong Yavirach
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsdrewz lin
 
SANS Forensics 2009 - Memory Forensics and Registry Analysis
SANS Forensics 2009 - Memory Forensics and Registry AnalysisSANS Forensics 2009 - Memory Forensics and Registry Analysis
SANS Forensics 2009 - Memory Forensics and Registry Analysismooyix
 

En vedette (20)

USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
 
Network Forensics Puzzle Contest に挑戦 #1
Network Forensics Puzzle Contest に挑戦 #1Network Forensics Puzzle Contest に挑戦 #1
Network Forensics Puzzle Contest に挑戦 #1
 
Http Request Smuggling
Http Request SmugglingHttp Request Smuggling
Http Request Smuggling
 
OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014
 
Wireless Investigations using Xplico
Wireless Investigations using XplicoWireless Investigations using Xplico
Wireless Investigations using Xplico
 
Http requesting smuggling
Http requesting smugglingHttp requesting smuggling
Http requesting smuggling
 
Winter 2012-poster
Winter 2012-posterWinter 2012-poster
Winter 2012-poster
 
Network Forensic Packet Analysis Using Wireshark
Network Forensic Packet Analysis Using WiresharkNetwork Forensic Packet Analysis Using Wireshark
Network Forensic Packet Analysis Using Wireshark
 
Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.
 
Anti-Forensic Rootkits
Anti-Forensic RootkitsAnti-Forensic Rootkits
Anti-Forensic Rootkits
 
Capturing forensics image
Capturing forensics imageCapturing forensics image
Capturing forensics image
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013
 
Browser forensics
Browser forensicsBrowser forensics
Browser forensics
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensics
 
Computer And Network Forensics
Computer And Network ForensicsComputer And Network Forensics
Computer And Network Forensics
 
Windows Forensics
Windows ForensicsWindows Forensics
Windows Forensics
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
SANS Forensics 2009 - Memory Forensics and Registry Analysis
SANS Forensics 2009 - Memory Forensics and Registry AnalysisSANS Forensics 2009 - Memory Forensics and Registry Analysis
SANS Forensics 2009 - Memory Forensics and Registry Analysis
 
INTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPSINTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPS
 

Similaire à 2017 01-31-cgns

Forensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An UpdateForensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An UpdateAPNIC
 
The End of IPv4: What It Means for Incident Responders
The End of IPv4: What It Means for Incident RespondersThe End of IPv4: What It Means for Incident Responders
The End of IPv4: What It Means for Incident RespondersCarlos Martinez Cagnazzo
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
Apnic V6 Tutorial Distribution
Apnic V6 Tutorial DistributionApnic V6 Tutorial Distribution
Apnic V6 Tutorial DistributionAli_Ahmad
 
Building and operating a global DNS content delivery anycast network
Building and operating a global DNS content delivery anycast networkBuilding and operating a global DNS content delivery anycast network
Building and operating a global DNS content delivery anycast networkAPNIC
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSKathirvel Ayyaswamy
 
PLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPROIDEA
 
Routing, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsRouting, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsAPNIC
 
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT PROIDEA
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsFab Fusaro
 
Manrs 7_sept__indonesia
Manrs 7_sept__indonesiaManrs 7_sept__indonesia
Manrs 7_sept__indonesiaNaveenLakshman
 
ccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answersccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answersĐồng Quốc Vương
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
Panel with IPv6 CE Vendors
Panel with IPv6 CE VendorsPanel with IPv6 CE Vendors
Panel with IPv6 CE VendorsAPNIC
 

Similaire à 2017 01-31-cgns (20)

Forensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An UpdateForensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An Update
 
The End of IPv4: What It Means for Incident Responders
The End of IPv4: What It Means for Incident RespondersThe End of IPv4: What It Means for Incident Responders
The End of IPv4: What It Means for Incident Responders
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
10 routing-bgp
10 routing-bgp10 routing-bgp
10 routing-bgp
 
Apnic V6 Tutorial Distribution
Apnic V6 Tutorial DistributionApnic V6 Tutorial Distribution
Apnic V6 Tutorial Distribution
 
Building and operating a global DNS content delivery anycast network
Building and operating a global DNS content delivery anycast networkBuilding and operating a global DNS content delivery anycast network
Building and operating a global DNS content delivery anycast network
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKS
 
PLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpec
 
Routing, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsRouting, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of Analytics
 
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
 
IPAddressing .pptx
IPAddressing .pptxIPAddressing .pptx
IPAddressing .pptx
 
IP Routing.pptx
IP Routing.pptxIP Routing.pptx
IP Routing.pptx
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRT
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
 
Manrs 7_sept__indonesia
Manrs 7_sept__indonesiaManrs 7_sept__indonesia
Manrs 7_sept__indonesia
 
Chapter04
Chapter04Chapter04
Chapter04
 
ccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answersccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answers
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and Discussion
 
Panel with IPv6 CE Vendors
Panel with IPv6 CE VendorsPanel with IPv6 CE Vendors
Panel with IPv6 CE Vendors
 

Dernier

Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...SUHANI PANDEY
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...SUHANI PANDEY
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 

Dernier (20)

Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 

2017 01-31-cgns

  • 1. Forensic Tracing in the Internet: An Update Geoff Huston Chief Scientist APNIC
  • 2. The story so far… • The status of the transition to IPv6 is not going according to the original plan: • We have exhausted the remaining pools of IPv4 addresses in all regions except Africa - this was never meant to have happened • We we meant to have IPv6 fully deployed by now • What we are seeing is the pervasive use of Carrier Grade NATs as a means of extending the useable life of the IPv4 Internet • Around 10% of users use both IPv6 and IPv4 – the other 90% are IPv4 only • It appears that most IPv4 use today uses NATs in the path • This has some major implications for LEA functions, principally in traceback and metadata record keeping 2
  • 3. Traceback – Version 1 3 A: 192.0.2.1 Ftp Server Internet Lets start by looking way back to the Internet of the 1980’s ftpserver.net 192.0.2.1 [31/Aug/2013:00:00:08 +0000] Ftp Server Log $ whois 192.0.2.1 NetRange: 192.0.2.0 - 192.0.2.255 NetName: TEST-NET-1 Contact: User Contact Details There was a rudimentary whois service and it listed all end users!
  • 4. Assumptions: • Each end site used a stable IP address range • Each address range was recorded in a registry, together with the end user data • Each end device was manually configured with a stable IP address • Traceback was keyed from the IP address 4
  • 5. Assumptions: • Each end site used a stable IP address range • Each address range was recorded in a registry, together with the end user data • Each end device was manually configured with a stable IP address • Traceback is keyed from the IP address 5
  • 6. + NATs 6 A: 10.0.0.1 B: 10.0.0.2 C: 10.0.0.3 CPE NAT/ DHCP Server 192.0.2.1 ISP
  • 7. Traceback – Version 2 7 A: 10.0.0.1 Web Server ISP webserver.net 192.0.2.1 [31/Aug/2013:00:00:08 +0000] "GET /1x1.png HTTP/1.1" 200 Web Server Log $ whois 192.0.2.1 NetRange: 192.0.2.0 - 192.0.2.255 CIDR: 192.0.2.0/24 OriginAS: NetName: TEST-NET-1 NetHandle: NET-192-0-2-0-1 Parent: NET-192-0-0-0-0 NetType: IANA Special Use CPE NAT/ DHCP Server 192.0.2.1 ISP RADIUS Log 15/Aug/2013:18:01:02: user XXX IP: 192.0.2.1
  • 8. Assumptions • The ISP operates an address pool • Each end site is dynamically assigned a single IP address upon login (AAA) • The site is dynamically addressed using a private address range and a DHCP server • The single public address is shared by the private devices through a CPE NAT 8
  • 9. Changes • Traceback to an end site is keyed by an IP address and a date/time • Requires access to WHOIS records to identify the ISP and the ISP’s AAA logs to identify the end site • No traceback to an individual device – the trace stops at the edge NAT 9
  • 10. IPv4 Address Exhaustion 10 What are ISP’s doing in response? • It’s not viable to switch over to all-IPv6 yet • But the supply of further IPv4 addresses to fuel service platform growth has dried up • How do ISPs continue to offer IPv4 services to customers in the interim?
  • 12. Traceback – Version 3 12 A: 10.0.0.1 B: 10.0.0.2 C: 10.0.0.3 CPE NAT/ DHCP Server ISP CGN 192.0.2.0/24 Web Server Internet webserver.net [192.0.2.1]::45800 [31/Aug/2013:00:00:08 +0000] "GET /1x1.png HTTP/1.1" 200 Web Server Log $ whois 192.0.2.1 NetRange: 192.0.2.0 - 192.0.2.255 CIDR: 192.0.2.0/24 OriginAS: NetName: TEST-NET-1 NetHandle: NET-192-0-2-0-1 Parent: NET-192-0-0-0-0 NetType: IANA Special Use ISP CGN Log 31/Aug/2013:00:00:02 172.16.5.6:34233 128.66.0.0:80 -> 192.0.2.1:45800 128.66.0.0:80 ISP RADIUS Log 15/Aug/2013:18:01:02: user XXX IP: 172.16.5.6:34000-40000 172.16.5.6
  • 13. Assumptions • The ISP operates a public address pool and a private address pool • The access into the public address pool is via an ISP- operated NAT (CGN) • Each end site is dynamically assigned a single private IP address upon login (AAA) • The site is dynamically addressed using a private address range and a DHCP server • The single public address is shared by the private devices through a CPE NAT 13
  • 14. Assumptions • Traceback to an end site is keyed by a source IP address and a source port address, and a date/time • Requires access to • WHOIS records to identify the ISP, • The ISP’s CGN logs to identify the ISP’s private address and • The ISP’s AAA logs to identify the end site 14
  • 15. ISP CGN Logging CGN bindings are formed for EVERY unique TCP and UDP session That can be a LOT of data to retain… 15http://www.nanog.org/meetings/nanog54/presentations/Tuesday/GrundemannLT.pdf
  • 16. It could be better than this… • Use Port Blocks per customer or • Use a mix of Port Blocks and Shared Port Pool overflow and • Compress the log data (which will reduce storage but may increase search overhead) 16
  • 17. Or it could be worse… 17
  • 18. 18 We are going to see a LOT of transition middleware being deployed!
  • 19. 19 And we are going to see a significant diversity in what that transition middleware does We are going to see a LOT of transition middleware being deployed!
  • 20. What does this mean for Forensic tracing? 20 LEAs have traditionally focused on the NETWORK as the point of interception and tracing They are used to a consistent model to trace activity: • get an IP address and a time range • trace back based on these two values to uncover a set of network transactions
  • 21. What does this mean for Forensic tracing? 21 In a world of densely deployed CGNs and ALGs the IP address loses coherent meaning in terms of end party identification.
  • 22. What does this mean for Forensic tracing? 22 And instead of shifting to a single “new” model of IP address use, we are going to see widespread diversity in the use of transition mechanisms and NATs in carrier networks Which implies that there will no longer be a useful single model of how to perform traceback on the network Or even a single coherent model of “what is an IP address” in the network
  • 23. Variants of NAT CGN Technologies 23 Variant: CGN with per user port blocks CGN with per user port blocks + pooled overflow CGN with pooled ports CGN with 5-tuple binding maps Address Compression Ratio 10:1 100:1 1,000:1 >>10,000:1 The same public address and port is used simultaneously by multiple different internal users ISP Internet CGN Source: 192.0.2.1:1234 Dest: 128.66.0.0:80 Source: 192.0.2.1:1234 Dest: 128.66.2.2:80 Customer A Customer B
  • 24. Adding IPv6 to the CGN Mix • The space is not exclusively an IPv4 space. • While CGNs using all-IPv4 technologies are common today, we are also looking at how to use CGN variants with a mix of IPv6 and IPv4 For example: Dual-Stack Light connects IPv4 end users to the IPv4 Internet across an IPv6 ISP infrastructure. • We see many more variants of ISP’s address transforming middleware when they IPv6 into the mix 24
  • 25. ++IPv6: Transition Technologies 25 Randy Bush, APPRICOT 2012: http://meetings.apnic.net/__data/assets/pdf_file/0016/45241/120229.apops-v4-life-extension.pdf
  • 26. Transition Technologies Example: 464XLAT 26Masataka Mawatari, Apricot 2012, http://meetings.apnic.net/__data/assets/pdf_file/0020/45542/jpix_464xlat_apricot2012_for_web.pdf
  • 27. What does this mean for Forensic tracing? 27 There is no single consistent model of how an IP network manages IPv4 and IPv6 addresses There is no fixed relationship between IPv4 and IPv6 addresses What you see in terms of network trace information is strongly dependent on where the trace data is collected
  • 28. What does this mean for LEAs? 28 What’s the likely response from LEAs and regulators? One likely response is to augment the record keeping rules for ISPs
  • 29. What does this mean for ISPs and LEAs? 29 But what are the new record keeping rules? In order to map a “external” IP address and time to a subscriber as part of a traceback exercise then: for every active middleware element you now need to hold the precise time and the precise transforms that were applied to a packet flow and you need to be able to cross-match these records accurately
  • 30. What does this mean for ISPs and LEAs? 30 But what are the new record keeping rules? In order to map a “external” IP address and time to a subscriber as part of a traceback exercise then: for every active middleware element you now need to hold the precise time and the precise transforms that were applied to a packet flow and you need to be able to cross-match these records accurately
  • 31. What does this mean for LEAs? 31 What’s the likely response from LEAs and regulators? One likely response is to augment the record keeping rules for ISPs: “record absolutely everything, and keep the records for years”
  • 32. What does this mean for ISPs and LEAs? 32 How many different sets of record keeping rules are required for each CGN / dual stack transition model being used? And are these record keeping practices affordable? (granularity of the records is shifting from “session” records to “transition” and even individual packet records in this diverse model) Are they even practical within today’s technology capability? Is this scaleable? Is it even useful any more?
  • 34. Making it very hard... The problem we are facing is that we are heading away from a single service architecture in our IP networks Different providers are seeing different pressures and opportunities, and are using different technology solutions in their networks And the longer we sit in this “exhaustion + transitioning” world, the greater the diversity and internal complexity of service networks that will be deployed 34
  • 35. 35 Does it ever get easier? Is there light at the end of this tunnel?
  • 36. That was then The material so far refers to the Internet of late 2013 Three years later, has it got any easier? Or has it just got harder? 36
  • 37. Sessions are the Key We assumed that there is a “session” that maps between a service and a client, and this session is visible in some manner to the network The forensic task was to take a partial record of a “session” and identify the other party to the session by using ancilliary information (whois registries, web logs, metadata data sets, etc) But maybe the entire concept of a “session” no longer exists! Do we still use “sessions” in applications? What is changing? 37
  • 38. 38
  • 39. The new Paranoid Internet Service Architecture The entire concept of open network transactions is now over We are shifting into an environment where user information is deliberately withheld from the network, withheld from the platform and even withheld from other applications We circulate large self-contained applications that attempt to insulate themselves completely from the host platform Application Service Providers see the platform provider as representing a competitive interest in the user, and they want to prevent information leakage from their application to the platform Application Service Providers see other applications as as representing a competitive interest in the user, and they want to prevent information leakage from their application to other applications in the same platform 39
  • 40. 40
  • 41. 41 These technologies are already deployed, and enjoy significant use in today’s network They break down the concept of a “session” and splay the encrypted traffic across multiple networks, and even multiple protocols They use opportunistic encryption to limit third party access to information about users’ actions The result is that only the endpoints see the entirety of a session, while individual networks see disparate fragments of pseudo-sessions
  • 42. 42
  • 44. Its not just “the IPv6 transition” any more These are not just temporary steps to make IPv4 last longer for the transition to IPv6 Even if we complete the transition to an all-IPv6 Internet, this paranoia, complexity and deliberate obfuscation will not go away This is now the Internet we have to live with 44
  • 45. We are never coming back from here – this is the new “ground state” for the Internet! 45
  • 46. 46 Does it ever get easier? Is there light at the end of this tunnel?
  • 48. Thank You! Me: gih@apnic.netThis pack: http://bit.ly/2iCcQGK