ACM Internet Measurement Conference (IMC) – Paper accepted
New paper “Destination Reachable: What ICMPv6 Error Messages Reveal About Their Sources” by Florian Holzbauer, researcher at SBA Research, was accepted to the ACM Internet Measurement Conference happening in Madrid in November 2024.
© Niklas Schnaubelt
Title of the paper
Destination Reachable: What ICMPv6 Error Messages Reveal About Their Sources
Authors
Florian Holzbauer, Markus Maier, Johanna Ullrich
Abstract
The probability of hitting an active IPv6 address by chance is virtually zero; instead, it appears more promising to analyze ICMPv6 error messages that are returned in case of an undeliverable packet. In this paper, we investigate the implementation of ICMPv6 error messages by different router vendors, whether a remote network’s deployment status might be inferred from them, and analyze ICMPv6 error messaging behavior of routers in the IPv6 Internet. We find that Address Unreachable with a delay of more than a second indicates active networks, whereas Time Exceeded, Reject Route and Address Unreachable with short delays pinpoint inactive networks. Furthermore, we found that ICMPv6 rate-limiting implementations, used to protect routers, allow the fingerprinting of vendors and OS-versions. This enabled us to detect more than a million periphery routers relying on Linux kernels from 2018 (or before); these kernels have reached end of life (EOL) and no longer receive security updates.