Is there an unsecured wireless network near you?
Discover potholes in the information super-highway with this handy new tool (which itself just hit a roadblock)
Tuesday, 24 October 2017 17:05

Are we taking the internet for granted? And by "internet" we mean the actual global networks of computers that share vast quantities of information every second by using the same basic protocols.

A long-planned security upgrade of the global domain name system planned for earlier this month was postponed because 11th-hour telemetry suggested that as much as eight per cent of public DNS servers were wrongly configured, and that the security update would boot as many as 60 million people offline. Amid all this, network engineers have been taking a closer look at the fabric of the internet itself: what other potholes lie on the surface of the information superhighway that are hampering particular protocols?

Enter PTO, standing for Path Transparency Observatory: "An open-source, public repository for measurement of path transparency and impairments on new and existing network protocols in the internet," according to its blurb. Put more simply, it's sorta like Google's satnav software Waze but for the internet in that it flags up unusual traffic patterns that affect certain network protocols. Sadly, PTO smashed into its own roadblock. The observatory's HTTPS certificate expired about a month ago and no one thought to renew it – oops:

Screenshot of the PTO website and its SSL error

Click to enlarge

PTO works by observing changes in the tangled and barely organized routes that our internet packets must negotiate and traverse. Alternations to these paths – expressed as IP addresses, prefixes or BGP numbers – are recorded along with the protocol in use at the moment, thus building a map of connections and the quality of these connections based on the protocols in use. Last month, the people behind PTO – MAMI, standing for Measurement and Architecture for a Middleboxed Internet – published some early findings [PDF] of what they had learned by using PTO combined with its PATHspider active measurement tool.

And they found, broadly, that different protocols are being impaired by different things at multiple layers in the stack around the world. Not every connection is equal: the quality of the link will depend on the protocol in use, it appears.

From their paper: "DSCP is mainly impaired by widespread network operations practice. TFO is largely unimpaired within the Internet core, but the deployment of TFO-capable servers lags, in part due to widespread access network impairment of TCP options. However, the adoption of TFO may be superseded by the deployment of QUIC, which uses UDP encapsulation to thwart on-path modifications to TCP."

What is likely to interest a broader group beyond just internet engineers and protocol geeks, however, is what the team saw with respect to ECN – or Explicit Congestion Notification – which is designed to flag up network blockages.

The team found that ECN was being impaired in some parts of the network: that's unusual given that limiting something designed to assist with congestion is counterproductive and hence quite rare. Those impairments correlated very closely with countries that censor the internet, in large part by intercepting TCP packets.

While PTO was largely designed to discover the impact of middleboxes – connection spying hardware typically used by governments and ISPs for censorship and surveillance purposes – on the internet, the ECN results could reveal pockets of deliberate traffic interference.

According to one of the team – IAB member and IETF co-chair Brian Trammell – the group will release a new lightweight version of the PTO "in the coming weeks", which should make it easier for internet engineers and sysadmins globally to gain better insights into how the internet is really functioning and where it is failing, deliberately or accidentally. ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say

Source: http://bit.ly/2zPx3hs