You are here

Network Fingerprinting: TTL-Based Router Signature

TitleNetwork Fingerprinting: TTL-Based Router Signature
Publication TypeConference Paper
Year of Publication2013
AuthorsVanaubel, Y., J-J. Pansiot, P. Mérindol, and B. Donnet
Conference NameACM/USENIX Internet Measurement Conference (IMC)
Date Published10/2013
Conference LocationBarcelona, Spain
Keywordsfingerprinting, initial TTL, MPLS router signature, network discovery

Fingerprinting networking equipment has many potential applications and benefits in network management and security. More generally, it is useful for the understanding of network structures and their behaviors. In this paper, we describe a simple fingerprinting mechanism based on the initial TTL values used by routers to reply to various probing messages. We show that main classes
obtained using this simple mechanism are meaningful to distinguish routers platforms. Besides, it comes at a very low additional cost compared to standard active topology discovery measurements. As a proof of concept, we apply our method to gain more insight on the behavior of MPLS routers and to, thus, more accurately quantify their visible/invisible deployment.

Citation KeyVan2013
Project year: 
First year
WP(s) associated with the paper: 
WP2 - Programmable Probes
Partner(s) associated with the paper's author(s): 
Universite de Liege
Is this an OFFICIALLY supported mPlane paper?: