Index of /datasets/spoofer/2009-imc-spoofer-data-supplement

      Name                    Last modified      Size  Description
      Parent Directory                             -   
      README.txt              2009-09-17 15:57  4.8K  
      spoofer-data-imc2009..> 2015-11-02 12:48  1.6M  

MIT ANA Spoofer Project Public Dataset
http://spoofer.csail.mit.edu
---------------------------------------

1. Overview

The data included here is from the MIT ANA Spoofer project.  This data
has been anonymized using the IP prefix-preserving method of CryptoPAn
(http://www.cc.gatech.edu/computing/Telecomm/projects/cryptopan/).
The data herein corresponds to the results we present our 2009 ACM
SIGCOMM/USENIX Internet Measurement Conference (IMC) paper.  The data
here is to enable others to perform similar analyses on data or
perhaps to compare properties of our results to other studies.

Start: 2005-02-11 08:16:52  
End:   2009-04-20 05:00:00

2. Description of the SQL tables and schema:

########################################################################
#
# Analysis Notes:
#
# All test data is keyed off of the Sessions table's Id.  Basic
# analysis can be done using joins between the Sessions, Spoofs,
# Failed and NonSpoofed tables.  
# 
# Carefully note filtering rules, primarily hosts detected to be
# behind a NAT, hosts which are unable to spoof due to OS restriction
# and hosts unable to send non-spoofed UDP traffic.


########################################################################
# Sessions:
# Contains details of each client test run 
#
#  - Id is a unique integer identifier for each test run
#  - RealAddr is the IP address of the client
#  - OS is the client's self-reported operating system string
#  - Version is the client's spoofer software version
#  - Attempts is the number of spoofed sources the client sent.
#    Tests with zero attempts should be filtered from any analysis.
#  - UDP is a binary indicator as to whether the client could send
#    non-spoofed traffic to the MIT server.  Obsoleted by the
#    NonSpoofed table in Version >= 0.7
#  - Stamp is the time stamp at which the client began
########################################################################

########################################################################
# Spoofs:
# Contains a row per spoofed packet type received 
# 
#  - Session is the session Id from the Sessions table
#  - SpoofAddr is the source address the client used
#  - DestAddr is the destination address the client used
#  - NAT is a boolean as to whether we detected a NAT rewrite
#    Analysis should filter any NAT'd spoofs
#  - Count is the number of packets of this type received
########################################################################

########################################################################
# Failed:
# Contains a row per spoofed packet type sent but not received
# 
#  - Session is the session Id from the Sessions table
#  - SpoofAddr is the source address the client used
#  - DestAddr is the destination address the client used
#  - NAT is a boolean as to whether we detected a NAT rewrite
#    Analysis should filter any NAT'd spoofs
#  - Sequence is a reception identifier.  If sequence is
#    00000000000000, then probe failed due to OS restrictions
#    on sending spoofed packets.  Analysis should filter these
#    OS restricted spoofing out.
#  - Count is the number of packets of this type received
########################################################################

########################################################################
# NonSpoofed:
# For each session, contains the destinations which were able to
# received non-spoofed UDP traffic.  This determines the base case.
# Analysis should filter all results to destinations where normal
# non-spoofed UDP is not received.
# 
#  - Session is the session Id from the Sessions table
#  - DestAddr is the destination address the client sent to
########################################################################

########################################################################
# AdjacentSpoofs:
# Same as Spoofs table, but for the neighbor spoofing testing.
# 
#  - Session is the session Id from the Sessions table
#  - SpoofAddr is the source address the client used
#  - DestAddr is the destination address the client used
#  - NAT is a boolean as to whether we detected a NAT rewrite
#    Analysis should filter any NAT'd spoofs
#  - Count is the number of packets of this type received
########################################################################

########################################################################
# AdjacentFailed:
# Same as Failed table, but for the neighbor spoofing testing.
# 
#  - Session is the session Id from the Sessions table
#  - SpoofAddr is the source address the client used
#  - DestAddr is the destination address the client used
#  - NAT is a boolean as to whether we detected a NAT rewrite
#    Analysis should filter any NAT'd spoofs
#  - Sequence has internal significance only
#  - Count is the number of packets of this type received
########################################################################