The unexpected responsiveness of Internet hosts
CSI 2117
Sending a packet to every address in the Internet remains feasible, helping researchers measure how reliable networks are, how densely addresses are allocated, and even how hosts move from one network to another. My focus is on reliability: being able to compare service providers and geographic regions to find reliable service. However, collecting and interpreting such "surveys" of the reachable address space relies on assumptions about such factors as how quickly addresses respond to probe packets, whether dynamic IP addresses are static in practice, and how an address, if instrumented in detail, might be representative of nearby addresses. In this talk, I describe what we found when revisiting common assumptions about how quickly many addresses respond to probes: We find that many addresses respond after a surprisingly long delay. I will then explain what causes addresses to change in practice and how providers differ. These results have implications for the security of wireless devices, the utility of "fail2ban" style address blacklists, and accountability in the Internet.