Paper Info
Title
Server Siblings: Identifying Shared Ipv4/Ipv6 Infrastructure Via Active Fingerprinting
Abstract
We present, validate, and apply an active measurement technique that ascertains whether candidate IPv4 and IPv6 server addresses are "siblings," i.e., assigned to the same physical machine. In contrast to prior efforts limited to passive monitoring, opportunistic measurements, or end-client populations, we propose an active methodology that generalizes to all TCP-reachable devices, including servers. Our method extends prior device fingerprinting techniques to improve their feasibility in modern environments, and uses them to support measurement-based detection of sibling interfaces. We validate our technique against a diverse set of 61 web servers with known sibling addresses and find it to be over 97% accurate with 99% precision. Finally, we apply the technique to characterize the top similar to 6,400 Alexa IPv6-capable web domains, and discover that a DNS name in common does not imply that the corresponding IPv4 and IPv6 addresses are on the same machine, network, or even autonomous system. Understanding sibling and non-sibling relationships gives insight not only into IPv6 deployment and evolution, but also helps characterize the potential for correlated failures and susceptibility to certain attacks.
Year
DOI
Venue
2015
10.1007/978-3-319-15509-8_12
PASSIVE AND ACTIVE MEASUREMENT (PAM 2015)
Field
DocType
Volume
IPv6,IPv4,Passive monitoring,Computer science,Domain Name System,Server,Computer network,IPv6 address,Autonomous system (mathematics),Web server
Conference
8995
ISSN
Citations 
PageRank 
0302-9743
9
0.56
References 
Authors
9
2
Name
Order
Citations
PageRank
Robert Beverly136132.92
Arthur W. Berger242026.59