|
Topic Name: ANT Censuses of the Internet Address Space
Category: Networking
Research persons: John Heidemannn
Location: Los Angeles,The University of Southern California, United States
Details
Researchers at the University of Southern California Information Sciences Institute, one of the birthplaces of the Internet decades ago, have just completed and plotted a comprehensive census of all of the more 2.8 billion allocated addresses on the Internet -- the first complete effort of its kind in more than two decades, they say.
"An Internet census," explains John Heidemannn, an ISI project leader who also has an appointment in the USC Viterbi School of Engineering computer science department, "is just that: every single assigned address in the entire Internet was sent a probe."
The technical name for an Internet probe, more commonly called a "ping" is an "Internet Control Message Protocol (ICMP) echo request packet." It took some 62 days to send almost 3 billion of these from three machines, an effort carried out by Heidmann's ISI collaborator Yuri Pradkin.
Many (61 percent) of the pings received no response at all. Many others got a "do not disturb" or "no information available" response that many network administrators program into their routers and firewalls. Some of the non- replies were probably also due to firewalls intentionally blocking the pings. Still, as the census went on, millions of sites did respond, positively and negatively, and a unique Internet atlas took shape.
The atlas is not geographic, though geographic areas (North American, Europe, etc) show up on it. Instead, it is numerical, building on the mathematical structure of the Internet address system.
Each Internet address is a number between 0 and 2 to the 32nd power (4,294,967,295), usually written in "dotted- decimal notation" as four base-10 numbers separated by periods; for example 128.150.4.107. Each number represents one 8-bit part of the whole address.
These addresses appear in the chart as a grid of squares, each square representing all the addresses beginning with the same first number ("128," in the preceding example). The map is arranged in ascending numerical order, but instead in a looping pattern called a Hilbert curve, which keeps adjacent addresses physically near each other, on chart," but also makes it possible to zoom seamlessly in to show greater detail. "The idea of using a Hilbert curve actually came from a web comic, xkcd," said Heidemann.
The smallest feature the map shows is a singe pixel, which is records averaged responses from some 65,536 (2 to the 16th) addresses. The averaging is conveyed by color coding, with all-positive responses showing up as brilliant green, all- negative as brilliant red, equal numbers as brilliant yellow, with brilliance decreasing down to dim shades in areas where fewer addresses respond.
The map presents a novel census view of the visible Internet. "To our knowledge," said Heidemann," the only other census of the Internet was in 1982," when the Intenet consisted of 315 allocated addresses.
Heidemannn and Pradkin have also plotted a second rendering where each pixel represents a single address. When printed out at laser-printer resolution, this map that literally shows every address in the Internet takes up a 9x9 foot space on a corridor wall in ISI's Marina del Rey campus.
The project is continuing. Heidemann hopes to continue censuses to create not just a snapshot -which is what the current map is - but a dynamic movie of Internet evolution, which can aid in detecting and monitoring trends. He and his collaborators are intensively studying the census results working toward this goal.
While the new census is the first they have visualized. ISI has been taking censuses since 2003, when Praydkin and Joseph Bannister (of ISI) and Ramesh Govindan (of the USC Viterbi School of Engineering, started collecting data. Their hopes were to study the growth of the Internet, and their group is still processing this data to look for trends.
"Internet census data is useful for several reasons", Heidemannn says. "As the Internet use becomes widespread, we are running out of Internet addresses—good predictions by Geoff Huston suggest all addresses may be allocated as soon as early 2010. The IETF (Internet Engineering Task Force, the technical body that manages the Internet) has anticipated this since the 1990s and designed a new protocol, IPv6, to solve this problem, but deployment has been slow. Our data can help illustrate the need to move forward."
It's hoped tha tthe census also can improve Internet security. In fact, the Department of Homeland Security "supported our work with the goal of improving network security," said Heidemann, pointing to the work of ISI researcher Jelena Mirkovic that is using this census data to study how worms spread in the Internet. Other researchers have plotted maps of where cyber-attacks originate.
"There’s also a sense of discovery in these maps", Heidemannn says. "We’ve built a huge Internet and use it every day. Like the far side of the moon, wouldn’t you like to know what it looks like?"
The census was undertaken by the Ant project, a research group, according to its web site, " spanning USC/ISI, the USC and Colorado State University Computer Science Departments, the USC Electrical Engineering department, and USC's Information Technology Services,. We're looking at novel ways to examine network traffic."
ISI was one of the original nurseries of the Internet, playing a key role in the development of the domain name system and other features. ISI computer scientist Jon Postel (1943-1998) directed the Internet Assigned Numbers Authority for years.
The Department of Homeland Security and the National Science Foundation supported the research.
Note for Internet Address...
An IP address (Internet Protocol address) is a unique address that certain electronic devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP)—in simpler terms, a computer address. Any participating network device—including routers, switches, computers, time-servers, printers, Internet fax machines, and some telephones—can have their own unique address.
In other words, the IP address acts as a locator for one IP device to find another and interact with it. It is not intended, however, to act as an identifier that always uniquely identifies a particular device.
An IP address can also be thought of as the equivalent of a street address or a phone number (compare: VoIP (voice over (the) internet protocol)) for a computer or other network device on the Internet. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. An IP address differs from other contact information, however, because the linkage of a user's IP address to his/her name is not publicly available information.
Further, an IP address is not necessarily linked, in a persistent way, to a physical location or even data link layer address.
In the past, an IP address could be considered a unique identifier of a particular IP host, in addition to being a locator. When it was usable as an identifier, it was static, and it was assumed to be globally unique from end to end of the Internet.
In current practice, an IP address is less likely to be an identifier, due to technologies such as:
Dynamic assignment, as with an address that is assigned by the access device by which the user's host connects over a dialup telephone line or by a set-top box for an IP over cable network. However the network provider maintains a database of which IP address was assigned to which access port on dialup, or MAC address on LANs or broadband networks. This information, assuming it is available to the investigator, may help to identify the computer, although that is unlikely if it was a dialup connection where the identifier is of the dial-in port, not the computer itself. More extensive forensic work, with access to telephone records, may identify the calling telephone, although that may itself be a "cutout" on the way to the real telephone.
Network address translation (or NAT), a feature common on gateway routers in corporate networks or home LANs, where the address visible to the Internet is the "outside" of a device that maps it to a completely different and hidden address on the "inside". See IP Address Translation, below.
IP versions
The Internet Protocol has two versions currently in use (see IP version history for details). Each version has its own definition of an IP address. Because of its prevalence, "IP address" typically refers to those defined by IPv4.
An illustration of an IP address (version 4), in both dot-decimal notation and binary.
IP version 4
IPv4 only uses 32-bit (4 bytes) addresses, which limits the address space to 4,294,967,296 (232) possible unique addresses. However, many are reserved for special purposes, such as private networks (~18 million addresses) or multicast addresses (~270 million addresses). This reduces the number of addresses that can be allocated as public Internet addresses, and as the number of addresses available is consumed, an IPv4 address shortage appears to be inevitable in the long run. This limitation has helped stimulate the push towards IPv6, which is currently in the early stages of deployment and is currently the only contender to replace IPv4.
Example: 127.0.0.1 (Loopback)
An illustration of an IP address (version 6), in hexadecimal and binary.
IP version 6
IPv6 is the new standard protocol for the Internet. Windows Vista, Apple Computer's Mac OS X, and an increasing range of Linux distributions include native support for the protocol, but it is not yet widely deployed elsewhere.
Addresses are 128 bits (16 bytes) wide, which, even with a generous assignment of netblocks, will more than suffice for the foreseeable future. In theory, there would be exactly 2128, or about 3.403 × 1038 unique host interface addresses. Further, this large address space will be sparsely populated, which makes it possible to again encode more routing information into the addresses themselves.
Example: 2001:0db8:85a3:08d3:1319:8a2e:0370:7334
One source notes that there will exist "roughly 5,000 addresses for every square micrometer of the Earth's surface". This enormous magnitude of available IP addresses will be sufficiently large for the indefinite future, even though mobile phones, cars and all types of personal devices are coming to rely on the Internet for everyday purposes.
The above source, however, involves a common misperception about the IPv6 architecture. Its large address space is not intended to provide unique addresses for every possible point. Rather, the addressing architecture is such that it allows large blocks to be assigned for specific purposes and, where appropriate, aggregated for provider routing. With a large address space, there is not the need to have complex address conservation methods as used in classless inter-domain routing (CIDR).
Note for ping...
ping is a computer network tool used to test whether a particular host is reachable across an IP network. It works by sending ICMP “echo request” packets to the target host and listening for ICMP “echo response” replies. ping estimates the round-trip time, generally in milliseconds, and records any packet loss, and prints a statistical summary when finished.
The word ping is also frequently used as a verb or noun, where it can refer directly to the round-trip time, the act of running a ping program or measuring the round-trip time.
History
Mike Muuss wrote the program in December, 1983, as a tool to troubleshoot odd behavior on an IP network. He named it after the pulses of sound made by a sonar, since its operation is analogous to active sonar in submarines, in which an operator issues a pulse of energy (a network packet) at the target, which then bounces from the target and is received by the operator. Later David L. Mills provided a backronym, "Packet InterNet Grouper (Groper)" (sometimes also defined as "Packet Inter-Network Groper).
The usefulness of ping in assisting the "diagnosis" of Internet connectivity issues was impaired from late in 2003, when a number of Internet Service Providers filtered out ICMP Type 8 (echo request) messages at their network boundaries. This was partly due to the increasing use of ping for target reconnaissance, for example by Internet worms such as Welchia that flood the Internet with ping requests in order to locate new hosts to infect. Not only did the availability of ping responses leak information to an attacker, it added to the overall load on networks, causing problems for routers across the Internet.
Although RFC 1122 prescribes that any host must accept an echo-request and issue an echo-reply in return, one finds that this standard is frequently not followed on the public Internet. Notably, Windows XP SP1 will not respond to an echo request in the default configuration.
Proponents of not honoring echo requests say that this practice increases network security. However, attackers can and will send network packets to a machine, regardless of whether it responds to a ping. Those who insist that the standard be followed say that not honoring ping interferes with network diagnostics.
About Researcher
John Heidemannn,
An ISI project leader who also has an appointment in the USC Viterbi School of Engineering computer science department.
About Fund
United States Department of Homeland Security (DHS)
The United States Department of Homeland Security (DHS), commonly known in the United States as Homeland Security, is a Cabinet department of the Federal Government of the United States with the responsibility of protecting the territory of the United States from terrorist attacks and responding to natural disasters.
Whereas the Department of Defense is charged with military actions abroad, the Department of Homeland Security works in the civilian sphere to protect the United States within, at, and outside its borders. Its goal is to prepare for, prevent, and respond to domestic emergencies, particularly terrorism. On March 1, 2003, the DHS absorbed the now defunct United States Immigration and Naturalization Service (INS), and assumed its duties.
With over 200,000 employees, DHS is the third largest cabinet department in the U.S. federal government after the Department of Defense and Department of Veterans Affairs. Homeland security policy is coordinated at the White House by the Homeland Security Council, with Frances Townsend as the Homeland Security Advisor. Other agencies with significant homeland security responsibilities include the Department of Health and Human Services, the Department of Justice, and the Department of Energy.
About National Science Foundation (NSF
The National Science Foundation (NSF) is a United States government agency that supports fundamental research and education in all the non-medical fields of science and engineering. Its medical counterpart is the National Institutes of Health. With an annual budget of about $5.91 billion (fiscal year 2007), NSF funds approximately 20 percent of all federally supported basic research conducted by the United States' colleges and universities. In some fields, such as mathematics, computer science, economics and the social sciences, NSF is the major source of federal backing.
The NSF's director, its deputy director, and the 24 members of the National Science Board (NSB)are appointed by the President of the United States, and confirmed by the United States Senate. The director and deputy director are responsible for administration, planning, budgeting and day-to-day operations of the foundation, while the NSB meets six times a year to establish its overall policies. The current NSF director is Dr. Arden L. Bement, Jr., and the current deputy director is Dr. Kathie L. Olsen.
About The University of Southern California
History
Los Angeles was a rough-and-tumble frontier town in the early 1870s, when a group of public-spirited citizens led by Judge Robert Maclay Widney first dreamed of establishing a university in the region. It took nearly a decade for this vision to become a reality, but in 1879 Widney formed a board of trustees and secured a donation of 308 lots of land from three prominent members of the community - Ozro W. Childs, a Protestant horticulturist; former California governor John G. Downey, an Irish-Catholic pharmacist and businessman; and Isaias W. Hellman, a German-Jewish banker and philanthropist. The gift provided land for a campus as well as a source of endowment, the seeds of financial support for the nascent institution. When USC first opened its doors to 53 students and 10 teachers in 1880, the “city” still lacked paved streets, electric lights, telephones and a reliable fire alarm system. Today, USC is home to more than 33,000 students and nearly 3,200 full-time faculty, and is located in the heart of one of the biggest metropolises in the world.Explore the timeline below to discover highlights in the history of the oldest independent teaching and research university in the West.
Presidents of the University of Southern California
Marion M. Bovard 1880-1891
Joseph P. Widney 1892-1895
George W. White 1895-1899
George F. Bovard 1903-1921
Rufus B. von KleinSmid 1921-1947
Fred D. Fagg, Jr. 1947-1957
Norman H. Topping 1958-1970
John R. Hubbard 1970-1980
James H. Zumberge 1980-1991
Steven B. Sample 1991-
|
