Stealth: SUBNET Parser and Tracer Middleware

[cookiengineer]

The Peerer and Router need support to correlate valid and invalid subnets for a response via Multicast; when potentially malicious packets were sent from outside the network (with UDP TTL > 1), packets need to be ignored and re-validated on whether or not their network path was correct.

The idea behind this mechanism and the upcoming Tracer Middleware is to find out efficient network paths and to build a network topology graph of IPv6 prefixes and IPv4 subnets; whereas the network graph will contain gateways and proxies in between, too.

The offline scenario would then prefer a breadth-first search algorithm on the network nodes, whereas the online / broadband scenario would prefer a depth-first search algorithm; beginning from the longest-prefix leaves (on the bottom) of the graph.

This will help to decentralize the network topology analysis mechanism, which is necessary to determine the trust level of peers inside or outside peers of the current carrier-grade NAT. If a peer was/is inside the same ISP's prefix length (e.g. a consumer grade router) AND inside the ISP's IANA-reserved range, the local Stealth instance can determine its trust level by the distance of the edges in the network topology graph.

Additionally to the network topology graph itself, its nodes have to contain the address-specific details of the organization that has reserved the specified IP range. This process starts with a DNS request to the relevant whois.*.net server (containing A and AAAA requests) followed by a WHOIS request to that specific server on port 43.

As this is a story that contains multiple tasks, these will be referenced in here at a later point in time:

• Implementation of the SUBNET Parser
• Implementation of an ICMP Packet Parser (which needs to probably support ICMPv2, v3 and v6)
• Implementation of an ICMP Connection
• Implementation of a WHOIS Packet Parser
• Implementation of a WHOIS Connection