The dark oracle: Perspective-aware unused and unreachable address discovery

Evan Cooke, Michael Bailey, Farnam Jahanian, Richard Mortier

Research output: Contribution to conferencePaperpeer-review

Abstract

Internet traffic destined for unused or unreachable addresses provides critically important information on malicious and misconfigured activity. Since Internet address allocation and policy information is distributed across many devices, applications, and administrative domains, constructing a comprehensive map of unused and unreachable (“dark”) addresses is challenging. In this paper, we present an architecture that automates the process of discovering these dark addresses by actively participating with allocation, routing, and policy systems. Our approach is to adopt a local perspective revealing unreachable external addresses and unused private and local addresses, and enabling the detection of threats coming into and out of a network. To validate the approach, we construct a prototype system called the Dark Oracle that uses internal and external routing data and host configuration information, such as DHCP logs, to automatically discover dark addresses. We experimentally evaluate the prototype using data from a large enterprise network, and a regional ISP, and from deployment of the Dark Oracle on a large academic network.

Original languageEnglish (US)
StatePublished - 2006
Externally publishedYes
Event3rd Symposium on Networked Systems Design and Implementation, NSDI 2006 - San Jose, United States
Duration: May 8 2006May 10 2006

Conference

Conference3rd Symposium on Networked Systems Design and Implementation, NSDI 2006
Country/TerritoryUnited States
CitySan Jose
Period5/8/065/10/06

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering

Fingerprint

Dive into the research topics of 'The dark oracle: Perspective-aware unused and unreachable address discovery'. Together they form a unique fingerprint.

Cite this