Netalyzr: Network Measurement as a Network Security Problem

Опубликовано 17 августа 2016, 3:26

Netalyzr, at netalyzr.net, is a widely used network measurement and debugging tool, with over 300,000 executions to date. Netalyzr is a signed Java applet coupled to a custom suite of test servers in order to detect and debug problems with DNS, NATs, hidden HTTP proxies, and other issues. Netalyzr has revealed many problems in the Internet landscape, ranging from broken NAT DNS resolvers, hidden caches and malfunctioning proxies, to deliberate ISP manipulations of DNS results, including some ISPs which used DNS to man-in-the-middle search properties like Yahoo, Google, and Bing. Although Netalyzr is a network measurement tool, writing it was a network security process, designed to detect unusual conditions by deliberately bending (or outright breaking) protocol specifications, using unintended features of Java, and a general dose of 'sneaky'. This talk discusses the design of Netalyzr, interesting cases observed during development, and highlights some of the interesting results including HTTP caches, hidden proxies, chronic overbuffering, and DNS misbehaviors, including the infrastructure behind the recently publicised ISP hijacking of search engines using DNS.