Large-scale Measurements to Assess the Impact of Middleboxes on the Internet’s Reliability

Abstract

The fundamental design principle that shaped the architecture of the early Internet, namely the end-to-end argument, has been undermined by the expansion and the resulting complexity of more developed stages of the Internet. The middle fabric of today’s Internet underwent numerous stages of development which offered tangible improvements to the Internet’s usability and reliability despite violating the cherished design principle. In tandem with this development, researchers have extensively studied middleboxes—a core element to the middle fabric. Nevertheless, with the continuous growth and complexity of this part of the Internet, under-explored research avenues emerge. In this dissertation, I present a series of large-scale Internet measurements that reveal how middleboxes, while integral to the successful expansion of the Internet, can compromise its reliability. First, I examine the role that nation-state censorship middleboxes can play in launching unprecedented TCP reflected amplification attacks that can produce virtually inexhaustible amplification rendering Denial of Service (DoS) attacks more powerful than ever presumed. Second, I investigate how network misconfigurations can cause persistent routing loops that can be abused to launch DoS attacks, and show that contrary to the common belief, middleboxes, not exclusively routers or managed switches, can cause this faulty behavior. Third, I study the censorship of circumvention proxies that affects millions of Internet users in Iran, and present evidence that challenges an established notion of censorship monolithism in Iran. Indeed, this diversity of censorship deployments complicates the circumvention landscape, requiring ISP-specific circumvention strategies to individually combat heterogeneous censorship middleboxes. Finally, I present measurements that demonstrates how the performance of on-path censorship middleboxes can be degraded without impacting the underlying network, thereby highlighting the significant risks from degraded Internet connectivity had these middleboxes been deployed in-path. Through these large-scale measurements, this dissertation argues that the evolving complexity of middleboxes introduces both new challenges and opportunities for improving the Internet’s reliability.