Router Fingerprinting Project

On this page, we present the results of ongoing efforts to understand router deployments on the Internet.

Publications

Illuminating Router Vendor Diversity Within Providers and Along Network Paths

Download paper: Illuminating Router Vendor Diversity Within Providers and Along Network Paths

Abstract. The Internet architecture has facilitated a multi-party, distributed, and heterogeneous physical infrastructure where routers from different vendors connect and inter-operate via IP. Such vendor heterogeneity can have important security and policy implications. For example, a security vulnerability may be specific to a particular vendor and implementation, and thus will have a disproportionate impact on particular networks and paths if exploited. From a policy perspective, governments are now explicitly banning particular vendors— or have threatened to do so. Despite these critical issues, the composition of router vendors across the Internet remains largely opaque. Remotely identifying router vendors is challenging due to their strict security posture, indistinguishability due to code sharing across vendors, and noise due to vendor mergers. We make progress in overcoming these challenges by developing LFP, a tool that improves the coverage, accuracy, and efficiency of router fingerprinting as compared to the current state-of- the-art. We leverage LFP to characterize the degree of router vendor homogeneity within networks and the regional distribution of vendors. We then take a path-centric view and apply LFP to better understand the potential for correlated failures and fate-sharing. Finally, we perform a case study on inter- and intra-United States data paths to explore the feasibility to make vendor-based routing policy decisions, i.e., whether it is possible to avoid a particular vendor given the current infrastructure.

Authors. Taha Albakour, Oliver Gasser, Robert Beverly, and Georgios Smaragdakis.

You can find the signature list and quick start scripts here. If you are using these signatures in your publication, please cite our work with the following reference: @inproceedings{IMC2023-Fingerprinting,
   title = {Illuminating Router Vendor Diversity Within Providers and Along Network Paths},
   author = {Taha Albakour and Oliver Gasser and Robert Beverly and Georgios Smaragdakis},
   booktitle = {Proceedings of the 2023 ACM Internet Measurement Conference},
   year = {2023},
   doi = {10.1145/3618257.3624813}
}

Pushing Alias Resolution to the Limit

Download paper: Pushing Alias Resolution to the Limit

Abstract. In this paper, we show that utilizing multiple protocols offers a unique opportunity to improve IP alias resolution and dual-stack inference substantially. Our key observation is that prevalent protocols, e.g., SSH and BGP, reply to unsolicited requests with a set of values that can be combined to form a unique device identifier. More importantly, this is possible by just completing the TCP handshake. Our empirical study shows that utilizing readily available scans and our active measurements can double the discovered IPv4 alias sets and more than 30x the dual-stack sets compared to the state-of-the-art techniques. We provide insights into our method's accuracy and performance compared to popular techniques.

Authors. Taha Albakour, Oliver Gasser, and Georgios Smaragdakis.

You can find the alias and dual-stack datasets here. If you are using this dataset in your publication, please cite our work with the following reference: @inproceedings{IMC2023-Alias,
   title = {Pushing Alias Resolution to the Limit},
   author = {Taha Albakour and Oliver Gasser and Georgios Smaragdakis},
   booktitle = {Proceedings of the 2023 ACM Internet Measurement Conference},
   year = {2023},
   doi = {10.1145/3618257.3624840}
}

Third Time’s Not a Charm: Exploiting SNMPv3 for Router Fingerprinting

Download paper: Third Time's Not a Charm: Exploiting SNMPv3 for Router Fingerprinting

Abstract. In this paper, we show that adoption of the SNMPv3 network management protocol standard offers a unique—but likely unintended—opportunity for remotely fingerprinting network infrastructure in the wild. Specifically, by sending unsolicited and unauthenticated SNMPv3 requests, we obtain detailed information about the configuration and status of the network device including vendor, uptime, and the number of restarts. More importantly, the reply contains a persistent and strong identifier that allows for lightweight Internet-scale alias resolution and dual IPv4/IPv6 stack association. By launching active Internet-wide SNMPv3 scan campaigns, we show that our technique can fingerprint more than 12 million devices and around 350k network routers. Not only is our technique lightweight and accurate, it is complementary to existing alias resolution, dual-stack inference, and fingerprinting approaches. Our analysis not only provides fresh insights into the router deployment strategies of network operators worldwide, but also highlights potential vulnerabilities of SNMPv3 as currently deployed.

Authors. Taha Albakour, Oliver Gasser, Robert Beverly, and Georgios Smaragdakis.

Data Request

We make the raw measurement data available to fellow researchers. To request access, please send us an email.

Contact

You can contact us at info@snmpv3.io.