Abstract
ICMP active probing is the center of many network measurements. Rate limiting to ICMP traffic, if undetected, could distort measurements and create false conclusions. To settle this concern, we look systematically for ICMP rate limiting in the Internet. We create FADER, a new algorithm that can identify rate limiting from user-side traces with minimal new measurement traffic. We validate the accuracy of FADER with many different network configurations in testbed experiments and show that it almost always detects rate limiting. With this confidence, we apply our algorithm to a random sample of the whole Internet, showing that rate limiting exists but that for slow probing rates, rate-limiting is very rare. For our random sample of 40,493 /24 blocks (about 2% of the responsive space), we confirm 6 blocks (0.02%!) see rate limiting at 0.39 packets/s per block. We look at higher rates in public datasets and suggest that fall-off in responses as rates approach 1 packet/s per /24 block is consistent with rate limiting. We also show that even very slow probing (0.0001 packet/s) can encounter rate limiting of NACKs that are concentrated at a single router near the prober.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Adrian, D., Durumeric, Z., Singh, G., Halderman, J.A.: 50-second scans dataset in paper “Zippier ZMap: Internet-Wide Scanning at 10 Gbps”, obtained from David Adrian by request (2014)
Adrian, D., Durumeric, Z., Singh, G., Halderman, J.A.: Zippier ZMap: internet-wide scanning at 10 Gbps. In: USENIX Workshop on Offensive Technologies (2014)
Beverly, R.: Yarrp’ing the internet: randomized high-speed active topology discovery. In: ACM Internet Measurement Conference. ACM, November 2016
Dainotti, A., Benson, K., King, A., Claffy, K.C., Kallitsis, M., Glatz, E.: Estimating internet address space usage through passive measurements. ACM Computer Communication Review (2014)
Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: USENIX Security Symposium (2013)
Flach, T., Papageorge, P., Terzis, A., Pedrosa, L., Cheng, Y., Karim, T., Katz-Bassett, E., Govindan, R.: An internet-wide analysis of traffic policing. In: ACM SIGCOMM (2016)
Guo, H.: rejwreply: a Linux kernel patch that adds echo-reply to feedback type of iptable REJECT rule. https://ant.isi.edu/software/rejwreply/index.html
Guo, H., Heidemann, J.: Datasets in this Paper. https://ant.isi.edu/datasets/icmp/
Guo, H., Heidemann, J.: Detecting ICMP rate limiting in the Internet. Technical report ISI-TR-717, USC/Information Sciences Institute, May 2017
Heidemann, J., Pradkin, Y., Govindan, R., Papadopoulos, C., Bartlett, G., Bannister, J.: Census and survey of the visible internet. In: ACM Internet Measurement Conference (2008)
Leonard, D., Loguinov, D.: Demystifying service discovery: implementing an internet-wide scanner. In: ACM Internet Measurement Conference, November 2010
Luckie, M., Dhamdhere, A., Huffaker, B., Clark, D., Claffy, K.: bdrmap: inference of borders between IP networks. In: ACM Internet Measurement Conference (2016)
Madhyastha, H.V., Isdal, T., Piatek, M., Dixon, C., Anderson, T., Krishnamurthy, A., Venkataramani, A.: iPlane: an information plane for distributed services. In: 7th USENIX Symposium on Operating Systems Design and Implementation (2006)
Moura, G.C.M., Gañán, C., Lone, Q., Poursaied, P., Asghari, H.: How dynamic is the ISPs address space? Towards Internet-wide DHCP churn estimation. In: IFIP Networking Conference (2015)
Quan, L., Heidemann, J., Pradkin, Y.: Trinocular: understanding internet reliability through adaptive probing. In: ACM SIGCOMM (2013)
Quan, L., Heidemann, J., Pradkin, Y.: When the internet sleeps: correlating diurnal networks with external factors. In: ACM Internet Measurement Conference (2014)
Ravaioli, R., Urvoy-Keller, G., Barakat, C.: Characterizing ICMP rate limitation on routers. In: IEEE International Conference on Communications (2015)
Richter, P., Wohlfart, F., Vallina-Rodriguez, N., Allman, M., Bush, R., Feldmann, A., Kreibich, C., Weaver, N., Paxson, V.: A multi-perspective analysis of carrier-grade NAT deployment. In: ACM Internet Measurement Conference (2016)
Schulman, A., Spring, N.: Pingin’ in the rain. In: ACM Internet Measurement Conference (2011)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Guo, H., Heidemann, J. (2018). Detecting ICMP Rate Limiting in the Internet. In: Beverly, R., Smaragdakis, G., Feldmann, A. (eds) Passive and Active Measurement. PAM 2018. Lecture Notes in Computer Science(), vol 10771. Springer, Cham. https://doi.org/10.1007/978-3-319-76481-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-76481-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76480-1
Online ISBN: 978-3-319-76481-8
eBook Packages: Computer ScienceComputer Science (R0)