MAPRG @ IETF 112

November 9, 2021, 14:30-15:30 UTC

All slides

Overview & Status - Dave & Mirja (5 min)

TsuNAME: exploiting misconfiguration and vulnerability to DDoS DNS - Giovane C. Moura (15 mins)

Jonathan Hoyland: Have you seen GRoot, which also does cycle hunting in DNS. Is your tool similar?
Giovane: No, please share a link.
Jonathan Hoyland (in chat): https://www.microsoft.com/en-us/research/uploads/prod/2020/07/sigcomm2020-final157.pdf

Daniel Gilmore: What clients were looping?
Giovane: We used RIPE atlas. A version of Power DNS from 2014 and Microsoft from 2008. Google was the major responsible for the traffic, clients from Google would loop, but my vantage points did not allow me to see what clients these were.

Daniel Gilmore (in chat): Are there CNAME loops?
Giovane (in chat): We tried CNAME cycles too, but resolvers are pretty good in detecting them. (RFC1034 or 1035 is very specific about CNAME loops and what to do, but not about NSes)

Recommendations on using VPN over SATCOM access - Nicolas Kuhn (10 mins)

Dave Plonka: What are the numbers on the results slide? Total time to completion?
Nicolas: Yes.

Tommy Pauly: What can happen if we look at QUIC-based proxies, as in MASQUE, for both reliable and unreliable transfers? With an ecosystem of QUIC proxies, could we get the best of both worlds in loss and no-loss scenarios?
Nicolas: We are interested in deploying MASQUE in these systems, but we didn't have running code. OpenVPN UDP which doesn't use congestion control already shows some trends. But we want to investigate further.

IoTLS: understanding TLS usage in consumer IoT devices - Muhammad Talha Paracha (10 mins)

Benjamin Schwartz: You were only able to measure root stores for 8 devices. What about the other 16 devices?
Talha: Either not TLS alert at all or they would send the same TLS alert, so we needed to find a different channel to study them. TLS does not mandate sending these alerts.

Hannes Tschofenig: What type of device were these? High-end or low-end?
Talha: All popular consumer devices, high-end. Slide deck has a list.
Hannes: Running off-the-shelf Linux?
Talha: Yes.

Andrew Campling: Did you consider differences between native app VS browser client? Did you look at different device types?
Kyle: We looked at Google Meet in Chrome, and Microsoft Teams in browser. Device type: Most experiments on Dell laptop running Ubuntu, but also replicated some experiments on Mac. Laptops only.
Andrew: I was thinking different processors. Let's discuss offline.

Ali Begen: Teams VS competing clients, were you double-checking you were capturing the same video? Talking head vs moving makes a difference.
Kyle: Yes, we had a prerecorded talking head video that we used for all experiments.