Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

QUIC Hunter: Finding QUIC Deployments and Identifying Server Libraries Across the Internet

Johannes Zirngibl, Florian Gebauer, Patrick Sattler, Markus Sosnowski, Georg Carle

TL;DR

This work improved the detection rate of QUIC scans to find more deployments and provides an approach to effectively identify QUIC server libraries based on CONNECTION CLOSE frames and transport parameter orders, and provides a comprehensive view of the landscape of competing QUIC libraries.

Abstract

The diversity of QUIC implementations poses challenges for Internet measurements and the analysis of the QUIC ecosystem. While all implementations follow the same specification and there is general interoperability, differences in performance, functionality, but also security (e.g., due to bugs) can be expected. Therefore, knowledge about the implementation of an endpoint on the Internet can help researchers, operators, and users to better analyze connections, performance, and security. In this work, we improved the detection rate of QUIC scans to find more deployments and provide an approach to effectively identify QUIC server libraries based on CONNECTION CLOSE frames and transport parameter orders. We performed Internet-wide scans and identified at least one deployment for 18 QUIC libraries. In total, we can identify the libraries with 8.0 M IPv4 and 2.5 M IPv6 addresses. We provide a comprehensive view of the landscape of competing QUIC libraries.

QUIC Hunter: Finding QUIC Deployments and Identifying Server Libraries Across the Internet

TL;DR

This work improved the detection rate of QUIC scans to find more deployments and provides an approach to effectively identify QUIC server libraries based on CONNECTION CLOSE frames and transport parameter orders, and provides a comprehensive view of the landscape of competing QUIC libraries.

Abstract

The diversity of QUIC implementations poses challenges for Internet measurements and the analysis of the QUIC ecosystem. While all implementations follow the same specification and there is general interoperability, differences in performance, functionality, but also security (e.g., due to bugs) can be expected. Therefore, knowledge about the implementation of an endpoint on the Internet can help researchers, operators, and users to better analyze connections, performance, and security. In this work, we improved the detection rate of QUIC scans to find more deployments and provide an approach to effectively identify QUIC server libraries based on CONNECTION CLOSE frames and transport parameter orders. We performed Internet-wide scans and identified at least one deployment for 18 QUIC libraries. In total, we can identify the libraries with 8.0 M IPv4 and 2.5 M IPv6 addresses. We provide a comprehensive view of the landscape of competing QUIC libraries.
Paper Structure (13 sections, 5 figures, 6 tables)

This paper contains 13 sections, 5 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Related Work
  4. Test Environment
  5. Scanning for QUIC Deployments
  6. ZMap: Version Negotiation
  7. The Importance of SNI
  8. Library Identification
  9. Identification Methodology
  10. Library Classification on the Internet
  11. Conclusion
  12. Full List of Test Servers
  13. Overview about seen HTTP Server Header Values

Figures (5)

  • Figure 1: Test environment Docker setup. Each server implementation is hosted within its own container and thus isolated. Public (e.g., from the QUIC Interop Runner) or self-built containers can be used.
  • Figure 2: Scan setup to identify QUIC deployments and used libraries. The alpn invalid scan is explained in \ref{['sec:identification']}. Ethics are covered in \ref{['sec:conclusion']}.
  • Figure 3: Libraries on the Internet based on both scans (with/without sni) and our approach. Handshakes are not necessarily successful with all targets.
  • Figure 4: Distribution of identified libraries in IPv4 targets across as. Note the log x-axis.
  • Figure 5: Number of distinct libraries within ASes. Note the log y-axis.