Check out the new USENIX Web site. next up previous
Next: Network Mapping Up: Mapping and Visualizing the Previous: Introduction


Motivation

The initial motivation for collecting path data came out of a Highlands Forum, a meeting that discussed possible responses to future infrastructure attacks using a scenario from the Rand Corporation. It was clear that a knowledge of the Internet's topology might be useful to law enforcement when the nation's infrastructure is under attack. Internet topology could also be useful for tracking anonymous packets back to their source [2].

An openly available map could be useful to monitor the connectivity of the Internet, and would be helpful to a variety of investigators. In particular, it might be useful to know how connectivity changes before and during an attack on the Internet infrastructure.

Good ISPs already watch this kind of information in near real-time to monitor the health of their own networks, but they rarely know anything (or care much) about the status of networks that are not directly connect to theirs. No one is responsible for watching the whole Internet. Of course, given its size, the entire Internet is difficult to watch. There is a major web of interconnecting ISPs that in some sense defines the ``middle'' of the net--the most important part.

Our current attempts, using traceroute-style packets, only map outgoing paths, and only from our test host--we discuss these limitations below. Even this limited connectivity information can yield insights about who is connected to whom.

The database itself can be useful for routing studies and graph theorists looking for real-world data to work with. Since we are collecting the data daily over a long period of time, we may be able to extract interesting trends. We systematically collect data daily, building a consistent database that can be used to reconstruct routing on the Internet approximately for any day where mapping was done, at least the paths from our scanning host.

The mapping software has lent itself to another pressing problem: controlling an intranet. Software that can handle 100,000 nodes on the Internet can easily handle intranets of similar size. An intranet map can be colored to show insecure areas, business units, connections to remote offices, etc.

Our visualizations of the Internet itself have attracted wide media interest [25] [26]. Media generally visually represents the Internet by showing people staring at a web browser. Our maps give some idea of the size and complexity of the Internet.


next up previous
Next: Network Mapping Up: Mapping and Visualizing the Previous: Introduction
Hal Burch 2000-04-18