References of "Donnet, Benoît"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailNetwork Fingerprinting: Routers under Attack
Marechal, Emeline ULiege; Donnet, Benoît ULiege

in IEEE International Workshop on Traffic Measurements for Cybersecurity (WTMC) (2020, September)

Nowadays, simple tools such as traceroute can be used by attackers to acquire topology knowledge remotely. Worse still, attackers can use a lightweight fingerprinting technique, based on traceroute and ... [more ▼]

Nowadays, simple tools such as traceroute can be used by attackers to acquire topology knowledge remotely. Worse still, attackers can use a lightweight fingerprinting technique, based on traceroute and ping, to retrieve the routers brand, and use that knowledge to launch targeted attacks. In this paper, we show that the hardware ecosystem of network operators can greatly vary from one to another, with all potential security implications it brings. Indeed, depending on the autonomous system (AS), not all brands play the same role in terms of network connectivity. An attacker could find an interest in targeting a specific hardware vendor in a particular AS, if known defects are present in this hardware, and if the AS relies heavily on it for forwarding its traffic. [less ▲]

Detailed reference viewed: 113 (4 ULiège)
Full Text
Peer Reviewed
See detailGameCode: Choose your Own Problem Solving Path
Liénardy, Simon ULiege; Donnet, Benoît ULiege

Poster (2020, August)

This abstract focuses on a CS2 course in which gamified homework exercises are provided to students instead of in-class exercise sessions. The course, provided to first-year Computer Science students ... [more ▼]

This abstract focuses on a CS2 course in which gamified homework exercises are provided to students instead of in-class exercise sessions. The course, provided to first-year Computer Science students, introduces a rigorous methodology to write programs using Loop Invariants, recursion, and basic data structures such as Files, Lists, Queues, and Stacks. In early 2020, the COVID-19 pandemic caused a lock-down in our country. The universities decided to fully switch to remote teaching. As the exercises sessions previously consisted of solving problems on a blackboard, we had to design in a hurry course materials that would cope with remote teaching. Instead of giving students yet another podcast in their course schedule, we gave them homework exercises, we called GameCode, that they could do at their own convenience. These exercises are inspired by GameBooks in which the reader can choose the path she takes to complete the story. With GameCode, students can choose their own solving path for each exercise. This can be related to gamification. [less ▲]

Detailed reference viewed: 65 (14 ULiège)
Full Text
Peer Reviewed
See detailEvaluating the Impact of Path Brokenness on TCP Options
Edeline, Korian ULiege; Donnet, Benoît ULiege

in Applied Networking Research Workshop (2020, July)

In-path network functions enforcing policies like firewalls, IDSes, NATs, and TCP enhancing proxies are ubiquitous. They are deployed in various types of networks and bring obvious value to the Internet ... [more ▼]

In-path network functions enforcing policies like firewalls, IDSes, NATs, and TCP enhancing proxies are ubiquitous. They are deployed in various types of networks and bring obvious value to the Internet. Unfortunately, they also break important architectural principles and, consequently, make the Internet less flexible by preventing the use of advanced protocols, features, or options. In some scenarios, feature-disabling middlebox policies can lead to a performance shortfall. Moreover, middleboxes are also prone to enforce policies that disrupt transport control mechanisms, which can also have direct consequences in term of Quality-of-Service (QoS). In this paper, we investigate the impact of the most prevalent in-path impairments on the TCP protocol and its features. Using network experiments in a controlled environment, we quantify the QoS decreases and shortfall induced by feature-breaking middleboxes, and show that even in the presence of a fallback mechanism, TCP QoS remains affected. [less ▲]

Detailed reference viewed: 50 (5 ULiège)
Full Text
Peer Reviewed
See detailLet There Be Light: Revealing Hidden MPLS Tunnels with TNT
Luttringer, Jean-Romain; Vanaubel, Yves ULiege; Mérindol, Pascal et al

in IEEE Transactions on Network and Service Management (2020), 17(2), 1239-1253

Internet topology discovery aims at analyzing one of the most complex distributed systems currently deployed. Usually, it relies on measurement campaigns using hop-limited probes sent with traceroute ... [more ▼]

Internet topology discovery aims at analyzing one of the most complex distributed systems currently deployed. Usually, it relies on measurement campaigns using hop-limited probes sent with traceroute. However, this probing tool comes with several limits. In particular, some MPLS clouds might obfuscate collected traces. The resulting Internet maps, their inferred properties, and the graph models are thus incomplete and inaccurate. In this paper, we introduce TNT (Trace the Naughty Tunnels), an extension to Paris traceroute for revealing, or at least detect, all MPLS tunnels along a path. First, along with traceroute and ping probes, TNT looks for hints indicating the presence of hidden tunnels. Those hints are peculiar patterns in the resulting output, e.g., significant TTL shifts or duplicate IP addresses. Second, if those hints trigger alarms, TNT launches additional dedicated probing for possibly revealing hidden tunnels. We use GNS3 to reproduce, verify, and understand the limits and capabilities of TNT in a controlled environment. We also calibrate the thresholds at which alarms are triggered through a dedicated measurement campaign. Finally, we deploy TNT on the Archipelago platform and provide a quantified classification of MPLS configurations. All our results, including the data, the code, and the GNS3 experiments, are fully and publicly available. [less ▲]

Detailed reference viewed: 52 (5 ULiège)
Full Text
Peer Reviewed
See detailVirtual Insanity: Linear Subnet Discovery
Grailet, Jean-François ULiege; Donnet, Benoît ULiege

in IEEE Transactions on Network and Service Management (2020), 17(2), 1268-1281

Over the past two decades, the research community has developed many approaches to study the Internet topology. In particular, starting from 2007, various tools explored the inference of subnets, i.e ... [more ▼]

Over the past two decades, the research community has developed many approaches to study the Internet topology. In particular, starting from 2007, various tools explored the inference of subnets, i.e., sets of devices located on the same connection medium which can communicate directly with each other at the link layer. In this paper, we first discuss how today's traffic engineering policies increase the difficulty of subnet inference. We carefully characterize typical difficulties and quantify them in the wild. Next, we introduce WISE (Wide and lInear Subnet inferencE), a new tool which tackles those difficulties and discovers, in a linear time, large networks subnets. Based on two ground truth networks, we demonstrate that WISE outperforms state-of-the-art tools. Then, through large-scale measurements, we show that the selection of a vantage point with WISE has a marginal effect regarding accuracy. Finally, we discuss how subnets can be used to infer neighborhoods (i.e., aggregates of subnets located at most one hop from each other). We discuss how these neighborhoods can lead to bipartite models of the Internet and present validation results and an evaluation of neighborhoods in the wild, using WISE. Both our code and data are freely available. [less ▲]

Detailed reference viewed: 75 (12 ULiège)
Full Text
Peer Reviewed
See detailCAFE: Automatic Correction and Feedback of Programming Challenges for a CS1 Course
Liénardy, Simon ULiege; Leduc, Laurent ULiege; Verpoorten, Dominique ULiege et al

in ACM 22nd Australasian Computing Education Conference (ACE) (2020, February)

This paper introduces CAFE (``Correction Automatique et Feedback des Etudiants''), an on-line platform designed to assess and deliver automatic feedback and feedforward information to CS1 students, both ... [more ▼]

This paper introduces CAFE (``Correction Automatique et Feedback des Etudiants''), an on-line platform designed to assess and deliver automatic feedback and feedforward information to CS1 students, both on process and products of series of programming exercises, targeting especially an informal Loop Invariant for building the code. The paper reports on the first trials of CAFE with a group of 80 students. Results show that CAFE is used, usable, and appreciated by students. [less ▲]

Detailed reference viewed: 167 (33 ULiège)
Full Text
Peer Reviewed
See detailImplementation of IPv6 IOAM in Linux Kernel
Iurman, Justin ULiege; Donnet, Benoît ULiege; Brockners, Frank

in Netdev 0x14 (2020)

In-situ Operations, Administration and Maintenance (IOAM) is currently under standardization at the IETF. It allows for collecting telemetry and operational information along a path, within packets, as ... [more ▼]

In-situ Operations, Administration and Maintenance (IOAM) is currently under standardization at the IETF. It allows for collecting telemetry and operational information along a path, within packets, as part of an existing (possibly additional) header. This paper discusses the very first implementation of IOAM for the Linux kernel with IPv6 as encapsulation protocol. We also evaluate our implementation, available as open source, under a controlled environment. [less ▲]

Detailed reference viewed: 56 (16 ULiège)
Full Text
Peer Reviewed
See detailAll that Glitters is not Bitcoin - Unveiling the Centralized Nature of the BTC (IP) Network
Ben Mariem, Sami ULiege; Casas, Pedro; Romiti, Matteo et al

in IEEE/IFIP Network Operations and Management Symposium (NOMS) (2020)

Blockchains are typically managed by peer-to-peer (P2P) networks providing the support and substrate to the so-called distributed ledger (DLT), a replicated, shared, and synchronized data structure ... [more ▼]

Blockchains are typically managed by peer-to-peer (P2P) networks providing the support and substrate to the so-called distributed ledger (DLT), a replicated, shared, and synchronized data structure, geographically spread across multiple nodes. The Bitcoin (BTC) blockchain is by far the most well-known DLT, used to record transactions among peers, based on the BTC digital currency. In this paper we focus on the network side of the BTC P2P network, analyzing its nodes from a purely network measurements-based approach. We present a BTC crawler able to discover and track the BTC P2P network through active measurements, and use it to analyze its main properties. Through the combined analysis of multiple snapshots of the BTC network as well as by using other publicly available data sources on the BTC network and DLT, we unveil the BTC P2P network, locate its active nodes, study their performance, and track the evolution of the network over the past two years. Among other relevant findings, we show that (i) the size of the BTC network has remained almost constant during the last 12 months -- since the major BTC price drop in early 2018, (ii) most of the BTC P2P network resides in US and EU countries, and (iii) despite this western network locality, most of the mining activity and corresponding revenue is controlled by major mining pools located in China. By additionally analyzing the distribution of BTC coins among independent BTC entities (i.e., single BTC addresses or groups of BTC addresses controlled by the same actor), we also conclude that (iv) BTC is very far from being the decentralized and uncontrolled system it is so much advertised to be, with only 4.5% of all the BTC entities holding about 85% of all circulating BTC coins [less ▲]

Detailed reference viewed: 121 (25 ULiège)
Full Text
Peer Reviewed
See detailmmb: Flexible High-Speed Userspace Middleboxes
Edeline, Korian ULiege; Iurman, Justin ULiege; Soldani, Cyril ULiege et al

in Applied Networking Research Workshop (2019, July)

Nowadays, Internet actors have to deal with a strong increase in Internet traffic at many levels. One of their main challenge is building high-speed and efficient networking solutions. In such a context ... [more ▼]

Nowadays, Internet actors have to deal with a strong increase in Internet traffic at many levels. One of their main challenge is building high-speed and efficient networking solutions. In such a context, kernel-bypass I/O frameworks have become their preferred answer to the increasing bandwidth demands. Many works have been achieved, so far, all of them claiming to have succeeded in reaching line-rate for traffic forwarding. However, this claim does not hold for more complex packet processing. In addition, all those solutions share common drawbacks on either deployment flexibility or configurability and user-friendliness. This is exactly what we tackle in this paper by introducing mmb, a VPP middlebox plugin that allows, through an intuitive command-line interface, to easily build stateless and stateful classification and rewriting middleboxes. mmb makes a careful use of instruction caching and memory prefetching, in addition to other techniques used by other high-performance I/O frameworks. We compare mmb performance with other middlebox solutions, such as kernel-bypass framework and kernel-level optimized approach, for enforcing middleboxes policies (firewall, NAT, transport-level engineering). We demonstrate that mmb performs, generally, better than existing solutions, sustaining a line-rate processing while performing large numbers of complex policies [less ▲]

Detailed reference viewed: 59 (21 ULiège)
Full Text
Peer Reviewed
See detailRevisiting Subnet Inference WISE-ly
Grailet, Jean-François ULiege; Donnet, Benoît ULiege

in TMA 2019 - Proceedings of the 3rd Network Traffic Measurement and Analysis Conference (2019, June 19)

Since the late 90’s, the Internet topology discovery has been an attractive and important research topic, leading, among others, to multiple probing and data analysis tools developed by the research ... [more ▼]

Since the late 90’s, the Internet topology discovery has been an attractive and important research topic, leading, among others, to multiple probing and data analysis tools developed by the research community. This paper looks at the particular problem of discovering subnets (i.e., a set of devices that are located on the same connection medium and that can communicate directly with each other at the link layer). In this paper, we first show that the use of traffic engineering policies may increase the difficulty of subnet inference. We carefully characterize those difficulties and quantify their prevalence in the wild. Next, we introduce WISE (Wide and lInear Subnet inferencE), a novel tool for subnet inference designed to deal with those issues and able to discover subnets on wide ranges of IP addresses in a linear time. Using two groundtruth networks, we demonstrate that WISE performs better than state-of-the-art tools while being competitive in terms of subnet accuracy. We also show, through large-scale measurements, that the selection of vantage point with WISE does not matter in terms of subnet accuracy. Finally, all our code (WISE, data processing, results plotting) and collected data are freely available. [less ▲]

Detailed reference viewed: 72 (24 ULiège)
Full Text
Peer Reviewed
See detailHic Sunt Proxies: Unveiling Proxy Phenomena in Mobile Networks
Zullo, Raffaele; Pescapé, Antonio; Edeline, Korian ULiege et al

in IEEE/IFIP Workshop on Mobile Network Measurement (MNM) (2019, June)

Over the years middleboxes have established themselves as a solution to a wide range of networking issues, progressively changing network landscape and turning the end-to-end principle into a reminder of ... [more ▼]

Over the years middleboxes have established themselves as a solution to a wide range of networking issues, progressively changing network landscape and turning the end-to-end principle into a reminder of an Arcadian age of the Internet. Among them, proxies have found breeding ground especially in mobile networks that, moreover, have become the most popular way to access the Internet. In this paper, we present Mobile Tracebox, an Android measurement tool, and describe how its methodology, coping with the lack of privileges of mobile devices, can not only detect proxies but also characterize different facets, from their transport layer behavior to their location inside the network. Data collected from a crowdsourced deployment over more than 90 carriers and 350 Wi-Fi networks contributes to describe the potential of the tool and to draw a panorama of proxies across mobile networks. Our study confirms their prevalence and reveals that their scope is not limited to HTTP but can include several TCP services and even non standard ports. We detail the different implementations observed and delve into specific aspects of their configuration, like the initial Receive Window, the Window Scale factor or the set of Options supported, to understand how proxies can affect performance or obstruct extensions. Finally, we focus on fingerprinting and attempt to draw a dividing line between packet modifications performed by proxies and those performed by other classes of middleboxes. [less ▲]

Detailed reference viewed: 51 (9 ULiège)
Full Text
Peer Reviewed
See detailTNT, Watch me Explode: A Light in the Dark for Revealing MPLS Tunnels
Vanaubel, Yves ULiege; Luttringer, Jean-Romain; Mérindol, Pascal et al

in TMA 2019 - Proceedings of the 3rd Network Traffic Measurement and Analysis Conference (2019, June)

Internet topology discovery aims at analyzing one of the most complex distributed system currently deployed. Usually, it relies on measurement campaigns using hop-limited probes sent with traceroute ... [more ▼]

Internet topology discovery aims at analyzing one of the most complex distributed system currently deployed. Usually, it relies on measurement campaigns using hop-limited probes sent with traceroute. However, this probing tool comes with several limits. In particular, some MPLS clouds might obfuscate collected traces. Thus, the resulting Internet maps, the inferred properties, and the graph models are incomplete and inaccurate. In this paper, we introduce TNT (Trace the Naughty Tunnels), an extension to Paris traceroute for revealing, or at least detect, all MPLS tunnels along a path. First, along with traceroute and ping probes, TNTlooks for hints indicating the presence of hidden tunnels. Those hints are peculiar patterns in the resulting output, e.g., significant TTL shifts or duplicate IP addresses. Second, if those hints trigger alarms, TNT launches additional dedicated probing for possibly revealing hidden tunnels. We use GNS3 to reproduce, verify, and understand the limits and capabilities of TNT in a controlled environment. We also calibrate the thresholds at which alarms are triggered through a dedicated measurement campaign. Finally, we deploy TNT on the Archipelago platform and provide a quantified classification of MPLS usage. All our results, including the data, the code, and the emulation configurations, are fully and publicly available [less ▲]

Detailed reference viewed: 52 (7 ULiège)
Full Text
Peer Reviewed
See detailA Bottom-Up Investigation of the Transport-Layer Ossification
Edeline, Korian ULiege; Donnet, Benoît ULiege

in Network Traffic Measurement and Analysis (TMA) Conference 2019 (2019, June)

Recent years have seen the rise of middleboxes, such as NATs, firewalls, or TCP accelerators. Those middleboxes play an important role in today's Internet, and are now extensively deployed in various ... [more ▼]

Recent years have seen the rise of middleboxes, such as NATs, firewalls, or TCP accelerators. Those middleboxes play an important role in today's Internet, and are now extensively deployed in various networks including corporate networks, Tier-1 ASes, cellular networks, and WiFi hot-spots. Unfortunately, despite the added value that they bring to networks, they radically change the transport paradigm from the legacy end-to-end principle, and drive increasing complexity in the path. The consequences of these changes are a wide variety of simple to subtle impairments to protocols and features, that in turn lead to the ossification of the network infrastructure. While the latter is now a well-known problem, its causes are not that much understood. To fill this gap, we provide a more detailed explanation of the factors of the transport-level ossification, and we give insights on their prevalence in the wild. We extract path conditions by processing a large collection of observations of middlebox in-path packet manipulations, and we categorize the observed transport impairments based on the complications that they engender. We show that more than one third of network paths are crossing at least one middlebox, and a substantial percentage are affected by feature or protocol-breaking policies. Finally, we show that the majority of the devices that implements them are located in edge networks. [less ▲]

Detailed reference viewed: 108 (41 ULiège)
Full Text
See detailmmb: Flexible High-Speed Userspace Middleboxes
Edeline, Korian ULiege; Iurman, Justin ULiege; Soldani, Cyril ULiege et al

Report (2019)

Detailed reference viewed: 51 (5 ULiège)
Full Text
See detailTNT, Watch me Explode: A Light in the Dark for Revealing MPLS Tunnels
Vanaubel, Yves ULiege; Luttringer, Jean-Romain; Mérindol, Pascal et al

Report (2019)

Internet topology discovery has been a recurrent research topic for nearly 20 years now. Usually, it works by sending hop-limited probes (i.e., traceroute) towards a set of destinations to collect ... [more ▼]

Internet topology discovery has been a recurrent research topic for nearly 20 years now. Usually, it works by sending hop-limited probes (i.e., traceroute) towards a set of destinations to collect topological data in order to infer the Internet topology at a given scale (e.g., at the router or the AS level). However, traceroute comes with multiple limitations, in particular with layer-2 clouds such as MPLS that might hide their content to traceroute exploration. Thus, the resulting Internet topology data and models are incomplete and inaccurate. In this paper, we introduce TNT (Trace the Naughty Tunnels), an extension to Paris traceroute for revealing most (if not all) MPLS tunnels along a path. TNT works in two basic stages. First, along with traceroute probes, it looks for evidences of the potential presence of hidden tunnels. Those evidences are surprising patterns in the traceroute output, e.g., abrupt and significant TTL shifts. Second, if alarms are triggered due to the presence of such evidences, TNT launches additional and dedicated probing for possibly revealing the content of the hidden tunnel. We validate TNT through emulation with GNS3 and tune its parameters through a dedicated measurement campaign. We also largely deploy TNT on the Archipelago platform and provide a quantification of tunnels, updating so the state of the art vision of MPLS tunnels. Finally, TNT and its validation platform are fully and publicly available, as well as the collected data and scripts used for processing data. [less ▲]

Detailed reference viewed: 42 (7 ULiège)
Full Text
See detailGraphical Loop Invariant Programming in CS1
Liénardy, Simon ULiege; Malcev, Lev ULiege; Donnet, Benoît ULiege

Conference (2019)

This paper introduces the use of Graphical Loop Invariant as a programming methodology in a CS1 course, in which the Loop Invariant is determined prior to writing the code and is meant as a help to find ... [more ▼]

This paper introduces the use of Graphical Loop Invariant as a programming methodology in a CS1 course, in which the Loop Invariant is determined prior to writing the code and is meant as a help to find the loop instructions. This paper also introduces two learning tools: GLI, an application helping students to draw Loop Invariant and CAFÉ, an on-line platform designed to assess and deliver automatic feedback and feedforward information to students, in particular on their Loop Invariants and the pieces of code based upon them. The paper reports preliminary evaluation on Café usage. [less ▲]

Detailed reference viewed: 71 (16 ULiège)
Full Text
Peer Reviewed
See detailVivisecting Blockchain P2P Networks: Unveiling the Bitcoin IP Network
Ben Mariem, Sami ULiege; Casas, Pedro; Donnet, Benoît ULiege

in ACM CoNEXT Student Workshop (2018, December)

Blockchains are typically managed by peer-to-peer (P2P) networks, which provide the support and substrate to the so-called distributed ledger (DLT), a replicated, shared, and synchronized data structure ... [more ▼]

Blockchains are typically managed by peer-to-peer (P2P) networks, which provide the support and substrate to the so-called distributed ledger (DLT), a replicated, shared, and synchronized data structure, geographically spread across multiple nodes. The Bitcoin (BTC) blockchain is by far the most well-known DLT, used to record transactions among peers, based on the BTC digital currency. In this paper we focus on the network side of blockchain P2P networks, characterizing their topology and main properties from a purely network measurements-based approach. We present a BTC crawler able to discover and track all the active nodes of the BTC P2P network through active measurements, and use it to analyze its main properties. We additionally discuss a passive measurements-based approach to reconstruct the topology of a blockchain P2P network, which can unveil the most important nodes of the blockchain, namely the miners. [less ▲]

Detailed reference viewed: 385 (52 ULiège)
Full Text
Peer Reviewed
See detailImplementation of LISP/MN under ns-3
Li, Yue; Iannone, Luigi; Agbodjan, Lionel et al

Poster (2018, June)

The Locator/Identifier Separation Protocol (LISP), due to its map-and-encap approach, can bring benefits to mobility. LISP Mobile Node (LISP-MN) is based on the basic LISP functionality to provide the ... [more ▼]

The Locator/Identifier Separation Protocol (LISP), due to its map-and-encap approach, can bring benefits to mobility. LISP Mobile Node (LISP-MN) is based on the basic LISP functionality to provide the terminal mobility across networks. Assessing the LISP mobility and improving its performance are of paramount importance. However, there exist no open source simulator supporting LISP. Thus, we fill this gap by implementing the basic LISP function as well as LISP-MN on ns-3. In this paper, we describe how these implementations are realized in details. [less ▲]

Detailed reference viewed: 60 (11 ULiège)
Full Text
Peer Reviewed
See detailCAFE: an automatic and on-line learning system to guide freshmen towards the meeting of Higher Education requirements
Liénardy, Simon ULiege; Leduc, Laurent ULiege; Donnet, Benoît ULiege

Conference (2018, June)

This communication focuses on CAFE, an original Assessment for Learning based, automatic and on-line learning system. One of CAFE key point is to help students to work on a regular basis on problems with ... [more ▼]

This communication focuses on CAFE, an original Assessment for Learning based, automatic and on-line learning system. One of CAFE key point is to help students to work on a regular basis on problems with increasing difficulties and cumulative expected learning outcomes. Further, CAFE provides a high quality and automatic feedback to students. [less ▲]

Detailed reference viewed: 113 (37 ULiège)