More Like this

1. Wrinkles in Time: Detecting Internet-wide Events via NTP

   https://doi.org/10.23919/IFIPNetworking.2018.8696566  

   Syamkumar, Meenakshi; Mani, Sathiya Kumaran; Durairajan, Ramakrishnan; Barford, Paul; Sommers, Joel (May 2018, IFIP Networking Conference (IFIP Networking) and Workshops)

   Understanding the nature and characteristics of Internet events such as route changes and outages can serve as the starting point for improvements in network configurations, management and monitoring practices. However, the scale, diversity, and dynamics of network infrastructure makes event detection and analysis challenging. In this paper, we describe a new approach to Internet event measurement, identification and analysis that provides a broad and detailed perspective without the need for new or dedicated infrastructure or additional network traffic. Our approach is based on analyzing data that is readily available from Network Time Protocol (NTP) servers. NTP is one of the few on-by-default services on clients, thus NTP servers have a broad perspective on Internet behavior. We develop a tool for analyzing NTP traces called Tezzeract, which applies Robust Principal Components Analysis to detect Internet events. We demonstrate Tezzeract’s efficacy by conducting controlled experiments and by applying it to data collected over a period of 3 months from 19 NTP servers. We also compare and contrast Tezzeract’s perspective with reported outages and events identified through active probing. We find that while there is commonality across methods, NTP-based monitoring provides a unique perspective that complements prior methods. 

   more » « less
2. Deep Dive into NTP Pool's Popularity and Mapping

   https://doi.org/10.1145/3652963.3655051  

   Moura, Giovane_C M; Davids, Marco; Schutijser, Caspar; Hesselman, Cristian; Heidemann, John; Smaragdakis, Georgios (June 2024, ACM)

   Time synchronization is of paramount importance on the Internet, with the Network Time Protocol (NTP) serving as the primary synchronization protocol. The NTP Pool, a volunteer-driven initiative launched two decades ago, facilitates connections between clients and NTP servers. Our analysis of root DNS queries reveals that the NTP Pool has consistently been the most popular time service. We further investigate the DNS component (GeoDNS) of the NTP Pool, which is responsible for mapping clients to servers. Our findings indicate that the current algorithm is heavily skewed, leading to the emergence of time monopolies for entire countries. For instance, clients in the US are served by 551 NTP servers, while clients in Cameroon and Nigeria are served by only one and two servers, respectively, out of the 4k+ servers available in the NTP Pool. We examine the underlying assumption behind GeoDNS for these mappings and discover that time servers located far away can still provide accurate clock time information to clients. We have shared our findings with the NTP Pool operators, who acknowledge them and plan to revise their algorithm to enhance security. 

   more » « less
3. TimeWeaver: Opportunistic One Way Delay Measurement Via NTP

   https://doi.org/10.1109/ITC30.2018.00036  

   Durairajan, Ramakrishnan; Mani, Sathiya Kumaran; Barford, Paul; Nowak, Robert; Sommers, Joel (September 2018, 30th International Teletraffic Congress (ITC 30))

   One-way delay (OWD) between end hosts has important implications for Internet applications, protocols, and measurement-based analyses. We describe a new approach for identifying OWDs via passive measurement of Network Time Protocol (NTP) traffic. NTP traffic offers the opportunity to measure OWDs accurately and continuously from hosts throughout the Internet. Based on detailed examination of NTP implementations and in-situ behavior, we develop an analysis tool that we call TimeWeaver, which enables assessment of precision and accuracy of OWD measurements from NTP. We apply TimeWeaver to a ∼1TB corpus of NTP traffic collected from 19 servers located in the US and report on the characteristics of hosts and their associated OWDs, which we classify in a precision/accuracy hierarchy. To demonstrate the utility of these measurements, we apply iterative hard-threshold singular value decomposition to estimate the missing OWDs between arbitrary hosts from the highest tier in the hierarchy. We show that this approach results in highly accurate estimates of missing OWDs, with average error rates on the order of less than 2%. 

   more » « less
4. Durbin: Internet Outage Detection with Adaptive Passive Analysis

   Enayet, Asma; Heidemann, John (November 2024, arxiv)

   Measuring Internet outages is important to allow ISPs to improve their services, users to choose providers by reliability, and governments to understand the reliability of their infrastructure. Today's active outage detection provides good accuracy with tight temporal and spatial precision (around 10 minutes and IPv4 /24 blocks), but cannot see behind firewalls or into IPv6. Systems using passive methods can see behind firewalls, but usually, relax spatial or temporal precision, reporting on whole countries or ASes at 5 minute precision, or /24 IPv4 blocks with 25 minute precision. We propose Durbin, a new approach to passive outage detection that \emph{adapts spatial and temporal precision} to each network they study, thus providing good accuracy and wide coverage with the best possible spatial and temporal precision. Durbin observes data from Internet services or network telescopes. Durbin studies /24 blocks to provide fine spatial precision, and we show it provides good accuracy even for short outages (5 minutes) in 600k blocks with frequent data sources. To retain accuracy for the 400k blocks with less activity, Durbin uses a coarser temporal precision of 25 minutes. Including short outages is important: omitting short outages underestimates overall outage duration by 15\%, because 5\% of all blocks have at least one short outage. Finally, passive data allows Durbin to report this results for outage detection in IPv6 for 15k /48 blocks. Durbin's use of per-block adaptivity is the key to providing good accuracy and broad coverage across a diverse Internet. 

   more » « less
5. Internet Censorship and Economic Impacts: A Case Study of Internet Outages in India

   Raveendran, N; Leberknight, C (January 2018, 24th AMCIS 2018 Proceedings)

   The objective of this research paper is to provide a methodology for measuring the financial impacts of Internet outages. The financial impacts are measured against a Nation’s Gross Domestic Product (GDP) for several states in India to project the aftermath of Internet outage episodes. In addition historical trends are analyzed to help derive predictive logic for Internet outages in order to forecast Internet shutdown incidents based on antecedent events. Results demonstrate the proposed method for determining economic loss highlights several factors and may at times be influenced by the frequency of events compared to overall size of GDP. In addition, historical trend analysis of Internet outages suggests that a predictive model to forecast future outages can help reveal underlying policies toward Internet censorship. 

   more » « less