Internet access denial by higher-tier ISPs: A nat-based solution

Abdulaziz Al-Baiz; Marwan Abu-Amara; Ashraf Mahmoud; Mohammed H. Sqalli; Farag Azzedin

doi:10.1109/CCECE.2011.6030611

Internet access denial by higher-tier ISPs: A nat-based solution

Abdulaziz Al-Baiz, Marwan Abu-Amara, Ashraf Mahmoud, Mohammed H. Sqalli, Farag Azzedin^*

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

The Internet is an interconnection of Autonomous Systems (ASes) of which many are controlled by Internet Service Providers (ISPs). ASes use Border Gateway Protocol (BGP) to communicate routing information to each other. BGP does not allow a network to control how its traffic is routed. As a result, traffic belonging to a specific network can be intentionally dropped as it is routed by BGP through a malicious ISP; a behavior we define as Internet access denial. The impact of Internet access denial, especially when performed by higher-tier ISPs, can be severe. In this paper, Network Address Translation (NAT) is used as a solution to overcome the Internet access denial problem by hiding the traffic identity. The proposed solution is scalable to fit large networks, by using pools of IP addresses across several NAT routers. Under high network load, the performance degradation of introducing NAT on the end-to-end delay and throughput is at most 0.2% and 0.3%, respectively.

Original language	English
Title of host publication	2011 Canadian Conference on Electrical and Computer Engineering, CCECE 2011
Pages	1004-1008
Number of pages	5
DOIs	https://doi.org/10.1109/CCECE.2011.6030611
State	Published - 2011

Publication series

Name	Canadian Conference on Electrical and Computer Engineering
ISSN (Print)	0840-7789

Keywords

Internet access denial
NAT
OPNET
higher-tier ISP
traffic identity hiding

ASJC Scopus subject areas

Hardware and Architecture
Electrical and Electronic Engineering

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/CCECE.2011.6030611

Cite this

@inproceedings{6e0c33528e7b4955b97ccd759e605f8e,

title = "Internet access denial by higher-tier ISPs: A nat-based solution",

abstract = "The Internet is an interconnection of Autonomous Systems (ASes) of which many are controlled by Internet Service Providers (ISPs). ASes use Border Gateway Protocol (BGP) to communicate routing information to each other. BGP does not allow a network to control how its traffic is routed. As a result, traffic belonging to a specific network can be intentionally dropped as it is routed by BGP through a malicious ISP; a behavior we define as Internet access denial. The impact of Internet access denial, especially when performed by higher-tier ISPs, can be severe. In this paper, Network Address Translation (NAT) is used as a solution to overcome the Internet access denial problem by hiding the traffic identity. The proposed solution is scalable to fit large networks, by using pools of IP addresses across several NAT routers. Under high network load, the performance degradation of introducing NAT on the end-to-end delay and throughput is at most 0.2% and 0.3%, respectively.",

keywords = "Internet access denial, NAT, OPNET, higher-tier ISP, traffic identity hiding",

author = "Abdulaziz Al-Baiz and Marwan Abu-Amara and Ashraf Mahmoud and Sqalli, {Mohammed H.} and Farag Azzedin",

year = "2011",

doi = "10.1109/CCECE.2011.6030611",

language = "English",

isbn = "9781424497898",

series = "Canadian Conference on Electrical and Computer Engineering",

pages = "1004--1008",

booktitle = "2011 Canadian Conference on Electrical and Computer Engineering, CCECE 2011",

}

Internet access denial by higher-tier ISPs: A nat-based solution. / Al-Baiz, Abdulaziz; Abu-Amara, Marwan; Mahmoud, Ashraf et al.
2011 Canadian Conference on Electrical and Computer Engineering, CCECE 2011. 2011. p. 1004-1008 6030611 (Canadian Conference on Electrical and Computer Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Internet access denial by higher-tier ISPs

T2 - A nat-based solution

AU - Al-Baiz, Abdulaziz

AU - Abu-Amara, Marwan

AU - Mahmoud, Ashraf

AU - Sqalli, Mohammed H.

AU - Azzedin, Farag

PY - 2011

Y1 - 2011

N2 - The Internet is an interconnection of Autonomous Systems (ASes) of which many are controlled by Internet Service Providers (ISPs). ASes use Border Gateway Protocol (BGP) to communicate routing information to each other. BGP does not allow a network to control how its traffic is routed. As a result, traffic belonging to a specific network can be intentionally dropped as it is routed by BGP through a malicious ISP; a behavior we define as Internet access denial. The impact of Internet access denial, especially when performed by higher-tier ISPs, can be severe. In this paper, Network Address Translation (NAT) is used as a solution to overcome the Internet access denial problem by hiding the traffic identity. The proposed solution is scalable to fit large networks, by using pools of IP addresses across several NAT routers. Under high network load, the performance degradation of introducing NAT on the end-to-end delay and throughput is at most 0.2% and 0.3%, respectively.

AB - The Internet is an interconnection of Autonomous Systems (ASes) of which many are controlled by Internet Service Providers (ISPs). ASes use Border Gateway Protocol (BGP) to communicate routing information to each other. BGP does not allow a network to control how its traffic is routed. As a result, traffic belonging to a specific network can be intentionally dropped as it is routed by BGP through a malicious ISP; a behavior we define as Internet access denial. The impact of Internet access denial, especially when performed by higher-tier ISPs, can be severe. In this paper, Network Address Translation (NAT) is used as a solution to overcome the Internet access denial problem by hiding the traffic identity. The proposed solution is scalable to fit large networks, by using pools of IP addresses across several NAT routers. Under high network load, the performance degradation of introducing NAT on the end-to-end delay and throughput is at most 0.2% and 0.3%, respectively.

KW - Internet access denial

KW - NAT

KW - OPNET

KW - higher-tier ISP

KW - traffic identity hiding

UR - http://www.scopus.com/inward/record.url?scp=80053982305&partnerID=8YFLogxK

U2 - 10.1109/CCECE.2011.6030611

DO - 10.1109/CCECE.2011.6030611

M3 - Conference contribution

AN - SCOPUS:80053982305

SN - 9781424497898

T3 - Canadian Conference on Electrical and Computer Engineering

SP - 1004

EP - 1008

BT - 2011 Canadian Conference on Electrical and Computer Engineering, CCECE 2011

ER -

Internet access denial by higher-tier ISPs: A nat-based solution

Abstract

Publication series

Keywords

ASJC Scopus subject areas

UN SDGs

Access to Document

Fingerprint

Cite this