1 / 70

Mapping the Internet and intranets

Mapping the Internet and intranets. Steve Branigan Hal Burch Bill Cheswick Bell Labs, Lucent Tech. Motivations. Work on DOS anonymous packet trace back - Internet tomography. Highlands “day after” scenario Curiosity about size and growth of the Internet

libby
Download Presentation

Mapping the Internet and intranets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mapping the Internet and intranets Steve Branigan Hal Burch Bill Cheswick Bell Labs, Lucent Tech.

  2. Motivations • Work on DOS anonymous packet trace back - Internet tomography. • Highlands “day after” scenario • Curiosity about size and growth of the Internet • Same tools are useful for understanding any large network, including intranets

  3. Long term reliable collection of Internet and Lucent connectivity information without annoying too many people Attempt some simple visualizations of the data movie of Internet growth! Develop tools to probe intranets Extended database for researchers The Project

  4. Uses for the Internet data • topography studies • long-term routing studies • publicly available database (“open source”) for spooks • interesting database for graph theorists • combine with other mappers to make an actual map of the Internet

  5. Uses for intranet data • Map “inside” the security perimeter • Take a census of Lucent hosts • Discover hosts that have unauthorized access to both the intranet and the Internet • illegal connections • miss-configured firewalls • maybe miss-configured telecommuters

  6. Network scanning Custom program Concurrently scans towards 500 nets at once Throttled to 100 packets/sec: can do much faster Slow daily scan for host on destination network

  7. Limitations • My view of the Internet, not yours • radical shifts when our ISP situation changes • Outgoing paths only • Takes a while to collect alternating paths • Gentle mapping means missed endpoints • good v. evil

  8. Data collection complaints Australian parliament was the first to complain List of whiners (25 nets) Military noticed immediately Steve Northcutt arrangements/warnings to DISA and CERT

  9. Visualization goals make a map show interesting features debug our database and collection methods hard to fold up geography doesn’t matter use colors to show further meaning

  10. Early layouts Interesting art tantalizing edges interior shows ISPs (colored by IP address!) can’t trace routes can’t even find the probe host

  11. When data is inconvenient, throw some away minimum distance spanning tree connectivity, not actual paths we get more information out of it add other paths to show further information

  12. What kind of maps canwe make?

  13. Current map coloring distance from test host IP address shows communities Geographical (by TLD) ISPs future timing, firewalls, LSRR blocks

  14. By ISP

  15. By top level domain

  16. Yugoslavia Serbia and Bosnia

  17. Results - Internet database 100,000 of the world’s most important routers >150 routes to one destination! Yugoslavia bombing of power infrastructure is apparent Offers for other scan points how to pick them?

  18. 05 October, 1998 23

  19. Recipe for good intranet security • Know what you have. • Then secure it.

  20. Some basic questions… • How large is the network address space for your network? • How many system are actually active on the network? • How much does the network change?

  21. What is an intranet • any network too large to control • hosts residing inside a firewall perimeter • business partner connections • corporate hosts outside of the firewall • DMZs

More Related