An Untold Story of Middleboxes in Cellular Networks

Similar documents

A Measurement of NAT & Firewall Characteristics in Peer to Peer Systems

Silent TCP Connection Closure for Cellular Networks

Multipath TCP in Practice (Work in Progress) Mark Handley Damon Wischik Costin Raiciu Alan Ford

Protecting Mobile Devices From TCP Flooding Attacks

TCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) Internet Protocol (IP)

How To Configure Virtual Host with Load Balancing and Health Checking

A Passive Method for Estimating End-to-End TCP Packet Loss

Cellular Data Network Infrastructure Characterization and Implication on Mobile Content Placement

TCP in Wireless Mobile Networks

Optimizing Background Sync on Smartphones

Comparison of Battery Life Performance of VoLTE Capable Devices

Mobile Computing/ Mobile Networks

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

NAT Traversal for VoIP. Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University

In the Trenches of a Globally Spanning SIP Network

STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT

Transport layer issues in ad hoc wireless networks Dmitrij Lagutin,

Managing Mobile Devices Over Cellular Data Networks

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

VoIP Impairment, Failure, and Restrictions

Digi Cellular Application Guide Using Digi Surelink

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

Efficient Transport of VoIP Firewall Control Signaling

MAUI: Dynamically Splitting Apps Between the Smartphone and Cloud

Sapphire/Slammer Worm. Code Red v2. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Why Was Slammer So Fast?

A Survey on Congestion Control Mechanisms for Performance Improvement of TCP

Network Probe. Figure 1.1 Cacti Utilization Graph

Using TrueSpeed VNF to Test TCP Throughput in a Call Center Environment

Magnet Voice Windows PC Softphone Installation

Setting up a reflector-reflector interconnection using Alkit Reflex RTP reflector/mixer

DeltaV System Health Monitoring Networking and Security

Intro to Firewalls. Summary

How To: Diagnose Poor VoIP Calls through diagnostics.

Low-rate TCP-targeted Denial of Service Attack Defense

TalkShow Advanced Network Tips

Table of Contents. Cisco Cisco VPN Client FAQ

Frequently Asked Questions

How To Identify Traffic Differentiation On Cell Phone Networks!

Simulation-Based Comparisons of Solutions for TCP Packet Reordering in Wireless Network

WHITE PAPER. Mobility Services Platform (MSP) Using MSP in Wide Area Networks (Carriers)

Carrier Grade NAT. Requirements and Challenges in the Real World. Amir Tabdili Cypress Consulting

TCP/IP Optimization for Wide Area Storage Networks. Dr. Joseph L White Juniper Networks

High-Speed TCP Performance Characterization under Various Operating Systems

Network Security 2. Module 2 Configure Network Intrusion Detection and Prevention

BLOOMBERG ANYWHERE FOR MOBILE CUSTOMERS

TamoSoft Throughput Test

kp2padm: An In-kernel Gateway Architecture for Managing P2P Traffic

TCP and Wireless Networks Classical Approaches Optimizations TCP for 2.5G/3G Systems. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

Firewalls P+S Linux Router & Firewall 2013

Monitoring Android Apps using the logcat and iperf tools. 22 May 2015

Nokia Siemens Networks Smart Labs Smart networks for smart devices

Networking for Caribbean Development

Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation

What is Eating Up Battery Life On My SmartPhone: A Case Study

Yahoo Attack. Is DDoS a Real Problem?

Network Performance Optimisation: The Technical Analytics Understood Mike Gold VP Sales, Europe, Russia and Israel Comtech EF Data May 2013

An enhanced TCP mechanism Fast-TCP in IP networks with wireless links

Requirements for Simulation and Modeling Tools. Sally Floyd NSF Workshop August 2005

athenahealth Interface Connectivity SSH Implementation Guide

Geolocating IP Addresses in Cellular Data Networks

VIA CONNECT PRO Deployment Guide

Research of TCP ssthresh Dynamical Adjustment Algorithm Based on Available Bandwidth in Mixed Networks

Visualizations and Correlations in Troubleshooting

Firewall Testing Methodology W H I T E P A P E R

ipecs Communicator Installation and Operation Guide Please read this manual carefully before operating your set. Retain it for future reference.

Network support for TCP Fast Open. Christoph Paasch

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

High-Performance Automated Trading Network Architectures

CS551 End-to-End Internet Packet Dynamics [Paxson99b]

Can you GET Me Now? Estimating the Time-to-First-Byte of HTTP Transactions with Passive Measurements

NAT and Firewall Traversal with STUN / TURN / ICE

TECHNICAL CHALLENGES OF VoIP BYPASS

Network Infrastructure Security in Cellular Data Networks: An Initial Investigation

Wireshark Developer and User Conference

D. SamKnows Methodology 20 Each deployed Whitebox performs the following tests: Primary measure(s)

Limitations on Monitored Lines

Outline. TCP connection setup/data transfer Computer Networking. TCP Reliability. Congestion sources and collapse. Congestion control basics

Top 10 Tips for z/os Network Performance Monitoring with OMEGAMON Session 11899

IBM. Vulnerability scanning and best practices

Guidance Regarding Skype and Other P2P VoIP Solutions

Skype characteristics

Tackling Bufferbloat in 3G/4G Mobile Networks

Skywire TCP Socket Examples

CSE 123: Computer Networks

Peer-to-Peer Systems and Security

Ref: A. Leon Garcia and I. Widjaja, Communication Networks, 2 nd Ed. McGraw Hill, 2006 Latest update of this lecture was on

Transcription:

An Untold Story of Middleboxes in Cellular Networks Zhaoguang Wang 1 Zhiyun Qian 1, Qiang Xu 1, Z. Morley Mao 1, Ming Zhang 2 1 University of Michigan 2 Microsoft Research

Background on cellular network Cellular Core Network Internet 2

Why carriers deploy middleboxes? Private IP Public IP Cellular Core Network Internet IP address 3

Problems with middleboxes P2P? Smartphone energy cost? Cellular Core Network Application performance? Internet Policies? 4

Challenges and solutions Policies can be complex and proprietary Design a suite of end-to-end probes Cellular carriers are diverse Publicly available client Android app Implications of policies are not obvious Conduct controlled experiments 5

Related work Internet middleboxes study [Allman, IMC 03], [Medina, IMC 04] NAT characterization and traversal STUN[MacDonald et al.], [Guha and Francis, IMC 05] Cellular network security [Serror et al., WiSe 06], [Traynor et al., Usenix Security 07] Cellular data network measurement WindRider, [Huang et al., MobiSys 10] 6

Goals Develop a tool that accurately infers the NAT and firewall policies in cellular networks Understand the impact and implications Application performance Energy consumption Network security 7

The NetPiculet measurement system NetPiculet Client NetPiculet Client Cellular Core Network Internet NetPiculet Server NetPiculet Client NetPiculet Client Policies 8

Target policies in NetPiculet Firewall NAT IP spoofing TCP connection timeout Out-of-order packet buffering NAT mapping type Endpoint filtering TCP state tracking Filtering response Packet mangling 9

Target policies in NetPiculet Firewall NAT IP spoofing TCP connection timeout Out-of-order packet buffering NAT mapping type Endpoint filtering TCP state tracking Filtering response Packet mangling 10

Key findings Some carriers allow IP spoofing Create network vulnerability Firewall Some carriers time out idle connections aggressively Drain batteries of smartphones Some firewalls buffer out-of-order packet Degrade TCP performance NAT One NAT mapping linearly increases port # with time Classified as random in previous work 11

Diverse carriers studied NetPiculet released in Jan. 2011 393 users from 107 cellular carriers in two weeks 2% 2% 9% UMTS EVDO 19% 10% 43% Europe Asia North America South America 91% 24% Australia Africa Technology Continent 12

Outline IP spoofing 1 TCP connection timeout 2 TCP out-of-order buffering 3 NAT mapping 4 13

Outline IP spoofing 1 TCP connection timeout 2 TCP out-of-order buffering 3 NAT mapping 4 14

Why allowing IP spoofing is bad? DST_IP = 10.9.9.101 Cellular Core Network SRC_IP = 10.9.9.101 Internet 10.9.9.202 10.9.9.101 15

Test whether IP spoofing is allowed NetPiculet Client 10.9.9.101 SRC_IP Cellular = 10.9.9.202 Core Network PAYLOAD = 10.9.9.101 Internet NetPiculet Server Allow IP spoofing! 16

4 out of 60 carriers allow IP spoofing IP spoofing should be disabled 7% Allow Disallow 93% 17

Outline IP spoofing 1 TCP connection timeout 2 TCP out-of-order buffering 3 NAT mapping 4 18

Why short TCP timeout timers are bad? Cellular Core Network Internet KEEP-ALIVE Terminate Idle TCP Connection 19

Measure the TCP timeout timer Time = 05 10 min NetPiculet Client Is Is alive? alive? Cellular Core Network Internet Yes! NetPiculet Server 5min 5min < Timer < < Timer 10min 20

Short timers identified in a few carriers 4 carriers set timers less than 5 minutes < 5 min 5% 5-10 min 10% 10-20 min 8% > 30 min 66% 20-30 min 11% 21

Short timers drain your batteries Assume a long-lived TCP connection, a battery of 1350mAh How much battery on keep-alive messages in one day? 20% 5 min 22

Outline IP spoofing 1 TCP connection timeout 2 TCP out-of-order buffering 3 NAT mapping 4 23

TCP out-of-order packet buffering NetPiculet Client Cellular Core Network Packet 12 34 56 Internet NetPiculet Server Buffering out-of-order packets 24

Fast Retransmit cannot be triggered Degrade TCP performance! 1 2 RTO 25

TCP performance degradation Evaluation methodology Emulate 3G environment using WiFi 400 ms RTT, loss rate 1% Longer downloading time +44% More energy consumption 26

Outline IP spoofing 1 TCP connection timeout 2 TCP out-of-order buffering 3 NAT mapping 4 27

NAT mapping is critical for NAT traversal P2P Use NAT mapping type for port prediction A NAT 1 NAT 2 B 28

What is NAT mapping type? NAT mapping type defines how the NAT assign external port to each connection 12 TCP connections NAT 29

Behavior of a new NAT mapping type Creates TCP connections to the server with random intervals Record the observed source port on server Treated as random by NOT existing random! traversal techniques Thus impossible to predict port Port prediction is feasible 30

Lessons learned IP spoofing creates security vulnerability IP spoofing should be disabled Firewall Small TCP timeout timers waste user device energy Timer should be longer than 30 minutes Out-of-order packet buffering hurts TCP performance Consider interaction with application carefully NAT One NAT mapping linearly increases port # with time Port prediction is feasible 31

Conclusion We built NetPiculet, a tool that can accurately infer NAT and firewall policies in the cellular networks NetPiculet has been wildly deployed in hundreds of carriers around the world We demonstrated the negative impact of the network policies and make improvement suggestions 32

zgw@umich.edu http://mobiperf.com 33