Third time's not a charm: exploiting SNMPv3 for router fingerprinting

@article{Albakour2021ThirdTN,
  title={Third time's not a charm: exploiting SNMPv3 for router fingerprinting},
  author={Taha Albakour and Oliver Gasser and Robert Beverly and Georgios Smaragdakis},
  journal={Proceedings of the 21st ACM Internet Measurement Conference},
  year={2021}
}
In this paper, we show that adoption of the SNMPv3 network management protocol standard offers a unique---but likely unintended---opportunity for remotely fingerprinting network infrastructure in the wild. Specifically, by sending unsolicited and unauthenticated SNMPv3 requests, we obtain detailed information about the configuration and status of network devices including vendor, uptime, and the number of restarts. More importantly, the reply contains a persistent and strong identifier that… 

Internet scale reverse traceroute

Knowledge of Internet paths allows operators and researchers to better understand the Internet and troubleshoot problems. Paths are often asymmetric, so measuring just the forward path only gives

Network measurement methods for locating and examining censorship devices

A censorship traceroute method, CenTrace, is developed that automatically identifies the network location of censorship devices, and certain CenFuzz strategies such as using a different HTTP method succeed in evading a large portion of these censorship devices.

References

SHOWING 1-10 OF 51 REFERENCES

An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks

This document describes an architecture for describing Simple Network Management Protocol (SNMP) Management Frameworks, designed to be modular to allow the evolution of the SNMP protocol standards over time.

Learning Regexes to Extract Router Names from Hostnames

A system that automatically learns to extract router names (router identifiers) from hostnames stored by network operators in different DNS zones, which is represented by regular expressions (regexes), is presented.

LZR: Identifying Unexpected Internet Services

Investigating where Internet services are deployed in practice and evaluating the security posture of services on unexpected ports shows protocol deployment is more diffuse than previously believed and that protocols run on many additional ports beyond their primary IANA-assigned port.

Follow the scent: defeating IPv6 prefix rotation privacy

This work develops measurement techniques that exploit these legacy devices to make tracking such moving IPv6 clients feasible by combining intelligent search space reduction with modern high-speed active probing.

Classifying Network Vendors at Internet Scale

This paper uses Internet-wide scanning, banner grabs of network-visible devices across the IPv4 address space, and clustering techniques to assign labels to more than 160,000 devices, and subsequently probes these devices to train a classifier that can accurately classify device vendors.

APPLE: Alias Pruning by Path Length Estimation

The approach, Alias Pruning by Path Length Estimation (apple), avoids relying on router manufacturer and operating system specific implementations of IP and filters potential router aliases seen in traceroute by comparing the reply path length from each address to a distributed set of vantage points.

Discovering the IPv6 Network Periphery

This work introduces "edgy," an approach to explicitly discover the IPv6 network periphery, and uses it to find >~64M IPv6 periphery router addresses and >~87M links to these last hops -- several orders of magnitude more than in currently available IPv6 topologies.

Alias Resolution Based on ICMP Rate Limiting

Limited Ltd. not only is the first tool that can perform alias resolution on IPv6 routers that do not generate monotonically increasing fragmentation IDs but it also complements the state-of-the-art techniques for IPv4 alias resolution.

Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists

It is shown that addresses in IPv6 hitlists are heavily clustered, and a rigorous method to detect aliased prefixes is developed, which identifies 1.5 % of the authors' prefixes as aliased, pertaining to about half of the target addresses.
...