Middlebox Assessment and Network Gaps: Observing Enforced Security
摘要
Network middleboxes often manipulate traffic in ways that are invisible to users—silently filtering, blocking, or redirecting connections. For the network administrators installing them, they often come as blackboxes whose internal mechanisms are unknown. In this paper, we present a systematic approach to discover and better understand these hidden enforcement mechanisms through a distributed testing framework. By running a series of reproducible test scenarios, we analyze how filtering is applied across the DNS and HTTP(S) layers. In total, we conducted 4,485 tests within a network, which revealed surprising differences in the blacklisting criteria applied across protocols. Additionally, we discovered firewall misconfigurations—including exploitable UDP holes. All findings were responsibly disclosed to the network and security teams that had provided support for these experiments, in order to let them address them in due time.