The dark oracle: Perspective-aware unused and unreachable address discovery

3rd Symposium on Networked Systems Design and Implementation, NSDI 2006

Volumn , Issue , 2006, Pages

  Cooke, Evan ^a   Bailey, Michael ^a   Jahanian, Farnam ^a   Mortier, Richard ^b  

^a The Department of Civil and Environmental Engineering   (United States)

^b MICROSOFT RESEARCH   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

ADDRESS ALLOCATION; INTERNET TRAFFIC; LARGE ENTERPRISE; LOCAL PERSPECTIVE; POLICY SYSTEMS; PROTOTYPE SYSTEM; ROUTING DATA;

SYSTEMS ANALYSIS;

EID: 71649092323     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (38)

1. K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, and A. D. Keromytis. Detecting targeted attacks using shadow honeypots. In Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, August 2005.
2. Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson. The Internet Motion Sensor: A distributed blackhole monitoring system. In Proceedings of Network and Distributed System Security Symposium (NDSS'05), San Diego, CA, February 2005.
3. Michael Bailey, Evan Cooke, Farnam Jahanian, Niels Provos, Karl Rosaen, and David Watson. Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic. Proceedings of the USENIX/ACM Internet Measurement Conference, October 2005.
4. Michael Bailey, Evan Cooke, David Watson, Farnam Jahanian, and Jose Nazario. The Blaster Worm: Then and Now. IEEE Security & Privacy, 3(4):26-31, 2005.
5. John Bethencourt, Jason Franklin, and Mary Vernon. Mapping Internet sensors with probe response attacks. In Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, August 2005.
6. Bill Cheswick. An evening with Berferd in which a cracker is lured, endured, and studied. In Proceedings of the Winter 1992 USENIX Conference: January 20 - January 24, 1992, San Francisco, California, pages 163-174, Berkeley, CA, USA, Winter 1992.
7. Computer Associates. Win32.Agobot. http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=37776, July 2004.
8. Evan Cooke, Michael Bailey, Z. Morley Mao, David Watson, and Farnam Jahanian. Toward understanding distributed blackhole placement. In Proceedings of the 2004 ACM Workshop on Rapid Malcode (WORM-04), New York, Oct 2004. ACM Press.
9. Evan Cooke, Farnam Jahanian, and Danny McPherson. The Zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of the Steps to Reducing Unwanted Traffic on the Internet (SRUTI 2005 Workshop), Cambridge, MA, July 2005.
10. Evan Cooke, Z. Morely Mao, and Farnam Jahanian. Hotspots: The root causes of non-uniformity in self-propagating malware. In Proceedings of the International Conference on Dependable Systems and Networks (DSN'2006), June 2006.
11. Team Cymru. The darknet project. http://www.cymru.com/Darknet/index.html, June 2004.
12. Team Cymru. The Bogon List. http://www.cymru.com/Documents/bogon-list.html, June 2005.
13. Warren Harrop and Grenville Armitage. Greynets: A definition and evaluation of sparsely populated darknets. In Proceedings of the ACM SIGCOMM MineNet Workshop, Philadelphia, PA, August 2005.
14. Internet Assigned Numbers Authority (IANA). Internet Protocol V4 Address Space. http://www.iana.org/assignments/ ipv4-address-space, June 2005.
15. Xuxian Jiang and Dongyan Xu. Collapsar: A VM-based architecture for network attack detention center. In Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA, August 2004.
16. Balachander Krishnamurthy. Mohonk: Mobile honeypots to trace unwanted traffic early. In Proceedings of the ACM SIGCOMM workshop on Network troubleshooting, pages 277-282. ACM Press, 2004.
17. Abhishek Kumar, Vern Paxson, and Nicholas Weaver. Exploiting underlying structure for detailed reconstruction of an internet-scale event. Proceedings of the USENIX/ACM Internet Measurement Conference, October 2005.
18. Craig Labovitz, Abha Ahuja, and Michael Bailey. Shining Light on Dark Address Space. http://www.arbornetworks.com/, November 2001.
19. McAfee. W32/Sdbot.worm. http://vil.nai.com/vil/content/v_100454.htm, April 2003.
20. David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, and Nicholas Weaver. Inside the Slammer worm. IEEE Security & Privacy, 1(4):33-39, 2003.
21. David Moore, Colleen Shannon, Geoffrey M. Voelker, and Stefan Savage. Network telescopes. Technical Report CS2004-0795, UC San Diego, July 2004.
22. David Moore, Geoffrey M. Voelker, and Stefan Savage. Inferring Internet denial-of-service activity. In Proceedings of the Tenth USENIX Security Symposium, pages 9-22, Washington, D.C., August 2001.
23. Richard Mortier. Python routeing toolkit. IEEE Network, 16(5):3-3, September 2002.
24. Ruoming Pang, Vinod Yegneswaran, Paul Barford, Vern Paxson, and Larry Peterson. Characteristics of Internet background radiation. In Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pages 27-40. ACM Press, 2004.
25. Vern Paxson. Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks, 31(23-24):2435-2463, 1999.
26. Niels Provos. A Virtual Honeypot Framework. In Proceedings of the 13th USENIX Security Symposium, pages 1-14, San Diego, CA, USA, August 2004.
27. S. Qiu, Patrick McDaniel, Fabian Monrose, and Avi Rubin. Characterizing address use structure and stability of origin advertizement in interdomain routing. Technical Report NAS-TR-0018-2005, Pennsylvania State University, July 2005.
28. Colleen Shannon, David Moore, and Jeffery Brown. Code-Red: a case study on the spread and victims of an Internet worm. In Proceedings of the Internet Measurement Workshop (IMW), December 2002.
29. Dug Song, Rob Malan, and Robert Stone. A snapshot of global Internet worm activity. FIRST Conference on Computer Security Incident Handling and Response, June 2002.
30. Lance Spitzner. Honeypots: Tracking Hackers. Addison-Wesley, 2002.
31. Lance Spitzner et al. The honeynet project. http://project.honeynet.org/, June 2004.
32. Symantec Corporation. DeepSight Analyzer. http://analyzer.securityfocus.com/, 2005.
33. Johannes Ullrich. DShield. http://www.dshield.org, 2000.
34. University of Oregon. RouteViews project. http://www.routeviews.org/.
35. Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage. Scalability, fidelity and containment in the Potemkin virtual honeyfarm. In Proceedings of the 20th ACM Symposium on Operating System Principles (SOSP), Brighton, UK, October 2005.
36. Jianhong Xia, Lixin Gao, and Teng Fei. Flooding Attacks by Exploiting Persistent Forwarding Loops. Proceedings of the USENIX/ACM Internet Measurement Conference, October 2005.
37. Vinod Yegneswaran, Paul Barford, and Dave Plonka. On the design and use of Internet sinks for network abuse monitoring. In Recent Advances in Intrusion Detection-Proceedings of the 7th International Symposium (RAID 2004), Sophia Antipolis, French Riviera, France, October 2004.
38. Cliff C. Zou, Don Towsley, Weibo Gong, and Songlin Cai. Routing worm: A fast, selective attack worm based on IP address information. Umass ECE Technical Report TR-03-CSE-06, November 2003.