Date: August 5, 1:00 - 3:30pm UTC
Webex link: https://ietf.webex.com/ietf/j.php?MTID=m8506f91d53fc769f2afaaa81c917c0ef
See also https://datatracker.ietf.org/doc/draft-mcfadden-smart-rfc3552-textual-research/
This paper was presented at PAM'20 and the video available is available here: https://www.youtube.com/watch?v=45qWYQRlAak
This talk contains only a short summary and some updates. If you would like to see the full talk, please watch the video in advance!
This paper was presented at TMA'20 and the video available is available here: https://vimeo.com/425663114
This talk contains only a short summary and some updates. If you would like to see the full talk, please watch the video in advance!
See also https://datatracker.ietf.org/doc/draft-mcfadden-smart-rfc3552-textual-research/
RFC3552 provides guidance to authors in crafting RFC text on Security Considerations. The RFC is more than fifteen years old. With the threat landscape and security ecosystem significantly changed since the RFC was published, RFC3552 is a candidate for update. This draft proposes that, prior to drafting an update to RFC3552, an examination of recent, published Security Considerations sections be carried out as a baseline for how to improve RFC3552. It suggests a methodology for examining Security Considerations sections in published RFCs and the extraction of both quantitative and qualitative information that could inform a revision of the older guidance. It also reports on a recent experiment on textual analysis of sixteen years of RFC Security Consideration sections.
We'll present early results of an observational study of round-trip times on the internet.
We focused on the RTT variation observed within a day for several million datacenter+client IP pairs, as measured during the 3-way handshake while establishing TCP connections.
We also examine the scope of CE-marking AQM deployment and the aggregated latency differences between paths with vs. without such AQMs.
These are early observations from an analysis work in progress, and we're interested in feedback, insights, and suggestions from maprg.
Due to Content Delivery Networks and Edge Computing, the end-to-end latency of today's mobile radio networks becomes increasingly dominated by the effects of the Media Access Control (MEC) layer and the variances resulting from it. We evaluated the performance of TCP Cubic in what we consider a perfect LTE lab environment with one user and perfect radio conditions. We expected some variance in file up- and download times, resulting from latency variances from the MEC layer, but we were surprised about their magnitude and causes.
We saw a large variance of the Slow Start Phase (called HyStart in TCP Cubic) duration of the TCP Cubic implementation used (default Linux Kernel implementation). We continued to further investigate that within a Master Thesis and realized that the performance of the current implementation is almost random in the sense that minimal variations in packet latencies can have large impact on when the TCP Cubic implementation leaves the Slow Start Phase triggered by a detected change of latency. In some cases we even saw an unintended behavior where samples with reduced, not increased latency, caused the end of Slow Start.
We would like to share our findings with the community, especially latency statistics of the different packets within the Slow Start Phase and possible impacts it has on the behavior of TCP Cubic HyStart.
Published at PAM2020: https://arxiv.org/pdf/2002.05400.pdf
Standards govern the SHOULD and MUST requirements for protocol implementers for interoperability. In case of TCP that carries the bulk of the Internets’ traffic, these requirements are defined in RFCs. While it is known that not all additional features are implemented and non-conformance exists, one would assume that TCP implementations at least conform to the minimum set of MUST requirements. In this paper, we utilize Internet-wide scans to establish how Internet hosts and paths conform to these basic requirements. We uncover a non-negligible set of Internet hosts and paths that do not adhere to even basic requirements. For example, we observe hosts that do not correctly handle checksums and cases of middlebox interference for TCP options. We identify hosts that drop packets when the urgent pointer is set or simply crash. Our results highlight that conformance to even fundamental protocol requirements should not be taken for granted but instead checked regularly.
Video available from PAM: https://www.youtube.com/watch?v=45qWYQRlAak
This talk contains only a short summary and some updates. If you would like to see the full talk, please watch the video in advance!
Published at TMA2020: https://sdstrowes.co.uk/publications/strowes-2020-2a10.pdf
During one week in January 2020, the RIPE NCC advertised a previously unallocated IPv6 /12 in an effort to "debogonise" the space prior to allocation to members. To help +us identify unintended or undesirable activity in this address space, we collected all network traffic that the advertisement attracted. We also ran RIPE Atlas measurements to investigate reachability, and we analysed RIS routing data to investigate BGP visibility.
This talk will cover the results from each of these three data sources. The captured traffic is the first significant IPv6 darknet study since 2013. Discounting the RIPE Atlas measurement traffic, this address space attracted 6.2M packets carrying various payloads over the course of the week, and provides fresh inside into IPv6 "background noise" in 2020.
Video available from TMA: https://vimeo.com/425663114
This talk contains only a short summary and some updates. If you would like to see the full talk, please watch the video in advance!
We have been testing Google QUIC over geosynchronous satellite, focused on high throughput. Specifically, we need to know how much throughput degrades (as compared to spoofed TCP) with the latency. And, how much it degrades further in the presence of packet loss. In particular, packet loss on the WiFi links on the satellite terminal side are a common problem for Internet over satellite users. The presentation is about our results. (Ultimately, of course, we want to motivate changes to IETF QUIC in version 2 to close the gap.)
Presented in PANRG: https://www.youtube.com/watch?v=6wtai03QNKE
Published at IMC2019: https://www.isi.edu/~johnh/PAPERS/Moura19a.pdf
Why is it interesting for MAPRG: well, it turns out that no one knows how to choose TTL values for DNS. The Root zone have TTLs values of 2 days, while cloud services have 5 seconds.
This paper carefully examines pros and cons of shorter and longer TTLs, in terms of user experience and query volume. We carry tons of experiments and carefully control variables to help ops to choose values.
Presented at RIPE: https://ripe80.ripe.net/archives/video/322 Slides PDF: https://ripe80.ripe.net/presentations/15-20200512-Counterfighting-Counterfeit-RIPE80.pdf
Published at PAM2020
Free preview: https://www.semanticscholar.org/paper/Counterfighting-Counterfeit%3A-Detecting-and-Taking-a-Wabeke-Moura/93e87ff998a5683c9a1e20354367999f48aeecdf
Why is it interesting for MAPRG: this one is about abuse on DNS. Luxury goods are the number one confiscated goods at EU and US customs. Their sales have moved online too. We show how crooks have employing thousand of websites to lure users to their shops, which ultimately get scammed -- thinking they are buying a real product, only to receive a cheap, low quality knock-off. This paper shows the 2 year effort we carried at .nl to take down 4k+ of this domains, which ultimately were causing losses to real folks. We show that most of them seem to come from China, and how they attemtp to evade detection. We partner with registrars and a credit card issuer to carry out and validate the results.
Presented at RIPE: https://ripe79.ripe.net/archives/video/184 Slides PDF: https://ripe79.ripe.net/presentations/47-presentation.pdf