Network Fingerprinting: TTL-Based Router Signatures

Speaker : Yves Vanaubel
Universite' de Liege
Date: 12/03/2014
Time: 2:00 pm - 3:00 pm
Location: LINCS Meeting Room 40


Fingerprinting networking equipment has many potential applications and benefits in network management and security. More generally, it is useful for the understanding of network structures and their behaviors. In this paper, we describe a simple fingerprinting mechanism based on the initial TTL values used by routers to reply to various probing messages. We show that main classes obtained using this simple mechanism are meaningful to distinguish routers platforms. Besides, it comes at a very low additional cost compared to standardactive topology discovery measurements. As a proof of concept, we apply our method to gain more insight on the behavior of MPLS routers and to, thus, more accurately quantify their visible/invisible deployment. This work has been published in IMC 2013.