MAT Working Group Minutes - RIPE 89
Date: Tuesday, 29 October 2024, 16:00 - 17:30 (UTC+1)
Chairs: Massimo Candela, Stephen Strowes, Nina Bargisen (Absent)
Scribe: Adonis Stergiopoulos
Status: Draft
View the recordings
View the stenography transcript
View the chat logs
Welcome
Massimo Candela welcomed attendees to the Measurement, Analysis and Tools Working Group (WG) session at RIPE 89. Massimo introduced the WG’s co-chairs, Stephen Strowes, and Nina Bargisen, and explained that Nina could not be present at the meeting. He continued by introducing the agenda of the day.
Measuring and Visualizing DNS Watersheds
Jim Cowie, Internet History Initiative
The presentation slides are available at:
https://ripe89.ripe.net/wp-content/uploads/presentations/43-Cowie-MAT-RIPE89-v001.pdf
Jim Cowie began by presenting on the study of DNS “watersheds,” exploring how geographical and network proximities impact the routing of DNS queries. His analysis leveraged RIPE Atlas data, mapping DNS queries to their authoritative servers. He discussed how variations in resolver configurations affect latency and hinted at the “historical record” being established through measurements like traceroutes and DNS resolutions.
Silvan Gebhardt, Openfactory GmbH, asked if future statistics could account for local censorship's impact on the move to open resolvers. Jim agreed, noting that time-series data could illuminate such correlations.
Mirja Kühlewind, Ericsson, clarified whether the observed trends reflected the choices of tech-savvy users. Jim confirmed that Atlas probe users might not use default DHCP settings, opting instead for resolvers like Quad9 for additional security. Nina asked whether different resolvers could be used for specific devices, which Jim acknowledged, noting the separation between Atlas probe configurations and other devices.
A First Look at User-Installed Residential Proxies From a Network Operator's Perspective
Etienne Khan, University of Twente
The presentation slides are available at:
https://ripe89.ripe.net/wp-content/uploads/presentations/70-ripe89_mat_wg_residential_proxies.pdf
Etienne Khan presented his research on user-installed residential proxies, noting how such proxies obscure real IP addresses, facilitating evasive Internet activities. He shared insights into the operational structure of these proxies, revealing diverse uses from content unblocking to fraudulent account creation. His analysis of data from a testbed with anonymized residential proxies found considerable abuse cases, including sophisticated phishing attempts.
Vasilis Giotsas, Cloudflare, asked what are the indicators for resistance proxies after traffic leaves the ISP. Etienne explained that backhaul servers with high data volume often signal residential proxies and suggested that ISPs could detect proxies by monitoring DNS requests.
Mirja Kühlewind, Ericsson, questioned whether proxies always serve malicious actors. Etienne responded that motivations vary but noted that residential proxies frequently support activities bypassing data centre IP restrictions.
IoT Bricks Over v6
Tianrui Hu, Northeastern University
The presentation slides are available at:
https://ripe89.ripe.net/presentations/29-IMC24-IoT-IPv6-RIPE.pdf
Tianrui Hu investigated IPv6 readiness in IoT devices, finding limited support and functionality under IPv6-only conditions. His research illustrated that while some devices are IPv6-enabled, full operational functionality often required dual-stack networks.
Jen Linkova, Google, noted that the test setup excluded DNS64, potentially affecting the results, and inquired about the impact if DNS64 were integrated. Hu acknowledged the omission and indicated plans for additional testing with DNS64 support. Jen continued and asked if they used SLAAC or had both a DHCP v6 and SLAAC setup. Tianrui replied that they have three different configurations: one with SLAAC, one with DHCP v6 and one with both.
Stephen Strowes questioned the progress of manufacturers in updating IoT devices with stable IPv6 identifiers, to which Tianrui responded that while several manufacturers acknowledged the issues, updates remain pending.
Target Acquired? Evaluating Target Generation Algorithms for IPv6
Lion Steger, Technical University of Munich
The presentation slides are available at:
https://ripe89.ripe.net/presentations/22-slides_steger.pdf
Lion Steger presented on biases in IPv6 hit lists and the resulting impact on target generation algorithms (TGAs). His study analysed data from the IPv6 hit list service and showed ISP addresses dominated hit lists, impacting algorithm accuracy. He advocated for careful selection of hit list inputs based on specific network research goals to avoid skewed scanning results.
Tobias Fiebig, MPI-INF, asked whether ISP address overrepresentation actually constituted bias, suggesting it might reflect the Internet’s distribution. Lion explained that while ISP dominance in hit lists is natural, the disparity affects algorithmic outputs, impacting measurement accuracy.
What’s in the Dataset Unboxing the APNIC User Populations
Vasilis Giotsas, Cloudflare
The presentation slides are available at:
https://ripe89.ripe.net/presentations/77-UnboxingAPNIC-RIPE89.pdf
Vasilis Giotsas evaluated the accuracy of APNIC’s Internet user population estimates, noting discrepancies in countries with lower ad samples or unique Internet structures. The study proposed that sampling ratios and Google Ad distribution significantly influence APNIC estimates.
Daniele Arena, NAMEX, asked if CDN data used in their research could be made public. Vasilis noted privacy restrictions currently limit this but expressed interest in exploring anonymized, aggregated data sharing.
Libor Peltan, CZ.NIC, raised a question on the practical challenges of defining “users,” particularly in cases where individuals connect across multiple networks. Vasilis answered that they are making educated guesses to mitigate scenarios like these, using estimated ranges rather than exact figures.
RPKI Flutter
Emile Aben, RIPE NCC
The presentation slides are available at:
https://ripe89.ripe.net/presentations/76-rpki-flutter-ripe89-emileaben.pdf
Emile Aben introduced “RPKI Flutter,” a tool designed to capture granular RPKI data by tracking validation status changes across multiple vantage points. The dataset enables near real-time analysis of the RPKI ecosystem, revealing insights like regional discrepancies in routing policies.
Emile asked if any questions could be discussed during the break.
Closing Remarks
Stephen Strowes thanked attendees and speakers, reminding everyone to participate in session feedback and encouraging discussions on the MAT WG mailing list. The WG would reconvene at RIPE 90 in Lisbon.