What is it about?

This paper looks into another more passive yet covert, less-studied format, termed as traffic shadowing: during transmission, packets (as a whole or data in selected fields) are sniffed and recorded by on-path observers; subsequently, they re-appear as additional, unsolicited requests when no clients are waiting for responses.

Featured Image

Why is it important?

We uncover the broad landscape of traffic shadowing against DNS, HTTP, and TLS messages. Alarmingly, data can be retained long, leveraged for multiple times, and triggers unsolicited requests from potentially abusive networks.

Perspectives

For traffic observers on the wire, we find most of them located in ISP networks. We believe ISPs should learn about the risks of traffic shadowing and establish detection mechanisms to find unknown traffic shadowing exhibitors residing in their networks. We also try to connect to network operators about our results and receive some feedback. That said, the identities and purposes behind traffic shadowing exhibitors remain largely unknown, where future efforts still needs to be done.

Yunpeng Xing
Tsinghua University

Read the Original

This page is a summary of: Yesterday Once More: Global Measurement of Internet Traffic Shadowing Behaviors, November 2024, ACM (Association for Computing Machinery),
DOI: 10.1145/3646547.3689023.
You can read the full text:

Read

Contributors

The following have contributed to this page