![[ANT logo]](../../images/logos/ant_logo_1_128px.png){kind=logo}
ICMP Rate Limiting
This web page documents our datasets related to ICMP Rate Limiting. Rate Limiting is a facility provided in all routers to allow network administrators to control access to their networks. In most routers, rate limiting can be configured in several ways. Administrators may do traffic policing, limiting inbound ICMP (or TCP or UDP) to prevent Denial-of-Service (DoS) attacks against internal networks. Routers also often rate- limit generate of ICMP error messages (ICMP types 3 and 11, called here ICMP NACKs) to prevent use of the router to attack others (an attacker generate a stream ICMP NACK-generating traffic, spoofing a victim’s address to amplify the attack’s effects)
Detecting ICMP Rate Limiting in the Internet
Our first tech report [1] describes methods we developed for detecting ICMP rate limiting and discusses ICMP rate limitings found in real-world.
- Hang Guo and John Heidemann 2017. Detecting ICMP Rate Limiting in the Internet (extended). Technical Report ISI-TR-717. USC/Information Sciences Institute. [PDF] Details
We list all datatasets used in the tech report below (and in Table 1 of the paper). Datasets are available upon request.
Datasets:
- internet_address_census_it71w-20160803
- internet_address_survey_reprobing_it71w-20160803
- internet_address_census_it70w-20160602
- internet_address_survey_reprobing_it70w-20160602
- internet_address_census_it56j-20130917
- internet_address_census_it57j-20131127
- internet_address_census_it58j-20140122
Datatset Format
See address_surveys/format.html for Data format for Internet Census and Survey datasets.
Getting This Data
For data listed above, see our datasets request page for details about how to get these datasets.