Publications
Proceedings, refereed
A first look at the misuse and abuse of the IPv4 Transfer Market
In International Conference on Passive and Active Network Measurement (PAM). Springer, 2020.Status: Published
A first look at the misuse and abuse of the IPv4 Transfer Market
The depletion of the unallocated IPv4 addresses and the slowpace of IPv6 deployment have given rise to the IPv4 transfer market, the trading of allocated IPv4 prefixes between organizations. Despite the policies established by RIRs to regulate the IPv4 transfer market, IPv4 transfers pose an opportunity for malicious networks, such as spammers and bulletproof ASes, to bypass reputational penalties by obtaining“clean” IPv4 address space or by offloading blacklisted addresses. Addi-tionally, IP transfers create a window of uncertainty about the legitimateownership of prefixes, which leads to inconsistencies in WHOIS recordsand routing advertisements. In this paper we provide the first detailed study of how transferred IPv4 prefixes are misused in the wild, by synthesizing an array of longitudinal IP blacklists, honeypot data, and AS reputation lists. Our findings yield evidence that transferred IPv4 addressblocks are used by malicious networks to address botnets and fraudulentsites in much higher rates compared to non-transferred addresses, while the timing of the attacks indicate efforts to evade filtering mechanisms.
| Afilliation | Communication Systems |
| Project(s) | Antikraak |
| Publication Type | Proceedings, refereed |
| Year of Publication | 2020 |
| Conference Name | International Conference on Passive and Active Network Measurement (PAM) |
| Pagination | 88-103 |
| Publisher | Springer |
| Keywords | BGP, Blacklists., IPv4 transfers, Routing |
| DOI | 10.1007/978-3-030-44081-7_6 |
An agent-based model of IPv6 adoption
In IFIP Networking Conference (Networking). IEEE, 2020.Status: Published
An agent-based model of IPv6 adoption
Despite having been proposed more than 20 years ago, IPv6 deployment has been very slow. The imminent depletion of IPv4 address space has recently motivated stakeholders to actively promote IPv6. These efforts, however, have only led to a relatively modest increase in the overall uptake. This outcome is expected given the complexity of the adoption landscape and the involved economic intricacies. Aiming to offer better insights into this process, we present the first data driven computational cost centric model of IPv6 adoption. Our model is grounded in empirical data yet parsimonious that is it focuses only on factors that are key to the modelled transition. We validate our model using historical snapshots of addresses allocations and then use it to explore a set of what if scenarios. Our findings paint a bleak picture for IPv6 adoption, predicting it to be decades away.
| Afilliation | Communication Systems |
| Project(s) | NorNet |
| Publication Type | Proceedings, refereed |
| Year of Publication | 2020 |
| Conference Name | IFIP Networking Conference (Networking) |
| Pagination | 361-369 |
| Publisher | IEEE |
| URL | https://ieeexplore.ieee.org/document/9142758 |
On the Accuracy of Country-Level IP Geolocation
In Applied Networking Research Workshop (ANRW). Madrid/Spain: ACM, 2020.Status: Published
On the Accuracy of Country-Level IP Geolocation
The proliferation of online services comprised of globally spread microservices has security and performance implications. Understanding the underlying physical paths connecting end points has become important. This paper investigates the accuracy of commonly used IP geolocation approaches in geolocating end-to-end IP paths. To this end, we perform a controlled measurement study to collect IP level paths. We find that existing databases tend to geolocate IPs that belong to networks with global presence and those move between networks erroneously. A small percentage of IP geolocation disagreement between databases results in a significant disagreement when geolocating end-to-end paths. Geolocating one week of RIPE traceroute data validates our observations.
| Afilliation | Communication Systems |
| Project(s) | GAIA, NorNet, The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering |
| Publication Type | Proceedings, refereed |
| Year of Publication | 2020 |
| Conference Name | Applied Networking Research Workshop (ANRW) |
| Date Published | 07/2020 |
| Publisher | ACM |
| Place Published | Madrid/Spain |
| ISBN Number | 978-1-4503-8039-3 |
| Keywords | Geolocation Approaches, Geolocation Databases, IP Geolocation |
| DOI | 10.1145/3404868.3406664 |
PhD Thesis
Monitoring and Understanding Ipv6 Adoption
In The University of Oslo. Vol. PhD. Department of Informatics, University of Oslo, 2019.Status: Published
Monitoring and Understanding Ipv6 Adoption
| Afilliation | Communication Systems |
| Project(s) | No Simula project |
| Publication Type | PhD Thesis |
| Year of Publication | 2019 |
| Degree awarding institution | The University of Oslo |
| Degree | PhD |
| Publisher | Department of Informatics, University of Oslo |
Proceedings, refereed
Inferring carrier-grade NAT deployment in the wild
In IEEE Conference on Computer Communications (INFOCOM). IEEE, 2018.Status: Published
Inferring carrier-grade NAT deployment in the wild
| Afilliation | Communication Systems |
| Project(s) | The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering |
| Publication Type | Proceedings, refereed |
| Year of Publication | 2018 |
| Conference Name | IEEE Conference on Computer Communications (INFOCOM) |
| Publisher | IEEE |
Proceedings, refereed
Measuring IPv6 Adoption in Africa
In International Workshop on Internet Measurements Research in Africa - IMRA 2017 in conjunction with Africomm 2017, 2017.Status: Published
Measuring IPv6 Adoption in Africa
| Afilliation | Communication Systems |
| Publication Type | Proceedings, refereed |
| Year of Publication | 2017 |
| Conference Name | International Workshop on Internet Measurements Research in Africa - IMRA 2017 in conjunction with Africomm 2017 |
| Date Published | 12/2017 |
Journal Article
On IPv4 transfer markets: Analyzing reported transfers and inferring transfers in the wild
Computer Communications 111 (2017): 105-119.Status: Published
On IPv4 transfer markets: Analyzing reported transfers and inferring transfers in the wild
IPv4 Transfer Markets have recently emerged as a mechanism for prolonging the usability of IPv4 address space. They facilitate the trading of IPv4 address space, which constitutes a radical shift transforming IPv4 addresses from a free resource to a commodity. In this paper, we conduct a comprehensive analysis of all IPv4 transfers that are published by three regional Internet registries. We analyze the overall evolution of transfer markets, whether they lead to a healthy redistribution of IP addresses, and the interplay between transfers and IPv6 adoption. We find that, to a large extent, IPv4 transfers serve their intended purpose by moving IP blocks from those with excess to those in need - transferred address blocks appear to be routed after the transfer, the utilization of transferred blocks is greater after the transfer date and a high percentage of the transferred space comes from legacy space. We have also proposed a methodology for detecting IPv4 transfers in the wild that tracks changes in origins of IP prefixes in the global routing table. This method yields promising results, yet it produces a large number of false positives due to the noisy nature of routing data. We have investigated the cause of these false positives and verified that they can be reduced to a volume analyzable by a human operator.
| Afilliation | Communication Systems |
| Project(s) | NorNet |
| Publication Type | Journal Article |
| Year of Publication | 2017 |
| Journal | Computer Communications |
| Volume | 111 |
| Pagination | 105-119 |
| Publisher | Elsevier |
| DOI | 10.1016/j.comcom.2017.07.012 |
Proceedings, refereed
Characterizing IPv6 control and data plane stability
In IEEE International Conference on Computer Communications (INFOCOM), 2016.Status: Published
Characterizing IPv6 control and data plane stability
| Afilliation | Communication Systems |
| Publication Type | Proceedings, refereed |
| Year of Publication | 2016 |
| Conference Name | IEEE International Conference on Computer Communications (INFOCOM) |
Proceedings, refereed
Leveraging the IPv4/IPv6 Identity Duality by using Multi-Path Transport
In Proceedings of the 18th IEEE Global Internet Symposium (GI). Hong Kong/People's Republic of China, 2015.Status: Published
Leveraging the IPv4/IPv6 Identity Duality by using Multi-Path Transport
With the 20th anniversary of IPv6 nearing quickly, a growing number of Internet service providers (ISPs) now offer their customers both IPv6 and IPv4 connectivity. This makes multi-homing with IPv4 and IPv6 increasingly common even with just a single ISP connection. Furthermore, the growing popularity of multi-path transport, especially Multi-path TCP (MPTCP) that is the extension of the well-known Transmission Control Protocol (TCP), leads to the question of whether this identity duality can be utilized for improving application performance in addition to providing resilience. In this paper, we first investigate the AS-level congruency of IPv4 and IPv6 paths in the Internet. We find that more than 60% of the current IPv4 and IPv6 AS-paths are non-congruent at the AS-level, which motivates us to explore how MPTCP can utilize the IPv4/IPv6 identity duality to improve data transfer performance. Our results show that MPTCP, even with a single dual-stack Internet connection, can significantly improve the end-to-end performance when the underlying paths are non-congruent. The extent of the improvement can reach up to the aggregate of the IPv4 and IPv6 bandwidth.
| Afilliation | , Communication Systems, Communication Systems |
| Project(s) | NorNet, The Center for Resilient Networks and Applications |
| Publication Type | Proceedings, refereed |
| Year of Publication | 2015 |
| Conference Name | Proceedings of the 18th IEEE Global Internet Symposium (GI) |
| Date Published | 05/2015 |
| Place Published | Hong Kong/People's Republic of China |
| Keywords | Identity Duality, Internet Paths, IPv4, IPv6, Routing |
Public outreach
MPTCP Experiences in the NorNet Testbed
https://tools.ietf.org/html/draft-dreibholz-mptcp-nornet-experience-01, 2015.Status: Accepted
MPTCP Experiences in the NorNet Testbed
This document collects some experiences of Multi-Path TCP (MPTCP) evaluations in the NorNet testbed.
| Afilliation | , Communication Systems |
| Publication Type | Public outreach |
| Year of Publication | 2015 |
| Place Published | https://tools.ietf.org/html/draft-dreibholz-mptcp-nornet-experience-01 |
Talks, invited
On IPv4 and IPv6 Routing Stability
In Workshop on Active Internet Measurements (AIMS), 2015.Status: Published
On IPv4 and IPv6 Routing Stability
| Afilliation | Communication Systems |
| Project(s) | NorNet |
| Publication Type | Talks, invited |
| Year of Publication | 2015 |
| Location of Talk | Workshop on Active Internet Measurements (AIMS) |
Talks, invited
Leveraging IPv4 and IPv6 Multi-Connectivity
In Proceedings of the 2nd International NorNet Users Workshop (NNUW-2), 2014.Status: Published
Leveraging IPv4 and IPv6 Multi-Connectivity
| Afilliation | , Communication Systems |
| Publication Type | Talks, invited |
| Year of Publication | 2014 |
| Location of Talk | Proceedings of the 2nd International NorNet Users Workshop (NNUW-2) |
| Keywords | Workshop |
Proceedings, refereed
A First Look at IPv4 Transfer Markets
In CoNEXT 2013. ACM SIGCOMM, 2013.Status: Published
A First Look at IPv4 Transfer Markets
In February 2011 the Internet Assigned Numbers Authority (IANA) exhausted its free pool of IPv4 addresses, and the regional registries (RIRs) have started to run out of IPv4 addresses as well. As RIRs have started rationing allocations, IPv4 transfer markets have emerged as a new mechanism to acquire IPv4 addresses. Barring a few high-profile exceptions, IPv4 transfers have largely flown under the radar. In this work, we use the lists of transfers published by three RIRs to characterize the transfer market - the types of players involved, the sizes and characteristics of transferred address blocks, and visible effects on the routing table. Next, we take first steps toward detecting address transfers using BGP data from the Routeviews and RIPE repositories from 2004-2013. We identify reasons why legitimate changes in prefix origin could be confused as transfers, and implement a series of 10 filters that remove 86% of candidate transfers. We find the remaining number of inferred transfers is increasing over time. We could confirm few (0.16%) of these transfers using RIR-published transfer lists; while our inference methodology undoubtedly yields false positives, a black market for IPv4 transfers may exist as well.
| Afilliation | , Communication Systems |
| Publication Type | Proceedings, refereed |
| Year of Publication | 2013 |
| Conference Name | CoNEXT 2013 |
| Pagination | 7-12 |
| Date Published | December |
| Publisher | ACM SIGCOMM |
| ISBN Number | 978-1-4503-2101-3 |
| Keywords | Conference |
Proceedings, refereed
Inferring carrier-grade NAT deployment in the wild
In IEEE Conference on Computer Communications (INFOCOM).Status: Published
Inferring carrier-grade NAT deployment in the wild
| Afilliation | Communication Systems |
| Project(s) | The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering |
| Publication Type | Proceedings, refereed |
| Conference Name | IEEE Conference on Computer Communications (INFOCOM) |
Inferring carrier-grade NAT deployment in the wild
In IEEE Conference on Computer Communications (INFOCOM).Status: Published
Inferring carrier-grade NAT deployment in the wild
| Afilliation | Communication Systems |
| Project(s) | The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering |
| Publication Type | Proceedings, refereed |
| Conference Name | IEEE Conference on Computer Communications (INFOCOM) |