Flooding Attacks By Exploiting Permanent Forwarding Loops


1. Coarse Prefixes extracted from routing tables at Route View Projects,

2. Try to avoid to traceroute the following IP blocks.

3. Finegrained prefixes used in our paper.

4. Trace set DA for detecting forwarding loops.

5. Trace set DB for identifying permanent forwarding loops.

6. Trace set DC for exploring forwarding behaviors on multiple IP addresses in shadowed prefixes.

7. Trace set DD1 , DD2 , DD3 , DD4  for exploring forwarding behaviors from various viewpoints.


Routable Prefixes  (summary) (169357 prefixes)

Fine-grained Prefixes (summary) (5360480 prefixes)

Traced Prefixes (summary) (5238191 prefixes)

Candidate Prefixes (summary) (prefixes)

Among 10% of candidate prefixes, 

Shadowed Prefixes (summary) (10569 prefixes)  

Dark Prefixes (summary) (596 prefixes)

Persistent Forwarding Loops 

Imperiled Prefixes (summary) (10828 prefixes)

algorithm on identifying imperiled addresses:
    1: get the set of links in persistent forwarding loops
    2: examine traces for each address $d$ in data DA.  If the trace to $d$ contains any link in persistent forwarding loops, and the following conditions are satisfied:
            a): trace ends a valid address. (that means no "*", "!" in the last hop)
            b): trace does not contain any forwarding loops
            c): trace ends the address $d$
            d): $d$ is not an infrastructure address in persistent forwarding loops
    3: Any fine-grained prefix that contains imperiled address is an imperiled prefix