# On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records

Save this PDF as:

Size: px
Start display at page:

Download "On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records"

## Transcription

6 Here, the start and end times are shown as t xi t xj, where t xi and t xj represent the flow start and end time points. Bytes xi represents the data transferred during that interval. Similarly, assume the server to exit node traffic is also quantized into the following intervals : t y t y Bytes y t y3 t y4 Bytes y t y5 t y6 Bytes y3 t y7 t y8 Bytes y4 t y9 t y9 Bytes y5 We assume that the start and end times of both the sets of intervals are not aligned. Thus, t x t y and t x t y. Let us assume this to be the cases for all the intervals (the worst scenario). However, we also assume that both interval sets (namely the flows corresponding to the traffic between the server and exit node and between the entry node and possible clients) fall within some overall experiment start and end times. We first convert the data in the intervals to a different scale. We convert the data in bytes transferred for the interval to the average traffic throughput, in terms of bytes transferred per second. For example, for the interval t x t x we compute average throughput as ( Bytes x t x t x ). Let us denote this average throughput to be R x. Thus, let us denote the throughput for each of the intervals for the entry node to clients as R xi, i {,, 3} (corresponding to all the intervals). Also, let us also compute the throughput values for each of the intervals corresponding to the server to exit traffic and denote them by R yj, j {,, 3, 4, 5}. Each of the throughput values represent the average throughput value for intervals. This effectively translates to number of bytes transferred at each second corresponding of the interval. Let us explain this through an example. Suppose for the interval t y t y, the average throughput is R y, then it means that at t y seconds, R y bytes were transferred. Similarly, at each of t y + seconds, t y + seconds et. R y bytes were transferred. Thereafter, we divide the intervals smaller as follows: Determine which of the two interval sets (namely that corresponding to the traffic between the server and exit, and between the entry node and the client) has more intervals values. Let us denote this set by Y. Let us denote the smaller set by X ( Y X ). Divide the larger set (Y ) into steps of one second. For example, if we have an interval t y t y with throughput of R y, we divide the interval into points that are one second apart. Thus, the points are t y, t y +, t y +,..., t y + (n ),t y. The throughput at each of these points is equal to R y. Thus we have the following throughput values (for the interval t y t y ): t y : R y t y+ : R y t y+ : R y... t y + (n ) : R y t y : R y Divide the smaller set (X) into steps of only two interval points, namely the start and the end times. For example, the interval t x t x, is to be divided only into two points, namely. t x and t x and the throughput at each would be R x calculated using the formula mentioned above. Having divided the intervals, we select the set X, that denotes the set of intervals with lesser number of points. For each point in X, say t xi ( i X ), we try to find the point in Y corresponding to the same time, say t yj ( j Y, t yj = t xi ). These two points, namely t xi and t yj, along with their respective bandwidth values are output to two separate files. This process is repeated for all points in X. At the end of this process we have two different files which are organized as times and corresponding throughput values. The timestamps in these two files are same. The throughput values correspond to an estimated average throughput for each of those points. We compute the correlation of the throughput values in these two files. This gives us an approximated correlation for the traffic from server to exit node and from entry node to the client, even when the original flow samples are spare or not aligned with each other. Thus, to summarize, the attack proceeds through the following steps: ) Client downloads a file from the server that colludes with the adversary. ) While the download progresses, the server injects a repeating traffic pattern in the TCP connection it sees originating from the exit node. 3) After sometime the download process is stopped and the server halts the traffic shaping procedure. 4) The adversary obtains network statistics from flow records corresponding to the server to exit traffic and for the various clients that used the victim entry node for the duration of the attack experiment. 5) If the flows are not correctly aligned, equally long and evenly separated, then the adversary applies the approximation strategy to correctly align them. 6) The adversary thereafter computes correlation coefficient for the server to exit traffic network statistics and for all the individual clients that used the victim entry node during the attack experiment. 7) The victim client s statistics is expected to be most correlated to the server to exit node traffic. Thus the client, whose traffic statistics are most correlated to the exit node traffic are chosen as the victim and verified. Figure pictorially presents this overall attack procedure. IV. EXPERIMENTAL EVALUATION We evaluated our traffic analysis method first using and inlab test-bed and later through experiments involving data from a public Tor relay. The former experiments we conducted to evaluate the accuracy of our correlation based traffic analysis method in an in-lab set-up in the absence of Internet traffic congestion and related network and system artefacts. Our traffic analysis attack detected the victim client in all cases. Thereafter, we evaluated the effectiveness of our attack through 6

8 Throughput (Mbit/s) Victim Traffic Entry to Client Carrying Victim Traffic 37: 38: 39: 4: 4: 4: 43: Time (MM:SS) Fig. 4. Server induced step like pattern exactly matches the flow going towards the victim client. The points corresponding to the flows are highlighted by connecting the sample points. The remaining points correspond to 9 other non-victim flows. statistics (µ:.9,σ:.6) even when the experiment lasted for a shorter duration of seconds. Correlation Injected patterns: Square-Wave pattern of amp. Mbit/s and Complex pattern: Mbit/s->Mbit/s ->56 Kbit/s->5 Kbit/s Correlation for Victim Correlation for Non-Victim Square-Wave Pattern Complex Pattern Fig. 5. Average correlation for the server induced traffic pattern and the entry to victim client traffic and the max. correlation between the server induced traffic and non-victim clients, when the server injected square-wave and step like pattern (number of clients:3). B. Experimental Evaluation Involving Public Tor Relays Having evaluated the accuracy of our traffic analysis attack in an in-lab environment we moved to evaluating it using real Tor traffic, obtained from our public Tor relay that served hundreds of Tor circuits simultaneously. The set-up used is as same as the one shown in Figure. The victim clients were hosted on three different planetlab locations, namely, Texas (US), Leuven (Belgium) and Corfu (Greece). They communicated, via Tor circuits through our relay, to a server under our control, in Spain. The victim clients downloaded a large file from the server that perturbed the arriving TCP connection s traffic, thereby deliberately injecting a traffic pattern in the flow between the server and the exit node. The process was terminated after a short while and we computed the correlation between the bytes transferred between the server and the recently terminated connection from the exit node and the entry node and the several clients that used it, during this interval. These experiments were divided into two parts. The first consisted of evaluating the effectiveness when gathering data from open-source NetFlow packages. The second part involved sparse data obtained from our institutional Cisco router. ) Using Open Source NetFlow Tools: The first experiment involved the server injecting a square-wave like traffic pattern by freely switching the server to exit traffic bandwidth between approximately Mbit/s and 3 Kbit/s, thereby injecting a traffic pattern with amplitude of roughly Mbit/s. We used the set-up shown in Figure. The data was gathered from the server and from the entry node, using open source NetFlow packages. Each such experiment, involving the server switching between these bandwidth values, lasted for about 6 minutes and 4 seconds. Figure 6(a) presents sample traffic throughput variations for five flows, corresponding to one such experiment. These five flows are most correlated to the server to exit victim flow carrying the injected traffic pattern. The victim flow had the highest correlation coefficient of of.83, while the one with second-highest correlation, corresponding to a non-victim client, was.7. A total of 4 client were using the entry node at the time of the experiment. The figure also shows the fluctuating square-wave traffic pattern with an amplitude of approximately Mbit/s. The trough of the square-wave is chosen to be at 3 Kbit/s so as to sustain the Tor circuit, between the entry node and victimclient, for the duration of the experiment. Tor clients generally terminate circuits inactive circuits (which haven t seen any activity) within about minutes. We computed the correlation coefficient for the bytes transferred between the server and the exit node and each of the entry node to client flows, corresponding to the duration of the experiment. Thereafter, the client that was most correlated to the server to exit traffic was selected as the victim. These experiments were repeated 45 times (5 times corresponding to each victim client location). Average correlation between the server to exit traffic and entry node to client traffic was.6 (σ:.6),.43 (σ:.3) and.35 (σ:.4) for each of the clients at Texas (US), Leuven(Belgium) and Corfu(Greece) respectively (see Figure 6(b)). These corresponded to the client flows that were most correlated to the server to exit flow carrying the traffic pattern. The average of second-highest correlation coefficients, corresponding to non-victims, were.38 (σ:.),.3 (σ:.4) and.8 (σ:.5), respectively for each of the clients for the three sets of experiments (corresponding to each of the victim client location). Similar experiments were also repeated with the server injecting a step like pattern. To achieve this, the server switched the server to exit traffic between roughly Mbit/s, 5 Kbit/s, 3 Kbit/s and Kbit/s, every seconds. This pattern was again repeated several times. Figure 7(a) shows 8

9 Throughput (Mbit/s) Victim Traffic - Server to Exit Node Entry to Client 974 (Victim) Entry to Client 995 Entry to Client 677 Entry to Client 895 Entry to Client 55 Correlation Injected pattern: Square-Wave pattern with amp. Mbit/s Correlation for Victim Correlation for Non-Victim : 39: 4: 4: 4: 43: Time (MM:SS) Location (Texas, US) Location (Leuven, Belgium) Location 3 (Corfu, Greece) (a) (b) Fig. 6. (a) Server induced square-wave like pattern exactly matches the flow going towards the victim client974 (location : Texas, US), having the highest correlation. The remaining points correspond to the other non-victim flows that whose correlation coefficients are amongst the five highest. (b) Average Pearson s Correlation between server injected square-wave like pattern and victim and non-victim flows corresponding to the different planetlab client locations. one such sample where the server injected the step like pattern. In this experiment, the victim flow had the highest correlation coefficient of of.84, while the one with secondhighest correlation, corresponding to a non-victim client, was.5. A total of 874 clients were using the entry node at the time of the experiment. These experiments were repeated 45 times (5 times corresponding to each client location). Average correlation between the server to exit traffic and entry node to client traffic was.55 (σ:.),.3 (σ:.5) and.3 (σ:.) for each of the clients at Texas (US), Leuven(Belgium) and Corfu(Greece) respectively (see Figure 7(b)). These also corresponded to the flows having the highest correlation coefficients. The average of second-highest correlation coefficients, corresponding to non-victims, were.9 (σ:.8),.7 (σ:.) and.8 (σ:.), respectively for each of the clients for the three sets of experiments (corresponding to each of the victim client location). We gathered a total of thirty measurements corresponding to each victim client. This included 5 measurements corresponding to both square-wave and complex patterns. This resulted in a total of 9 measurements. In most cases, we observed a clear separation between the correlation of the server to exit node traffic (carrying the induced traffic pattern) and the entry node to victim client traffic and that measured between the former and non-victim traffic. However, the average correlation of the injected pattern for the victim traffic was lower than what we observed in case of in-lab controlled testbed. This is because traffic fingerprinting pattern is distored when it leaves the Tor entry node and proceeds towards the victim client, thereby reducing the correlation of the injected traffic pattern with the entry node to victim client traffic. Further, we also found four instances where the correlation of the injected traffic with the victim traffic (from the entry node to the victim client) was lower than the correlation with some other non-victim clients traffic. Such false negatives and false positives are primarily a combined effect of the background network congestion and routing in Tor relays, wherein the available bandwidth is distributed equally amongst all circuits, while at the same prioritizing interactive circuits over non-interactive ones [38]. Moreover, Pearson s correlation coefficient is known to be very sensitive to minor changes in input values. Small changes to input can drastically change the value of correlation coefficient. For each of the clients, we also computed the average bandwidth variation of the traffic for the duration of the experiment. Each of these average bandwidth values were subtracted from the average bandwidth variation of the server to exit traffic. For the victim traffic, this difference is often amongst the smallest. Thus, while correlation is sensitive to small variations in input, such an approach of calculating the difference between the victim traffic and server to exit traffic, carrying the induced pattern, can be used to filter out flows that could lead to inaccurate correlation values arising out of lack of adequate values. In fact, in the next subsection we show how this heuristic could be used to filter out flows which can possibly result in inaccurate correlation between server to exit victim traffic and entry node to client traffic flows, when obtained from our institutional Cisco router. The records gathered from the Cisco router were sparse and resulted in inaccurate correlation coefficient computation. We used the above observation to filter out flows which are very unlikely to be the victim flow. The victim to entry traffic is expected to ideally have an average bandwidth variation (for the duration of the experiment), as close as possible to that of the server to exit node traffic. After filtering out the flows, we applied our approximation technique (described previously) to align corrected flow information and compute the correlation coefficient. We pick out the one which shows highest (and statistically significant, i.e..) correlation amongst this filtered set. 9

10 Throughput (Mbit/s) Victim Traffic Entry to Client (Victim Client) Entry to Client 93 Entry to Client 64 Entry to Client 46 Entry to Client 7 3: 3: 33: 34: 35: 36: 37: 38: 39: 4: 4: 4: Time (MM:SS) Correlation Injected pattern: Step pattern: Mbit/s->5 Kbit/s->3 Kbit/s-> Kbit/s (switched every seconds) Correlation for Victim Correlation for Non-Victim Location (Texas, US) Location (Leuven, Belgium) Location 3 (Corfu, Greece) (a) (b) Fig. 7. (a) Server induced step like pattern exactly matches the flow going towards the victim client (location : Corfu, Greece), having the highest correlation. The remaining points correspond to the other non-victim flows that whose correlation coefficients are amongst the five highest. (b) Average Pearson s Correlation between server injected step like pattern and victim and non-victim flows corresponding to the different planetlab client locations. ) Using data from Cisco router: After evaluating our traffic analysis attack with data from open source NetFlow packages, we moved to evaluating it with data from our institutional edge router. We used the same experimental setup as that used above to test our attack using data obtained from open source packages. The differences here were that the entry node to client data was gathered from the router instead of directly collecting it from the entry node. The router was configured with an active timeout of 6 seconds and inactive timeout 5 seconds. We had no authority to modify these values as the router served large fraction of our institutional network traffic (several tens of thousands of competing flows at any given point of time). We thus configured the NetFlow packages on the server with these values. As already described in the previous section, the data obtained from the router seemed much sparse and non-uniformly aligned compared to the flow records from server to exit node. We thus applied our approximation strategy (described in the previous section) to align the flows. The strategy primarily operates by interpolating approximate bandwidth values. The rectified flow values were then directly used as input to the correlation coefficient computation formula and the correlation coefficients between the server to exit traffic and entry node to client traffic were determined. These experiments were essentially the same as those described in the previous subsection. The first experiment involved the server injecting a square-wave like traffic pattern with an amplitude of approximately Mbit/s. However, unlike the experiments in the previous subsection, the server switched the throughput every 3 seconds, instead of seconds. This enabled us to capture adequate ( ) samples for computing the correlation coefficient. This was done solely to compensate for the lack of samples obtained when the experiments ran for a shorter duration of seconds (as previously). For example, when injecting the square-wave like pattern, if the server switched the server to exit bandwidth every seconds, and if this was repeated times, then the total experiment ran for about 7 minutes and we observed on an average only three sample intervals corresponding to the entry node to client traffic. Figure 8(a) presents a sample bandwidth variation pattern for the server to exit traffic and the entry node to client traffic when the server injects the square-wave pattern with an approximate amplitude of about Mbit/s. It shows server to exit traffic with more data points and fewer entry to client points. Figure 8(b) presents the same data pattern after it has been rectified using our approximation strategy. As evident, here the server to exit traffic and entry to client traffic to have equal number of points. As mentioned in the previous subsection, eliminated flows whose average throughput variation was not comparable to that of the server to exit traffic throughput variation. To do this, we computed the difference of the average traffic throughput variation of the server to exit flow and the average traffic throughput variation of the entry node to client traffic (for all the clients). From our experience, we saw that for the victim traffic, the difference of the averages is within Kbit/s. We used this as a threshold to eliminate flows whose average throughput, for the duration of the experiment, differed from the average throughput of the server to exit traffic by more than Kbit/s. Just as described in the previous subsection, these experiments were repeated 45 times (5 times corresponding to each client location). Average correlation between the server to exit traffic and entry node to victim client traffic was.57 (σ:.),.35 (σ:.45) and.55 (σ:.7) for each of the clients at Texas (US), Leuven(Belgium) and Corfu(Greece) respectively (see Figure 9(a)). These averages were calculated from the flows having the highest correlation coefficients. The average of second-highest correlation coefficients, corresponding to nonvictims, were.5 (σ:.3),.6 (σ:.36) and.4 (σ:.7), respectively for each of the clients for the three sets of

12 Correlation Injected pattern: Square-Wave pattern with amp. Mbit/s Correlation for Victim Correlation for Non-Victim Correlation Injected pattern: Step pattern: Mbit/s->5 Kbit/s->3 Kbit/s-> Kbit/s (switched every 3 seconds).6.4. Correlation for Victim Correlation for Non-Victim Location (Texas, US) Location (Leuven, Belgium) Location 3 (Corfu, Greece) -. Location (Texas, US) Location (Leuven, Belgium) Location 3 (Corfu, Greece) (a) (b) Fig. 9. (a)average Pearson s Correlation between server injected square-wave like pattern of amplitude Mbit/s and victim and non-victim flows, corresponding to the different planetlab client locations. The entry node to client traffic data is captured using NetFlow data derived from institutional Cisco router with NetFlow capability. (b) Average Pearson s Correlation between server injected step like pattern and victim and non-victim flows, corresponding to the different planetlab client locations. The entry node to client traffic data is captured using NetFlow data derived from institutional Cisco router with NetFlow capability. Correlation Injected pattern: Step pattern: Mbit/s->5 Kbit/s->3 Kbit/s-> Kbit/s (switched every 3 seconds).8 Correlation for Victim Correlation for Non-Victim Location (Texas, US) Location (Leuven, Belgium) Location 3 (Corfu, Greece) Fig.. Average Pearson s Correlation between server injected step like pattern and victim and non-victim flows, corresponding to the different planetlab client locations. The entry node to client traffic data is captured using NetFlow data derived from institutional Cisco router with NetFlow capability. relationship between the server to exit traffic and then entry node to victim client traffic. This scenario, involving multiple relays, provides us with an intuition of what one can expect when an adversary monitors multiple relays. However, as mentioned in Section I, an adversary need not compare the server to exit flows to flows from all the entry nodes that it monitors. He (or she) could use traffic analysis methods, such as [6] [8] to determine the actual entry node that is being used in the victim connection, thereby only using flow statistics corresponding to the victim entry node. V. DISCUSSIONS AND FUTURE WORK Our traffic analysis attack works well in a controlled inlab set-up with symmetric network paths and path capacities (and other properties) and least congestion and uncontrolled disturbances. In such an enviromnent we were always able to determine the identity of the anonymous client amidst, several others clients that were communicating with the server. We observed sharp contrast between the correlation of the server to exit traffic with that of the entry node to victim client and the correlation of the server to exit node traffic with entry node to non-victim clients traffic. This enabled easy detection of the victim traffic. This is evident from the results presented in the previous section. However, on moving to tests with real Tor relays, we didn t see such high correlation for server to exit traffic and entry node to client traffic. This is because of existing path congestion and the traffic scheduling by Tor relays which distort the injected traffic pattern. The decrease in correlation is attributed to this distortion in injected pattern, thereby leading information loss. In our experiments involving gathering of data from the institutional Cisco router, such effects were quite pronounced. Moreover, the number of sample intervals were lesser, compared to data obtained from Linux Netflow packages. This was primarily due to flow aggregation arising from existing load on the routers. This undocumented feature leads to to flow records that often have unequal lengths and are not evenly spaced. To compensate for such situations, we devised our approximation strategy that align server to exit and entry to client flow records and use their statistics as input to compute correlation coefficient. Such approximations can cause decrease in the overall correlation of the server to exit traffic with the entry node to victim traffic, since the process crops out data points from the flows that cannot be aligned to any corresponding data point in

14 [6] S. Chakravarty, A. Stavrou, and A. D. Keromytis, Traffic analysis against low-latency anonymity networks using available bandwidth estimation, in Proceedings of the 5th European conference on Research in computer security, ser. ESORICS. Berlin, Heidelberg: Springer-Verlag,, pp [Online]. Available: [7] P. Mittal, A. Khurshid, J. Juen, M. Caesar, and N. Borisov, Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting, in Proceedings of the 8th ACM conference on Computer and communications security, ser. CCS. New York, NY, USA: ACM,, pp [Online]. Available: [8] S. Chakravarty, A. Stavrou, and A. D. Keromytis, Identifying Proxy Nodes in a Tor Anonymization Circuit, in Proceedings of the nd Workshop on Security and Privacy in Telecommunications and Information Systems (SePTIS), December 8, pp [9] Netflow iptables module. [Online]. Available: projects/ipt-netflow/ [] Netflow iptables module. [Online]. Available: projects/flow-tools [] Tor Metrics Portal. [Online]. Available: [] Tor Path Specification. [Online]. Available: https://gitweb.torproject. org/torspec.git?a=blob plain;hb=head;f=path-spec.txt [3] E. B. Claise, Cisco systems netflow services export version 9, http: //www.ietf.org/rfc/rfc3954.txt. [4] J-Flow Statistics. [Online]. Available: net/techpubs/software/erx/junose8/swconfig-ip-services/html/ ip-jflow-stats-config.html [5] Huawei NetStream Analysis, Monitoring and Reporting. [Online]. Available: netstream-analyzer.aspx [6] InMon Corporation s sflow: A Method for Monitoring Traffic in Switched and Routed Networks. [Online]. Available: http: //www.ietf.org/rfc/rfc376.txt [7] NetFlow probes: fprobe and fprobe-ulog. [Online]. Available: [8] Flexible NetFlow Command Reference. [Online]. Available: reference/fnf cr book.pdf [9] V. Shmatikov and H. M. Wang, Timing analysis in low-latency mix networks: attacks and defenses, in Proceedings of the th European conference on Research in Computer Security, ser. ESORICS 6. Berlin, Heidelberg: Springer-Verlag, 6, pp [Online]. Available: [3] S. J. Murdoch, Hot or not: Revealing hidden services by their clock skew, in Proceedings of ACM Conference on Computer and Communications Security (CCS), October 6, pp [3] D. X. Song, D. Wagner, and X. Tian, Timing analysis of keystrokes and timing attacks on ssh, in Proceedings of the th conference on USENIX Security Symposium - Volume, ser. SSYM. Berkeley, CA, USA: USENIX Association,, pp [Online]. Available: [3] E. W. Felten and M. A. Schneider, Timing attacks on web privacy, in Proceedings of the 7th ACM conference on Computer and communications security, ser. CCS. New York, NY, USA: ACM,, pp [Online]. Available: 45/ [33] S. Chen, X. Wang, and S. Jajodia, On the anonymity and traceability of peer-to-peer voip calls, Netwrk. Mag. of Global Internetwkg., vol., no. 5, pp. 3 37, Sep. 6. [Online]. Available: [34] X. Wang, S. Chen, and S. Jajodia, Tracking anonymous peer-to-peer voip calls on the internet, in Proceedings of the th ACM conference on Computer and communications security, ser. CCS 5. New York, NY, USA: ACM, 5, pp [Online]. Available: [35] M. Schuchard, J. Geddes, C. Thompson, and N. Hopper, Routing around decoys, in Proceedings of the ACM conference on Computer and communications security, ser. CCS. New York, NY, USA: ACM,, pp [Online]. Available: [36] D. Mccoy, K. Bauer, D. Grunwald, T. Kohno, and D. Sicker, Shining light in dark places: Understanding the tor network, in Proceedings of the 8th international symposium on Privacy Enhancing Technologies (PETS), 8, pp [37] B. Hubert, T. Graf, G. Maxwell, R. Mook, M.Oosterhout, P.Schroeder, J. Spaans, and P. Larroy, Linux Advanced Routing and Traffic Control HOWTO. [Online]. Available: [38] C. Tang and I. Goldberg, An improved algorithm for Tor circuit scheduling, in Proceedings of the ACM Conference on Computer and Communications Security (CCS ), A. D. Keromytis and V. Shmatikov, Eds. ACM, October. [39] X. Fu, B. Graham, R. Bettati, and W. Zhao, Analytical and empirical analysis of countermeasures to traffic analysis attacks, in Proceedings of the 3 International Conference on Parallel Processing, 3, pp [4] N. Mallesh and M. Wright, Countering statistical disclosure with receiver-bound cover traffic, in Proceedings of th European Symposium On Research In Computer Security (ESORICS 7), ser. Lecture Notes in Computer Science, J. Biskup and J. Lopez, Eds., vol Springer, September 7, pp [4] O. Berthold and H. Langos, Dummy traffic against long term intersection attacks, in Proceedings of Privacy Enhancing Technologies workshop (PET ), R. Dingledine and P. Syverson, Eds. Springer- Verlag, LNCS 48, April. [4] W. Wang, M. Motani, and V. Srinivasan, Dependent link padding algorithms for low latency anonymity systems, in Proceedings of the 5th ACM Conference on Computer and Communications Security (CCS 8), P. Syverson, S. Jha, and X. Zhang, Eds. ACM Press, October 8, pp [43] V. Shmatikov and M. H. Wang, Timing analysis in low-latency mix networks: Attacks and defenses, in Proceedings of ESORICS 6, September 6. 4

### On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records

On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records Sambuddho Chakravarty, Marco V. Barbera 2, Georgios Portokalidis 3, Michalis Polychronakis, and Angelos D. Keromytis

### Traffic Analysis Attacks and Defenses in Low Latency Anonymous Communication. Sambuddho Chakravarty

Traffic Analysis Attacks and Defenses in Low Latency Anonymous Communication Sambuddho Chakravarty Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Graduate

### STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT

STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT 1. TIMING ACCURACY The accurate multi-point measurements require accurate synchronization of clocks of the measurement devices. If for example time stamps

### packet retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.

Implementation of an Emulation Environment for Large Scale Network Security Experiments Cui Yimin, Liu Li, Jin Qi, Kuang Xiaohui National Key Laboratory of Science and Technology on Information System

### anon.next: A Framework for Privacy in the Next Generation Internet

anon.next: A Framework for Privacy in the Next Generation Internet Matthew Wright Department of Computer Science and Engineering, The University of Texas at Arlington, Arlington, TX, USA, mwright@uta.edu,

### Final for ECE374 05/06/13 Solution!!

1 Final for ECE374 05/06/13 Solution!! Instructions: Put your name and student number on each sheet of paper! The exam is closed book. You have 90 minutes to complete the exam. Be a smart exam taker -

### Research on Errors of Utilized Bandwidth Measured by NetFlow

Research on s of Utilized Bandwidth Measured by NetFlow Haiting Zhu 1, Xiaoguo Zhang 1,2, Wei Ding 1 1 School of Computer Science and Engineering, Southeast University, Nanjing 211189, China 2 Electronic

### EINDHOVEN UNIVERSITY OF TECHNOLOGY Department of Mathematics and Computer Science

EINDHOVEN UNIVERSITY OF TECHNOLOGY Department of Mathematics and Computer Science Examination Computer Networks (2IC15) on Monday, June 22 nd 2009, 9.00h-12.00h. First read the entire examination. There

### Clearing the Way for VoIP

Gen2 Ventures White Paper Clearing the Way for VoIP An Alternative to Expensive WAN Upgrades Executive Overview Enterprises have traditionally maintained separate networks for their voice and data traffic.

### Tor Anonymity Network & Traffic Analysis. Presented by Peter Likarish

Tor Anonymity Network & Traffic Analysis Presented by Peter Likarish This is NOT the presenter s original work. This talk reviews: Tor: The Second Generation Onion Router Dingledine, Mathewson, Syverson

### Internet Infrastructure Measurement: Challenges and Tools

Internet Infrastructure Measurement: Challenges and Tools Internet Infrastructure Measurement: Challenges and Tools Outline Motivation Challenges Tools Conclusion Why Measure? Why Measure? Internet, with

### Note! The problem set consists of two parts: Part I: The problem specifications pages Part II: The answer pages

Part I: The problem specifications NTNU The Norwegian University of Science and Technology Department of Telematics Note! The problem set consists of two parts: Part I: The problem specifications pages

### Encapsulating Voice in IP Packets

Encapsulating Voice in IP Packets Major VoIP Protocols This topic defines the major VoIP protocols and matches them with the seven layers of the OSI model. Major VoIP Protocols 15 The major VoIP protocols

### Securing and Monitoring BYOD Networks using NetFlow

Securing and Monitoring BYOD Networks using NetFlow How NetFlow can help with Security Analysis, Application Detection and Traffic Monitoring Don Thomas Jacob Technical Marketing Engineer ManageEngine

### Low-rate TCP-targeted Denial of Service Attack Defense

Low-rate TCP-targeted Denial of Service Attack Defense Johnny Tsao Petros Efstathopoulos University of California, Los Angeles, Computer Science Department Los Angeles, CA E-mail: {johnny5t, pefstath}@cs.ucla.edu

### Netflow Overview. PacNOG 6 Nadi, Fiji

Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools

### Network congestion control using NetFlow

Network congestion control using NetFlow Maxim A. Kolosovskiy Elena N. Kryuchkova Altai State Technical University, Russia Abstract The goal of congestion control is to avoid congestion in network elements.

### IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

This module describes IP Service Level Agreements (SLAs). IP SLAs allows Cisco customers to analyze IP service levels for IP applications and services, to increase productivity, to lower operational costs,

### Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,

### 8. 網路流量管理 Network Traﬃc Management

8. 網路流量管理 Network Traﬃc Management Measurement vs. Metrics end-to-end performance topology, configuration, routing, link properties state active measurements active routes active topology link bit error

### Monitoring and analyzing audio, video, and multimedia traffic on the network

Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia AMRES Academic Network of Serbia RCUB - Belgrade University

### PART III. OPS-based wide area networks

PART III OPS-based wide area networks Chapter 7 Introduction to the OPS-based wide area network 7.1 State-of-the-art In this thesis, we consider the general switch architecture with full connectivity

### WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO

WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO The number of branch-office work sites is increasing, so network administrators need tools to

### 3. MONITORING AND TESTING THE ETHERNET NETWORK

3. MONITORING AND TESTING THE ETHERNET NETWORK 3.1 Introduction The following parameters are covered by the Ethernet performance metrics: Latency (delay) the amount of time required for a frame to travel

### Internet Privacy Options

2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms

### QoS issues in Voice over IP

COMP9333 Advance Computer Networks Mini Conference QoS issues in Voice over IP Student ID: 3058224 Student ID: 3043237 Student ID: 3036281 Student ID: 3025715 QoS issues in Voice over IP Abstract: This

### MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

Table of Contents 1. REQUIREMENTS SUMMARY... 1 2. REQUIREMENTS DETAIL... 2 2.1 DHCP SERVER... 2 2.2 DNS SERVER... 2 2.3 FIREWALLS... 3 2.4 NETWORK ADDRESS TRANSLATION... 4 2.5 APPLICATION LAYER GATEWAY...

### to-end Packet Loss Estimation for Grid Traffic Monitoring

Passive End-to to-end Packet Loss Estimation for Grid Traffic Monitoring Antonis Papadogiannakis, Alexandros Kapravelos, Michalis Polychronakis, Evangelos P. Markatos Institute of Computer Science (ICS)

### Transport Layer Protocols

Transport Layer Protocols Version. Transport layer performs two main tasks for the application layer by using the network layer. It provides end to end communication between two applications, and implements

### Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

### Voice Over IP Performance Assurance

Voice Over IP Performance Assurance Transforming the WAN into a voice-friendly using Exinda WAN OP 2.0 Integrated Performance Assurance Platform Document version 2.0 Voice over IP Performance Assurance

### Detection of illegal gateways in protected networks

Detection of illegal gateways in protected networks Risto Vaarandi and Kārlis Podiņš Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia firstname.lastname@ccdcoe.org 1. Introduction In this

### Computer Network. Interconnected collection of autonomous computers that are able to exchange information

Introduction Computer Network. Interconnected collection of autonomous computers that are able to exchange information No master/slave relationship between the computers in the network Data Communications.

### Datagram-based network layer: forwarding; routing. Additional function of VCbased network layer: call setup.

CEN 007C Computer Networks Fundamentals Instructor: Prof. A. Helmy Homework : Network Layer Assigned: Nov. 28 th, 2011. Due Date: Dec 8 th, 2011 (to the TA) 1. ( points) What are the 2 most important network-layer

### Implementing VoIP support in a VSAT network based on SoftSwitch integration

Implementing VoIP support in a VSAT network based on SoftSwitch integration Abstract Satellite communications based on geo-synchronous satellites are characterized by a large delay, and high cost of resources.

### Chapter 4. VoIP Metric based Traffic Engineering to Support the Service Quality over the Internet (Inter-domain IP network)

Chapter 4 VoIP Metric based Traffic Engineering to Support the Service Quality over the Internet (Inter-domain IP network) 4.1 Introduction Traffic Engineering can be defined as a task of mapping traffic

### TE in action. Some problems that TE tries to solve. Concept of Traffic Engineering (TE)

1/28 2/28 TE in action S-38.3192 Verkkopalvelujen tuotanto S-38.3192 Network Service Provisioning Networking laboratory 3/28 4/28 Concept of Traffic Engineering (TE) Traffic Engineering (TE) (Traffic Management)

### SiteCelerate white paper

SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance

### Adaptive Tolerance Algorithm for Distributed Top-K Monitoring with Bandwidth Constraints

Adaptive Tolerance Algorithm for Distributed Top-K Monitoring with Bandwidth Constraints Michael Bauer, Srinivasan Ravichandran University of Wisconsin-Madison Department of Computer Sciences {bauer, srini}@cs.wisc.edu

### A Passive Method for Estimating End-to-End TCP Packet Loss

A Passive Method for Estimating End-to-End TCP Packet Loss Peter Benko and Andras Veres Traffic Analysis and Network Performance Laboratory, Ericsson Research, Budapest, Hungary {Peter.Benko, Andras.Veres}@eth.ericsson.se

### GPRS / 3G Services: VPN solutions supported

GPRS / 3G Services: VPN solutions supported GPRS / 3G VPN soluti An O2 White Paper An O2 White Paper Contents Page No. 3 4-6 4 5 6 6 7-10 7-8 9 9 9 10 11-14 11-12 13 13 13 14 15 16 Chapter No. 1. Executive

### Lab 4.1.2 Characterizing Network Applications

Lab 4.1.2 Characterizing Network Applications Objective Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1

### Accurate End-to-End Performance Management Using CA Application Delivery Analysis and Cisco Wide Area Application Services

White Paper Accurate End-to-End Performance Management Using CA Application Delivery Analysis and Cisco Wide Area Application Services What You Will Learn IT departments are increasingly relying on best-in-class

### BITAG Publishes Report: Differentiated Treatment of Internet Traffic

1550 Larimer Street, Suite 168 Denver, CO. 80202 BITAG Publishes Report: Differentiated Treatment of Internet Traffic Denver, CO (October 8, 2015): Today, the Broadband Internet Technical Advisory Group

### and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs

ICmyNet.Flow: NetFlow based traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF Faculty

### MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans

MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans Contents Overview 1 1. L2 VPN Padding Verification Test 1 1.1 Objective 1 1.2 Setup 1 1.3 Input Parameters 2 1.4 Methodology 2 1.5

### An apparatus for P2P classification in Netflow traces

An apparatus for P2P classification in Netflow traces Andrew M Gossett, Ioannis Papapanagiotou and Michael Devetsikiotis Electrical and Computer Engineering, North Carolina State University, Raleigh, USA

### Transport and Network Layer

Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

### Analysis of IP Network for different Quality of Service

2009 International Symposium on Computing, Communication, and Control (ISCCC 2009) Proc.of CSIT vol.1 (2011) (2011) IACSIT Press, Singapore Analysis of IP Network for different Quality of Service Ajith

### D. SamKnows Methodology 20 Each deployed Whitebox performs the following tests: Primary measure(s)

v. Test Node Selection Having a geographically diverse set of test nodes would be of little use if the Whiteboxes running the test did not have a suitable mechanism to determine which node was the best

### Region 10 Videoconference Network (R10VN)

Region 10 Videoconference Network (R10VN) Network Considerations & Guidelines 1 What Causes A Poor Video Call? There are several factors that can affect a videoconference call. The two biggest culprits

### plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to

### 5. DEPLOYMENT ISSUES Having described the fundamentals of VoIP and underlying IP infrastructure, let s address deployment issues.

5. DEPLOYMENT ISSUES Having described the fundamentals of VoIP and underlying IP infrastructure, let s address deployment issues. 5.1 LEGACY INTEGRATION In most cases, enterprises own legacy PBX systems,

### HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest

### Load Balancing Mechanisms in Data Center Networks

Load Balancing Mechanisms in Data Center Networks Santosh Mahapatra Xin Yuan Department of Computer Science, Florida State University, Tallahassee, FL 33 {mahapatr,xyuan}@cs.fsu.edu Abstract We consider

### SUNYIT. Reaction Paper 2. Measuring the performance of VoIP over Wireless LAN

SUNYIT Reaction Paper 2 Measuring the performance of VoIP over Wireless LAN SUBMITTED BY : SANJEEVAKUMAR 10/3/2013 Summary of the Paper The paper s main goal is to compare performance of VoIP in both LAN

### Network Performance Monitoring at Small Time Scales

Network Performance Monitoring at Small Time Scales Konstantina Papagiannaki, Rene Cruz, Christophe Diot Sprint ATL Burlingame, CA dina@sprintlabs.com Electrical and Computer Engineering Department University

### (MPLS) MultiProtocol Labling Switching. Software Engineering 4C03 Computer Network & Computer Security Dr. Kartik Krishnan Winter 2004.

(MPLS) MultiProtocol Labling Switching Software Engineering 4C03 Computer Network & Computer Security Dr. Kartik Krishnan Winter 2004 Final Copy Researcher: Paul Chan Student ID: 9914759 Last Revised:

### LCMON Network Traffic Analysis

LCMON Network Traffic Analysis Adam Black Centre for Advanced Internet Architectures, Technical Report 79A Swinburne University of Technology Melbourne, Australia adamblack@swin.edu.au Abstract The Swinburne

### Network traffic monitoring and management. Sonia Panchen sonia.panchen@inmon.com 11 th November 2010

Network traffic monitoring and management Sonia Panchen sonia.panchen@inmon.com 11 th November 2010 Lecture outline What is network traffic management? Traffic management applications Traffic monitoring

### Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks

Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks Yan Hu Dept. of Information Engineering Chinese University of Hong Kong Email: yhu@ie.cuhk.edu.hk D. M. Chiu

### A Summary of Network Traffic Monitoring and Analysis Techniques

http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_monitoring/index.html 1 of 9 A Summary of Network Traffic Monitoring and Analysis Techniques Alisha Cecil, acecil19@yahoo.com Abstract As company intranets

### What is VLAN Routing?

Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

### Communications and Computer Networks

SFWR 4C03: Computer Networks and Computer Security January 5-8 2004 Lecturer: Kartik Krishnan Lectures 1-3 Communications and Computer Networks The fundamental purpose of a communication system is the

### Prediction of DDoS Attack Scheme

Chapter 5 Prediction of DDoS Attack Scheme Distributed denial of service attack can be launched by malicious nodes participating in the attack, exploit the lack of entry point in a wireless network, and

### Port evolution: a software to find the shady IP profiles in Netflow. Or how to reduce Netflow records efficiently.

TLP:WHITE - Port Evolution Port evolution: a software to find the shady IP profiles in Netflow. Or how to reduce Netflow records efficiently. Gerard Wagener 41, avenue de la Gare L-1611 Luxembourg Grand-Duchy

### Module 7. Routing and Congestion Control. Version 2 CSE IIT, Kharagpur

Module 7 Routing and Congestion Control Lesson 4 Border Gateway Protocol (BGP) Specific Instructional Objectives On completion of this lesson, the students will be able to: Explain the operation of the

### Performance of Cisco IPS 4500 and 4300 Series Sensors

White Paper Performance of Cisco IPS 4500 and 4300 Series Sensors White Paper September 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of

### Network Simulation Traffic, Paths and Impairment

Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating

### Throughput Analysis of WEP Security in Ad Hoc Sensor Networks

Throughput Analysis of WEP Security in Ad Hoc Sensor Networks Mohammad Saleh and Iyad Al Khatib iitc Stockholm, Sweden {mohsaleh, iyad}@iitc.se ABSTRACT This paper presents a performance investigation

### Examining Proxies to Mitigate Pervasive Surveillance

Examining Proxies to Mitigate Pervasive Surveillance Eliot Lear Barbara Fraser Abstract The notion of pervasive surveillance assumes that it is possible for an attacker to have access to all links and

### A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

### Network Considerations for IP Video

Network Considerations for IP Video H.323 is an ITU standard for transmitting voice and video using Internet Protocol (IP). It differs from many other typical IP based applications in that it is a real-time

### Requirements of Voice in an IP Internetwork

Requirements of Voice in an IP Internetwork Real-Time Voice in a Best-Effort IP Internetwork This topic lists problems associated with implementation of real-time voice traffic in a best-effort IP internetwork.

### Investigation and Comparison of MPLS QoS Solution and Differentiated Services QoS Solutions

Investigation and Comparison of MPLS QoS Solution and Differentiated Services QoS Solutions Steve Gennaoui, Jianhua Yin, Samuel Swinton, and * Vasil Hnatyshin Department of Computer Science Rowan University

### Using VPNs over BGAN. Version BGAN solutions guide. 1/18 Using VPNs over BGAN

1/18 Using VPNs over BGAN BGAN solutions guide Using VPNs over BGAN Version 01 15.05.06 www.inmarsat.com/bgan Whilst the information has been prepared by Inmarsat in good faith, and all reasonable efforts

### Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming

### QoS Parameters. Quality of Service in the Internet. Traffic Shaping: Congestion Control. Keeping the QoS

Quality of Service in the Internet Problem today: IP is packet switched, therefore no guarantees on a transmission is given (throughput, transmission delay, ): the Internet transmits data Best Effort But:

### Analysis of a Distributed Denial-of-Service Attack

Analysis of a Distributed Denial-of-Service Attack Ka Hung HUI and OnChing YUE Mobile Technologies Centre (MobiTeC) The Chinese University of Hong Kong Abstract DDoS is a growing problem in cyber security.

### Quantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking

Quantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking Burjiz Soorty School of Computing and Mathematical Sciences Auckland University of Technology Auckland, New Zealand

### Proxy Server, Network Address Translator, Firewall. Proxy Server

Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as

### A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform

A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform Peter Dulany, Chang Soo Kim, and James T. Yu PeteDulany@yahoo.com, ChangSooKim@yahoo.com, jyu@cs.depaul.edu School of Computer Science,

### Covert Channels. Some instances of use: Hotels that block specific ports Countries that block some access

Covert Channels Covert Channels Tunnels that are used to bypass filters and intrusion detection systems Use traffic that is thought to be something else (i.e. DNS tunnels) Can also provide encryption (i.e.

### ReadyNAS Remote White Paper. NETGEAR May 2010

ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that

### Routing Protocol Convergence Comparison using Simulation and Real Equipment

Abstract Routing Protocol Convergence Comparison using Simulation and Real Equipment D. Sankar and D. Lancaster Centre for Security, Communications and Network Research Plymouth University, United Kingdom

### TCP PERFORMANCE IN MOBILE-IP

TCP PERFORMANCE IN MOBILE-IP Foo Chun Choong Department of Electrical Engineering, National University of Singapore ABSTRACT The throughput performance of TCP in Mobile-IP [1] was investigated. Compared

### High-Speed TCP Performance Characterization under Various Operating Systems

High-Speed TCP Performance Characterization under Various Operating Systems Y. Iwanaga, K. Kumazoe, D. Cavendish, M.Tsuru and Y. Oie Kyushu Institute of Technology 68-4, Kawazu, Iizuka-shi, Fukuoka, 82-852,

### Gaining Operational Efficiencies with the Enterasys S-Series

Gaining Operational Efficiencies with the Enterasys S-Series Hi-Fidelity NetFlow There is nothing more important than our customers. Gaining Operational Efficiencies with the Enterasys S-Series Introduction

### Using The Paessler PRTG Traffic Grapher In a Cisco Wide Area Application Services Proof of Concept

Using The Paessler PRTG Traffic Grapher In a Cisco Wide Area Application Services Proof of Concept What You Will Learn Understanding bandwidth traffic and resource consumption is vital to enhanced and

1/16/01 - ick Franks / Tiara etworks nc. / nanks@tiaranetworks.com / 408-535-1222 Multilink Frame Relay Prior to the advent of the multilink ame relay () protocol, some ame relay users were experiencing

### Key Components of WAN Optimization Controller Functionality

Key Components of WAN Optimization Controller Functionality Introduction and Goals One of the key challenges facing IT organizations relative to application and service delivery is ensuring that the applications

### Denial of Service Attacks and Resilient Overlay Networks

Denial of Service Attacks and Resilient Overlay Networks Angelos D. Keromytis Network Security Lab Computer Science Department, Columbia University Motivation: Network Service Availability Motivation:

### MOBILITY AND MOBILE NETWORK OPTIMIZATION

MOBILITY AND MOBILE NETWORK OPTIMIZATION netmotionwireless.com Executive Summary Wireless networks exhibit uneven and unpredictable performance characteristics which, if not correctly managed, can turn

### Proxy Server, Network Address Translator, Firewall

For Summer Training on Computer Networking visit Proxy Server, Network Address Translator, Firewall Prepared by : Swapan Purkait Director Nettech Private Limited swapan@nettech.in + 91 93315 90003 Proxy

### Firewalls P+S Linux Router & Firewall 2013

Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network