Large-Scale Geolocation for NetFlow
|
|
- Mervyn Crawford
- 5 years ago
- Views:
Transcription
1 Large-Scale Geolocation for NetFlow Pavel Čeleda, Petr Velan, Martin Rábek Rick Hofstede, Aiko Pras {celeda velan {r.j.hofstede IFIP/IEEE IM 2013, May 2013, Ghent, Belgium
2 Part I Introduction Pavel Čeleda Large-Scale Geolocation for NetFlow 2 / 22
3 Motivation and R&D Goals I : SURFmap - a Network Monitoring Tool Based on the Google Maps API. Pavel Čeleda Large-Scale Geolocation for NetFlow 3 / 22
4 Motivation and R&D Goals II How flow-based geolocation can be performed in a large-scale? exporter-based approach, collector-based approach. How can we benefit from geolocation data in flow records? traffic engineering, traffic profiling, anomaly detection. Pavel Čeleda Large-Scale Geolocation for NetFlow 4 / 22
5 Part II Architecture Pavel Čeleda Large-Scale Geolocation for NetFlow 5 / 22
6 Exporter-Based Geolocation Packets Input Flow cache Export NetFlow v9 Pavel Čeleda Large-Scale Geolocation for NetFlow 6 / 22
7 Exporter-Based Geolocation Packets Input Flow cache Export NetFlow v9 Flows Geolocated flows GeoPlugin Pavel Čeleda Large-Scale Geolocation for NetFlow 6 / 22
8 Exporter-Based Geolocation Packets Input Flow cache Export NetFlow v9 Flows Geolocated flows GeoPlugin exporter filter plugin for IP address geolocation, NetFlow v9 template mapping GEO data to AS fields SRC_AS=*SRC_GEO, DST_AS=*DST_GEO, AS mapping transparent to any flow collector. Pavel Čeleda Large-Scale Geolocation for NetFlow 6 / 22
9 MaxMind GeoLite Country Database MaxMind GeoLite free off-line country database, C-API for IPv4/IPv6 geolocation. Queries/s (x 10 6 ) Standard Memory cache Check cache MMAP cache 2 0 IPv4 IPv6 : IPv4/IPv6 geolocation database performance. Pavel Čeleda Large-Scale Geolocation for NetFlow 7 / 22
10 Collector-Based Geolocation Data collection NetFlow nfcapd v5, v9 Geolocation patch for NFDUMP and NfSen toolset, native geolocation support for any NetFlow v5/v9, IPFIX data. Pavel Čeleda Large-Scale Geolocation for NetFlow 8 / 22
11 Collector-Based Geolocation Data collection NetFlow nfcapd Storage v5, v9 Geolocation patch for NFDUMP and NfSen toolset, native geolocation support for any NetFlow v5/v9, IPFIX data. Pavel Čeleda Large-Scale Geolocation for NetFlow 8 / 22
12 Collector-Based Geolocation Data collection NetFlow nfcapd Storage v5, v9 Geolocation Data processing Top-N stats nfdump Aggregation Filtering Raw data nfprofile NfSen Web UI (profiles) patch for NFDUMP and NfSen toolset, native geolocation support for any NetFlow v5/v9, IPFIX data. Pavel Čeleda Large-Scale Geolocation for NetFlow 8 / 22
13 NFDUMP Database Extension #15 Country Code Flow Record: Flags = 0x06 Unsampled size = 80 first = [ :04:21] last = [ :04:22] msec_first = 890 msec_last = 100 src addr = dst addr = src port = 80 dst port = tcp flags = 0x1a.AP.S. proto = 6 (in)packets = 4 (in)bytes = 936 input = 5 src as = dst as = 2852 in src mac = 00:0e:38:5e:30:c0 out dst mac = 00:1e:be:8b:26:c0 src ctry = ISO country code - US dst ctry = ISO country code - CZ Pavel Čeleda Large-Scale Geolocation for NetFlow 9 / 22
14 NFDUMP Flow Listing a) numeric code %scc %dcc : : : : : : : : : :18973 b) alpha-2 code %sccan %dccan : : : : : : : : : :18973 Usage example nfdump -M /data/nfsen/profiles-data/live/p3000:p3001 \ -r 2012/09/23/nfcapd \ -o fmt:%pr %sap -> %dap %sccan %dccan -m -c 20 Pavel Čeleda Large-Scale Geolocation for NetFlow 10 / 22
15 NFDUMP Geofiltering Geofiltering country filter syntax is similar to other NFDUMP filters syntax : ctry [comp] <num>, country can be compared to a list (red-black tree) of country codes, syntax : ctry in [ <ctrylist> ], filters are often used for traffic profilling in NfSen. Usage example nfdump -M /data/nfsen/profiles-data/live/p3000:p3001 \ -r 2012/09/23/nfcapd c 5 \ src ctry 203 and not dst ctry in [ ] Pavel Čeleda Large-Scale Geolocation for NetFlow 11 / 22
16 NfSen Geoprofiling : Screenshot of collector-based geolocation prototype. Pavel Čeleda Large-Scale Geolocation for NetFlow 12 / 22
17 Part III Use Case I Traffic Profiling Pavel Čeleda Large-Scale Geolocation for NetFlow 13 / 22
18 Geolocated and Non-geolocated ICMP Traffic I 150 (1) IN 100 Packets/s (2) (3) (4) In Out OUT :00 02:00 04:00 06:00 08:00 10:00 12:00 : ICMP traffic. Pavel Čeleda Large-Scale Geolocation for NetFlow 14 / 22
19 Geolocated and Non-geolocated ICMP Traffic II 150 (1) IN 100 Packets/s (2) (3) (4) UA US Other CZ OUT :00 02:00 04:00 06:00 08:00 10:00 12:00 : Geolocated ICMP traffic. Pavel Čeleda Large-Scale Geolocation for NetFlow 15 / 22
20 Distribution of HTTPS Traffic over Countries I 150 IN Flows/s US CZ Other OUT : HTTPS flows/s. Pavel Čeleda Large-Scale Geolocation for NetFlow 16 / 22
21 Part IV Use Case II Anomaly Detection Pavel Čeleda Large-Scale Geolocation for NetFlow 17 / 22
22 Bad Neighboring Countries All countries China 200 Flows/s :00 06:00 12:00 18:00 00:00 : Incoming TCP SYN-only flows. Pavel Čeleda Large-Scale Geolocation for NetFlow 18 / 22
23 UDP DoS Attack IN Packets/s DNS In/Out US DNS In/Out OUT 18:00 19:00 20:00 21:00 22:00 23:00 00:00 : UDP DoS attack from infected Linux machine. Pavel Čeleda Large-Scale Geolocation for NetFlow 19 / 22
24 Part V Conclusion Pavel Čeleda Large-Scale Geolocation for NetFlow 20 / 22
25 Conclusion Summary country-level information in flow data, native geolocation support for NfSen/NFDUMP, pilot geo-prototype deployment at MU CESNET link. Future Work IPFIX-compliant prototype for exporter-based geolocation, ipfixcol AS and GEO support implementation, AS + GEO data for traffic profiling and anomaly detection. Pavel Čeleda Large-Scale Geolocation for NetFlow 21 / 22
26 Thank You For Your Attention! Large-Scale Geolocation for NetFlow P. Čeleda, P. Velan, M. Rábek {celeda velan R. Hofstede, A. Pras {r.j.hofstede Geolocation Toolset Pavel Čeleda Large-Scale Geolocation for NetFlow 22 / 22
Network Management & Monitoring
Network Management & Monitoring NfSen These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) What is NfSen
More informationIdentifying Operating System Using Flow-based Traffic Fingerprinting
Identifying Operating System Using Flow-based Traffic Fingerprinting Tomáš Jirsík, Pavel Čeleda {jirsik celeda}@ics.muni.cz Institute of Computer Science, Masaryk University EUNICE 2014 September, 1. 5.,
More informationIntroduction to Netflow
Introduction to Netflow Campus Network Design & Operations Workshop These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationNetwork Management and Monitoring
Network Management and Monitoring Introduction to Netflow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationNfSen and NFDUMP 16th TF-CSIRT Meeting Sept 15th 2005, Lisbon Peter Haag
NfSen and NFDUMP 16th TF-CSIRT Meeting Sept 15th 2005, Lisbon Peter Haag 2005 SWITCH NfSen/nfdump What I am going to present: Review: What are NfSen and nfdump. The Tools in Action. Plugins. Outlook -
More informationEnhancing Network Security: Host Trustworthiness Estimation
Enhancing Network Security: Host Trustworthiness Estimation Tomáš Jirsík, Pavel Čeleda {jirsik celeda}@ics.muni.cz Institute of Computer Science, Masaryk University Goal 25,739% Tomáš Jirsík, Pavel Čeleda
More informationExperiences with IPFIX-based Traffic Measurement for IPv6 Networks. Nakjung Choi, Hyeongu Son*, Youngseok Lee* and Yanghee Choi
Experiences with IPFIX-based Traffic Measurement for IPv6 Networks Nakjung Choi, Hyeongu Son*, Youngseok Lee* and Yanghee Choi Seoul National Univ *Chungnam National Univ 27. 8. 31 (Fri) SIGCOMM 27 IPv6
More informationCAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow Probes
CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow Probes Martin Rehak, Pavel Celeda, Michal Pechoucek, Jiri Novotny CESNET, z. s. p. o. Gerstner Laboratory
More informationTools for Security Analysis of Traffic on L7 Practical course
www.liberouter.org Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST Regional Symposium for Europe Security Tools as a Service Flow monitoring overview Flow
More informationDesign and Evaluation of HTTP Protocol Parsers for IPFIX Measurement
Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement Petr Velan, Tomáš Jirsík, Pavel Čeleda {velan jirsik celeda}@ics.muni.cz 19th EUNICE Workshop on Advances in Communication Networking
More informationListening to the Network: Leveraging Network Flow Telemetry for Security Applications Darren Anstee EMEA Solutions Architect
Listening to the Network: Leveraging Network Flow Telemetry for Security Applications Darren Anstee EMEA Solutions Architect Introduction Security has an increased focus from ALL businesses, whether they
More informationCovert channel detection using flow-data
Covert channel detection using flow-data Guido Pineda Reyes MSc. Systems and Networking Engineering University of Amsterdam July 3, 2014 Guido Pineda Reyes (UvA) Covert channel detection using flow-data
More informationDDoS Protection in Backbone Networks
DDoS Protection in Backbone Networks The Czech Way Pavel Minarik, Chief Technology Officer Holland Strikes Back, 3 rd Oct 2017 Backbone DDoS protection Backbone protection is specific High number of up-links,
More informationNETWORK TRAFFIC CHARACTERISATION USING FLOW-BASED STATISTICS
NETWORK TRAFFIC CHARACTERISATION USING FLOW-BASED STATISTICS Wednesday 27 th April, 2016 Petr Velan Jana Medková, Tomáš Jirsík, Pavel Čeleda Introduction We need to be able to describe the network traffic.
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationHardware-Accelerated Flexible Flow Measurement
Hardware-Accelerated Flexible Flow Measurement Pavel Čeleda celeda@liberouter.org Martin Žádník zadnik@liberouter.org Lukáš Solanka solanka@liberouter.org Part I Introduction and Related Work Čeleda, Žádník,
More informationAn Exploration of Geolocation and Traffic Visualisation Using Network Flows
An Exploration of Geolocation and Traffic Visualisation Using Network Flows Sean Pennefather and Barry Irwin Department of Computer Science Rhodes University Grahamstown 6140 Email: g10p0016@campus.ru.ac.za,
More informationMonitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks
Monitoring and diagnostics of data infrastructure problems in power engineering Jaroslav Stusak, Sales Director CEE, Flowmon Networks 35,000 kilometers of electric power, which feeds around 740,000 clients...
More informationFlow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018
Flow Measurement For IT, Security and IoT/ICS Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018 What is Flow Data? Modern method for network monitoring flow
More informationDDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch)
DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch) Pavel Minarik, Chief Technology Officer SwiNOG meeting, 9 th Nov 2017 Backbone DDoS protection Backbone protection
More informationDetection of DNS Traffic Anomalies in Large Networks
Detection of Traffic Anomalies in Large Networks Milan Čermák, Pavel Čeleda, Jan Vykopal {cermak celeda vykopal}@ics.muni.cz 20th Eunice Open European Summer School and Conference 2014 1-5 September 2014,
More informationSCRIPT: An Architecture for IPFIX Data Distribution
SCRIPT Public Workshop January 20, 2010, Zurich, Switzerland SCRIPT: An Architecture for IPFIX Data Distribution Peter Racz Communication Systems Group CSG Department of Informatics IFI University of Zürich
More informationIt s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security
It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security Pavel Minařík, Chief Technology Officer Neutral Peering Days 2018, The Hague Your customers depend on your
More informationAnomaly detection for NFSen/nfdump netflow engine - with Holt-Winters algorithm
Anomaly detection for NFSen/nfdump netflow engine - with Holt-Winters algorithm János Mohácsi, Gábor Kiss NIIF/HUNGARNET Motivation Usual work of CSIRT teams: Find abnormal behaviour Visual detection of
More informationRIPE75 - Network monitoring at scale. Louis Poinsignon
RIPE75 - Network monitoring at scale Louis Poinsignon Why monitoring and what to monitor? Why do we monitor? Billing Reducing costs Traffic engineering Where should we peer? Where should we set-up a new
More informationCisco Stealthwatch. Internal Alarm IDs 7.0
Cisco Stealthwatch Internal Alarm IDs 7.0 Stealthwatch Internal Alarm IDs Some previously used alarms are now obsolete and no longer listed in this file. 1 Host Lock Violation 5 SYN Flood 6 UDP Flood 7
More information[Optional] Network Visibility with NetFlow
Old Lab [Optional] Network COSC301 Laboratory Manual This lab hasn't been run recently, so no guarantees are made regarding the commands and their output. In this lab, we shall investigate network visibility
More informationNetwork Security Monitoring with Flow Data
Network Security Monitoring with Flow Data IT Monitoring in Enterprises NPMD (Network Performance Monitoring & Diagnostics) SNMP basics Flow data for advanced analysis and troubleshooting Packet capture
More informationReal-Time and Resilient Intrusion Detection: A Flow-Based Approach
Real-Time and Resilient Intrusion Detection: A Flow-Based Approach Rick Hofstede, Aiko Pras To cite this version: Rick Hofstede, Aiko Pras. Real-Time and Resilient Intrusion Detection: A Flow-Based Approach.
More informationNetwork Element Configuration
The following describes how to configure Flexible NetFlow and NTP servers on your ISR. Configuring a Network Element, page 1 NTP Configuration, page 1 NetFlow Configuration, page 2 Configuring a Network
More informationConfiguring NetFlow. Information About NetFlow. What is a Flow. This chapter contains the following sections:
This chapter contains the following sections: Information About NetFlow, page 1 Guidelines and Limitations for NetFlow, page 9 Default Settings for NetFlow, page 10 Enabling the NetFlow Feature, page 11
More informationIBM Aurora Flow-Based Network Profiling System
IBM Aurora Flow-Based Network Profiling System Technical Aspects http://www.zurich.ibm.com/aurora/ Email: Jeroen Massar SwiNOG #15 4 December 2007 www.zurich.ibm.com/aurora
More informationAn Investigation Into Teredo and 6to4 Transition Mechanisms: Traffic Analysis
An Investigation Into Teredo and 6to4 Transition Mechanisms: Traffic Analysis Martin Elich, Petr Velan, Tomas Jirsik, Pavel Celeda Faculty of Informatics, Masaryk University, Brno, Czech Republic elich@mail.muni.cz
More informationMonitoring and Threat Detection
Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What
More informationBOTNETS ON LARGE NETWORKS
BOTNETS ON LARGE NETWORKS James Davis, UKNOF26 BACKGROUND IP EXPLOSION IP is getting everywhere... students BYOEverything. Yesterday: IP EXPLOSION Today: IP EXPLOSION Tomorrow: IP DEVICES Most companies
More informationConfiguring NetFlow. Information About NetFlow. Send document comments to CHAPTER
CHAPTER 11 Use this chapter to configure NetFlow to characterize IP traffic based on its source, traffic destination, timing, and application information, giving visibility into traffic transiting the
More informationConfiguring Data Export for Flexible NetFlow with Flow Exporters
Configuring Data Export for Flexible NetFlow with Flow Exporters Last Updated: November 29, 2012 This document contains information about and instructions for configuring flow exporters to export Flexible
More informationNext Generation Network Traffic Monitoring and Anomaly Detection. Petr Springl
Next Generation Network Traffic Monitoring and Anomaly Detection Petr Springl springl@invea-tech.com INVEA-TECH University spin-off company 10 years of development, participation in EU funded projects
More informationDNS Survival Guide. Artyom Gavrichenkov
DNS Survival Guide Artyom Gavrichenkov A bit of a history: DNS 1983: (int32)*host_str; A bit of a history: DNS 1983: (int32)*host_str; 1997-2017: load balancing geobalancing ASN policies
More informationStateful Network Address Translation 64
The feature provides a translation mechanism that translates IPv6 packets into IPv4 packets and vice versa. The stateful NAT64 translator algorithmically translates the IPv4 addresses of IPv4 hosts to
More informationFlow-based Traffic Visibility
Flow-based Traffic Visibility Operations, Performance, Security Pavel Minařík, Chief Technology Officer What is Flow Data? Modern method for network monitoring flow measurement Cisco standard NetFlow v5/v9,
More informationBIG-IP otse vastu internetti. Kas tulemüüri polegi vaja?
BIG-IP otse vastu internetti. Kas tulemüüri polegi vaja? Tarmo Mamers Heigo Mansberg Network Firewall Imagery stackexchange.com Network Firewall Functions Network Firewall Traffic OUTSIDE INSIDE INBOUND
More informationFlows at Masaryk University Brno
Flows at Masaryk University Brno Jan Vykopal Masaryk University Institute of Computer Science GEANT3/NA3/T4 meeting October 21st, 2009, Belgrade Masaryk University, Brno, Czech Republic The 2nd largest
More informationDDoS Testing with XM-2G. Step by Step Guide
DDoS Testing with XM-G Step by Step Guide DDoS DEFINED Distributed Denial of Service (DDoS) Multiple compromised systems usually infected with a Trojan are used to target a single system causing a Denial
More informationHistory Page. Barracuda NextGen Firewall F
The Firewall > History page is very useful for troubleshooting. It provides information for all traffic that has passed through the Barracuda NG Firewall. It also provides messages that state why traffic
More informationBuilding a Feedback Loop to Capture Evidence of Network Incidents
Building a Feedback Loop to Capture Evidence of Network Incidents Zdeněk Rosa, Tomáš Čejka, Martin Žádník and Viktor Puš CESNET, a.l.e. CTU in Prague, FIT Zikova 4 Thákurova 9 16 Prague 6, Czech Republic
More informationNEMEA: A Framework for Network Traffic Analysis
NEMEA: A Framework for Network Traffic Analysis Tomas Cejka, Vaclav Bartos, Marek Svepes, Zdenek Rosa and Hana Kubatova CESNET, a.l.e. Zikova 4, 160 00 Prague 6, Czech Republic {cejkat,bartos,svepes,rosa}@cesnet.cz
More informationFirewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense
FIREWALLS 3 Firewalls Firewall means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense administered network public Internet firewall
More informationFlowMatrix Tutorial. FlowMatrix modus operandi
FlowMatrix Tutorial A message from the creators: When developing FlowMatrix our main goal was to provide a better and more affordable network anomaly detection and network behavior analysis tool for network
More informationStealthwatch System v6.9.0 Internal Alarm IDs
Stealthwatch System v6.9.0 Internal Alarm IDs Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE
More informationConfiguring NetFlow. NetFlow Overview
NetFlow Overview NetFlow identifies packet flows for ingress IP packets and provides statistics based on these packet flows. NetFlow does not require any change to either the packets themselves or to any
More informationThe Network Data Handling War: MySQL vs. NfDump
The Network Data Handling War: vs. Rick Hofstede, Anna Sperotto, Tiago Fioreze, and Aiko Pras University of Twente Centre for Telematics and Information Technology Faculty of Electrical Engineering, Mathematics
More informationFlexible NetFlow IPFIX Export Format
The feature enables sending export packets using the IPFIX export protocol. The export of extracted fields from NBAR is only supported over IPFIX. Finding Feature Information, page 1 Information About,
More informationAppendix B Policies and Filters
Appendix B Policies and Filters NOTE: This appendix does not describe Access Control Lists (ACLs) or IPX SAP ACLs, which are additional methods for filtering packets. See Software-Based IP Access Control
More informationFlow-based Accounting: Applications and Standardisation
Flow-based Accounting: Applications and Standardisation SCAMPI Workshop May 3, 2004 Simon Leinen, SWITCH Flow-based Accounting - Basic Idea Classify packets into flows (equivalence classes)
More informationFlow Sampling for ASR1K
LIVEACTION, INC. Flow Sampling for ASR1K CONFIGURATION LiveAction, Inc. 3500 Copyright WEST BAYSHORE 2016 LiveAction, ROAD Inc. All rights reserved. LiveAction, LiveNX, LiveUX, the LiveAction Logo and
More informationCisco IOS Flexible NetFlow Command Reference
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationH3C SecPath Series Firewalls and UTM Devices
H3C SecPath Series Firewalls and UTM Devices Attack Protection Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: F100 series: ESS 5132 F1000-A-EI: Feature 3722
More informationConfiguring NetFlow. About NetFlow. This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.
This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. About NetFlow, page 1 Licensing Requirements for NetFlow, page 4 Prerequisites for NetFlow, page 4 Guidelines and Limitations
More informationThis chapter provides information to configure Cflowd.
Cflowd In This Chapter This chapter provides information to configure Cflowd. Topics in this chapter include: Cflowd Overview on page 564 Operation on page 565 Cflowd Filter Matching on page 569 Cflowd
More informationA Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models
A Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models Marc Ph. Stoecklin Jean-Yves Le Boudec Andreas Kind
More informationIntrusion Detection and Malware Analysis
Intrusion Detection and Malware Analysis Anomaly-based IDS Pavel Laskov Wilhelm Schickard Institute for Computer Science Taxonomy of anomaly-based IDS Features: Packet headers Byte streams Syntactic events
More informationCisco Day Hotel Mons Wednesday
Cisco Day 2016 20.4.2016 Hotel Mons Wednesday Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting Systems Engineer 20 April
More informationScaling Hardware Accelerated Network Monitoring to Concurrent and Dynamic Queries with *Flow
Scaling Hardware Accelerated Network Monitoring to Concurrent and Dynamic Queries with *Flow John Sonchack, Oliver Michel, Adam J. Aviv, Eric Keller, Jonathan M. Smith Measuring High Speed Networks 00
More informationValidation of the Network-based Dictionary Attack Detection
Validation of the Network-based Dictionary Attack Detection Jan Vykopal vykopal@ics.muni.cz Tomáš Plesník plesnik@ics.muni.cz Institute of Computer Science Masaryk University Brno, Czech Republic Pavel
More informationA Survey on Network Security Monitoring Implementations
A Survey on Network Security Monitoring Implementations Ibrahim Ghafir, Jakub Svoboda, Vaclav Prenosil Abstract Network monitoring is a difficult and demanding task that is a vital part of a network administrator
More informationFlexible network monitoring at 100Gbps. and beyond
Nadpis 1 Nadpis 2 Nadpis 3 Flexible network monitoring at 100Gbps Lukáš Kekely, Viktor Puš {kekely,pus}@cesnet.cz and beyond Jméno Příjmení Vysoké učení technické v Brně, Fakulta informačních technologií
More informationConfiguring Flexible NetFlow
Prerequisites for Flexible NetFlow, on page 1 Restrictions for Flexible NetFlow, on page 2 Information About Flexible Netflow, on page 4 How to Configure Flexible Netflow, on page 18 Monitoring Flexible
More informationConfiguring AVC to Monitor MACE Metrics
This feature is designed to analyze and measure network traffic for WAAS Express. Application Visibility and Control (AVC) provides visibility for various applications and the network to central network
More informationBIG-IP Network Firewall: Policies and Implementations. Version 13.0
BIG-IP Network Firewall: Policies and Implementations Version 13.0 Table of Contents Table of Contents About the Network Firewall...9 What is the BIG-IP Network Firewall?...9 About firewall modes... 9
More informationStonesoft Management Center. Release Notes Revision A
Stonesoft Management Center Release Notes 6.1.3 Revision A Contents About this release on page 2 System requirements on page 2 Build version on page 3 Compatibility on page 4 New features on page 5 Enhancements
More informationNetwork Configuration Example
Network Configuration Example Configuring Stateful NAT64 for Handling IPv4 Address Depletion Release NCE0030 Modified: 2017-01-23 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089
More informationConfiguring Flexible NetFlow
Prerequisites for Flexible NetFlow, on page 1 Restrictions for Flexible NetFlow, on page 2 Information About Flexible Netflow, on page 4 How to Configure Flexible Netflow, on page 18 Monitoring Flexible
More informationCisco dan Hotel Crowne Plaza Beograd, Srbija.
Cisco dan 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija www.ciscoday.com Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting
More informationGigamon Metadata Application for IBM QRadar Deployment Guide
Gigamon Metadata Application for IBM QRadar Deployment Guide COPYRIGHT Copyright 2018 Gigamon. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a
More informationCSE 461 Midterm Winter 2018
CSE 461 Midterm Winter 2018 Your Name: UW Net ID: General Information This is a closed book/laptop examination. You have 50 minutes to answer as many questions as possible. The number in parentheses at
More informationNetFlow Optimizer. User Guide. Version (Build ) May 2017
NetFlow Optimizer User Guide Version 2.4.9 (Build 2.4.9.0.3) May 2017 Copyright 2012-2017 NetFlow Logic Corporation. All rights reserved. Patents both issued and pending. Contents About this Guide... 3
More informationNetFlow Monitoring. NetFlow Monitoring
, page 1 NetFlow Limitations, page 2 Creating a Flow Record Definition, page 3 Viewing Flow Record Definitions, page 4 Defining the Exporter Profile, page 4 Creating a Flow Collector, page 5 Creating a
More informationECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition
ECPE / COMP 177 Fall 2012 Some slides from Kurose and Ross, Computer Networking, 5 th Edition Application Layer Transport Layer Network Layer Link Layer Physical Layer 2 Application Layer HTTP DNS IMAP
More informationConfiguring NetFlow. NetFlow Overview
NetFlow identifies packet flows for ingress IP packets and provides statistics based on these packet flows. NetFlow does not require any change to either the packets themselves or to any networking device.
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Chapter 7 - Network Measurements Introduction Architecture & Mechanisms
More informationLesson 9 OpenFlow. Objectives :
1 Lesson 9 Objectives : is new technology developed in 2004 which introduce Flow for D-plane. The Flow can be defined any combinations of Source/Destination MAC, VLAN Tag, IP address or port number etc.
More informationNetFlow Optimizer. User Guide. Version (Build X) November 2017
NetFlow Optimizer User Guide Version 2.5.0 (Build 2.5.0.0.X) November 2017 Copyright 2012-2017 NetFlow Logic Corporation. All rights reserved. Patents both issued and pending. Contents About this Guide...
More informationMeasuring the IPv6 Internet by active DNS and HTTP measurements (work in progress)
Measuring the IPv6 Internet by active DNS and HTTP measurements (work in progress) emile.aben@ripe.net Early 21st centry http://www.ripe.net 1 The 2 Internets The IPv4 Internet The IPv6 Internet How are
More informationTo get a feel for how to use the FIREWALL > Live page in NextGen Admin, watch the following video:
Under the Live tab, you can view and filter real-time information for the traffic that passes through the Barracuda NextGen Firewall F-Series. You can also manage the traffic sessions. To access the Live
More informationNetFlow Multiple Export Destinations
Feature History Release 12.0(19)S 12.0(19)ST 12.2(2)T 12.2(14)S Modification This feature was introduced on the Cisco 12000 Internet router. This feature was integrated into Cisco IOS Release 12.0(19)ST.
More information1 STUDENT LEARNING OUTCOMES 2 INTRODUCTION
CIT 485/585 Netflow Analysis The objective of this assignment is to learn how to use flow records to understand what is happening on the network. While flow records cannot reveal the content of data transferred,
More informationGeneral Firewall Configuration
To adjust resources used by your firewall service you can change the sizing parameters in the General Firewall Configuration (CONFIGURATION > Configuration Tree > Box > Infrastructure Services) of the
More informationPacket Sniffing and Spoofing
Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du Packet Sniffing and Spoofing Chester Rebeiro IIT Madras Shared Networks Every network packet reaches every
More informationZone-Based Firewall Logging Export Using NetFlow
Zone-Based Firewall Logging Export Using NetFlow Zone-based firewalls support the logging of messages to an external collector using NetFlow Version 9 export format. NetFlow Version 9 export format uses
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector for IP Flow (NetFlow/J-Flow) Configuration Guide October 17, 2017 SmartConnector for IP Flow (NetFlow/J-Flow) October 17, 2017 Copyright 2004 2017 Hewlett
More informationAVC Configuration. Unified Policy CLI CHAPTER
CHAPTER 3 Revised: February 7, 2013, This chapter addresses AVC configuration and includes the following topics: Unified Policy CLI, page 3-1 Metric Producer Parameters, page 3-2 Reacts, page 3-2 NetFlow/IPFIX
More informationPacket Analysis - Wireshark
Packet Analysis - Wireshark Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea Why do we need to capture packet & how is it relevant to security? tcpdump tcpdump is a utility used
More informationFlexible NetFlow IPv6 Unicast Flows
The feature enables Flexible NetFlow to monitor IPv6 traffic. Finding Feature Information, page 1 Information About Flexible NetFlow IPv6 Unicast Flows, page 1 How to Configure Flexible NetFlow IPv6 Unicast
More informationPacket Capture & Wireshark. Fakrul Alam
Packet Capture & Wireshark Fakrul Alam fakrul@bdhub.com Why we need to capture packet & how it s related to security? tcpdump Definition tcpdump is a utility used to capture and analyze packets on network
More informationConfiguring Data Export for Flexible NetFlow with Flow Exporters
Configuring Data Export for Flexible NetFlow with Flow Exporters Last Updated: September 4, 2012 This document contains information about and instructions for configuring flow exporters to export Flexible
More informationPIX-IE An SDN-based Programmable Internet exchange
PIX-IE An SDN-based Programmable Internet exchange Kazuya Okada The University of Tokyo/WIDE Project/NSPIXP Project okada@ecc.u-tokyo.ac.jp Internet2 1 Our Background Operating an academic IX (DIX-IE)
More informationSelf-Management of Hybrid Networks: Can We Trust NetFlow Data?*
Self-Management of Hybrid Networks: Can We Trust NetFlow Data?* by Tiago Fioreze Co-authors: Lisandro Zambenedetti Granville, Aiko Pras, Anna Sperotto, and Ramin Sadre * Tiago Fioreze, Lisandro Zambenedetti
More informationNetFlow Integrator Standard
NetFlow Integrator Standard User Guide Version 2.4.2 (Build 2.4.2.0.11) November 2015 Copyright 2012, 2013 NetFlow Logic Corporation. All rights reserved. Patents Pending. Contents About this Guide...
More informationFlexible NetFlow IPv6 Unicast Flows
The feature enables Flexible NetFlow to monitor IPv6 traffic. Finding Feature Information, page 1 Information About Flexible NetFlow IPv6 Unicast Flows, page 1 How to Configure Flexible NetFlow IPv6 Unicast
More information