A Scalable High Performance Network Monitoring Agent for CERNET

Size: px
Start display at page:

Download "A Scalable High Performance Network Monitoring Agent for CERNET"

Transcription

1 A Scalable High Performance Network Monitoring Agent for CERNET ZHANG, Hui CERNET Network Research Center Tsinghua University, Beijing, , China Abstract _ In a cost-effective way, collecting and analyzing data from such a nationwide operational network as China Education and Research Network (CERNET ) is an increasingly challenging task. This paper presents our experience designing and implementing a passive monitoring agent applicable to CERNET, based on which we are not only supporting our network intrusion detection system (IDS), network management system (NMS) for detecting and identifying signs of malicious activities, non-malicious failures, and other exceptional events in real-time, but providing anomaly information to accounting and billing system (ABS) so as to make it healthy. This agent is characterized by a high performance data collecting facility and a methodology of real -time data correlation and analysis. We can deploy a customized agent on a particular link of CERNET for monitoring network dynamically. We will discuss how to conflate, correlate, associate and refine measurement data to dis criminate anomalies such as DoS from normal traffic, and how to respond to the anomalies for the purpose of operational network's health. We conclude with experiences learned from the development and deployment of the agent and o ngoing research work. Keywords: Passive Monitoring, Traffic Collection, Packet Classification, Data Mining, Intrusion Detection I. Introduction This paper presents our experiences designing and developing an IP monitoring agent for the China Education and Research Network (CERNET). CERNET is the first and the largest nationwide education and research computer network in China. It has 12 global and regional channels connected with the United States, Canada, the U.K., Germany, Japan and Hong Kong SAR, and the international gateway bandwidth is over 220Mbps. Meanwhile, its domestic channels connected with other commercial carriers in China are usually up to 1Gbps in bandwidth. More than 1000 education and research institutions, 1.2 million PC's and 8 million users have connected to CERNET, constructing a 4-level hierarchy: campus network, province network, regional network and national backbone. CERNET backbone consists of over 60 OC-48 and OC-3 links, interconnecting 10 region-level nodes and 38 province-level nodes [6].The traffic volume ranges from tens _ This work was supported by the National Science Foundation of China (NSFC) under the grant No Send correspondence to Mr. ZHANG, Hui. Tel: +86 (0) Addr: Rm 210 Main Bldg, Tsinghua University, Beijing China. of Mb/sec on OC-3 province access links to more than 1Gb/sec on OC-48 national backbone links. The hierarchical structure of CERNET as shown in Figure 1 presents the location of our monitoring agents deployed across it. Fig. 1 CERNET hierarchical structure The CERNET backbone IP network provides connectivity over a geographically wide area. The back bone consists of a set of regional nodes connected by high bandwidth links, which are typically 2.5Gb/sec OC-48 links or 155Mb/sec OC-3 links. Each regional node in turn contains links, typically Gigabit Ethernet (GigE ), connecting to region access aggrega tion routers which provide access service for downstream networks. On the other hand, the BGP border routers which connect CERNET to Internet outside China and other major ISPs in China are generally connect ed to backbone via GigE links too. In case of CER NET topology, we can therefore easily deploy multiple monitoring agents across those GigE links to measure network traffic as well as monitor network anomaly and misuse. The monitoring agent is designed to focus on the following issues: 1) Support data rates up to 1Gb/sec. 2) Collect real-time IP packets from multiple carrier peering GigE links and regional access GigE links. 3) Classify ten thousands of IP packets into flows with timestamp with accurate enough fidelity. 4) Provide real-time measurements which characterize the status of link being monitored. 5) Filter out the anomaly signs according to a set of pre-defined signature in terms of multi-dimensions of

2 network flow traffic 6) Transfer the sampling IP packet data and flow data into data repository wherein previously unseen signatures are found off-line via data mining. This data correlation and analysis involves processing gigabytes or terabytes of data, and must have some facilities to handle unusual phenomena such as misuses and/or malicious network behaviors. 7) Provide identified records of traffic anomaly, network attacks, malicious mobile network worms, etc. for CERNET intrusion detection system (IDS), network management system (NMS), accounting and billing system (ABS) with daily network operation s health in mind. The remainder of the paper describes the details of how we address these design issues in our IP monitoring agent and presents some sample results that demonstrate the agent s capabilities. Section II presents architecture of this agent which consists of several major functional components and how to implement a scalable high performance agent via commodity hardware and software in a cost-effective way. Section III illustrates workflow of agent components and how they can work together in a tightly-coupled environment. Section IV presents traffic measurements, detected anomalies and attacks during last 3 months which demonstrate the capabilities of our agent. Section V discusses the cooperative relationship between our agents and IDS, NMS and ABS installed in CERNET. Section VI and VII concludes and discusses areas of ongoing and future research. II. System Architecture To satisfy the above-mentioned requirements, the design and implementation of our monitoring agent collects and aggregates packets to produce flow records with timestamp as shown in Table 1 and Table 2, respectively. This provides the fundamental traffic data concerning links being monitored. A set of components base their function on these meta-data to perform further processing and analysis. saddr daddr sport dport protocol service len_sd len_ds pkt_num_sd pkt_num_ds timestamp Table 1: Flow Record Definition source ip address(es) destination ip address(es) source port(s) destination port(s) ip protocol number(s) Description pre-defined application service(s) traffic from source to destination (in kilobytes) traffic from destination to source (in kilobytes) number of packets from source to destination number of packets from destination to source network time of first and last packet in the flow saddr daddr sport dport protocol Table 2: Captured Packet Record Definition source ip address(es) destination ip address(es) source port(s) destination port(s) ip protocol(s) size packet size (in bytes ) timestamp interface customized network time of the packet Description from which network interface the packet was captured one or more fields captured as needed In our opinion, these fields are the minimal but most useful subset of data available. By this definition of flow, we can describe many kinds of traffic stream pattern normal or anom alous behavior with great flexibility and convenience. With the worst-case, if we capture packet instead of flow, this resolves to about 20 bytes of data per packet, which means we are collecting about 5% of the total traffic given a 400-byte average packet size. At this point, we have reduced our input traffic by a factor of 20, on average. The remaining data is sent to user-space program for saving or doing in-depth traffic analysis and data mining. If we capture flow, we can reduce our input traffic by a factor larger than 20, on average, i.e., produce greater efficiency. A. Data Collection Passive measurement systems include Simple Network Management Protocol (SNMP)-based network traffic measurement tools [1], tcpdump [2] /libpcap [3], NetFlow [4], and CoralReef [5], etc. The typical passive measurement projects include [5] for CAIDA, [7] for NLANR and [8] for Sprint. Our agent makes use of a novel underlying collection facility called Linuxflow [9]. As with [9], this data collection component used by our monitoring agent suffices for gigabit Ethernet too. We implement this on Intel-based x86 hardware, i.e., a dual-processor 933MHz Pentium III machine with both a 64bit/133MHz PCI bus and a 64bit/66-33MHz PCI bus, and 2GB of PC-133 memory, two AceNIC Gigabit Ethernet cards with the Tigon II chipset, and two EtherExpress Pro 100Mb Ethernet cards for management. Also, we make heavy use of the source code for the Linux kernel 2.4.x [16]. At this moment, we modify the source code for further tuning of parameters of AceNIC Gigabit Ethernet s driver so as to improve its performance (rx_coal_tick) [16]. M eanwhile, TCP window size in the kernel is set to 256 Kbytes. Monitoring agent s architecture is shown in more detail in Figure 2. This figure shows a logical view of the hardware and software, and how processing is performed among multiple modules. Agent first collects traffic from the tapped network link via an optical splitter. The two

3 network interface cards one for TX and the other for RX traffic traveling across GigE link, both of which are working in promiscuous mode then collect traffic packets from the tapped network link, pass the data through a special-purpose packet capture protocol stack [9] to the kernel. A globally synchronized clock is provided by Fig. 2 Collect traffic through optical splitter network time protocol (NTP) from [17] upon which the fidelity of captured packet timestamp is up to O(millisecond ). B. Data Analysis All real -time data analysis is performed by user-level multithreading applications which depend heavily on SMP and caching facilities in Linux kernel for high performance. As we can see from Figure 2, packet meter /filter module interfaces the kernel via a newly-defined socket, namely AF_CAPPKT [9]. Some of the basic analysis, such as measuring packet size distribution, packet source/destination port distribution, packet protocol distribution, packets per second (PPS), and average packet size could be performed within it. And it can also filter packets in real time according to dynamically configured rules by using routing lookup algorithm. The output of packet meter, ten thousands of packet records as described in Table 2, are sent to a packet classifier which, among other things, is of the most importance functionality module in this monitoring agent. This module classifies incoming packets into one of several flows based on multiple fields of packets all packets of a flow are treated by a pre-defined rule and are processed in a similar manner in the next step. Routing lookup and packet classification are both important problems in the design and implementation of generic flow-aware routers [10] [11]. At this moment, we make use of a routing lookup algorithm Lulea [12] for longest prefix matching in software to support gigabit speed for packet filtering in monitoring agent instead of packet forwarding in router. This algorithm s objective is to minimize the storage requirements of their data structure, so that it can fit in the L1 cache of a conventional general purpose processor such as Pentium; our agent is based on dual Pentium III processors. On the other hand, we take advantage of a packet classification algorithm Recursive Flow Classification (RFC) [10][11] for packet classification on multiple fields for classifying packets into flows. There are a number of properties that we desire for the purpose of getting high performance and scalability from the algorithms we cho ose. 1) High speed. 2) Low processing time. 3) Flexibility in implementation. 4) Scalability in the number of fields. After collecting a large number of flows from packet classifier, the first work is to perform flow-based classification and filtering. We examine each individual flow and extract the following information: 1) TopN statistics concerning traffic volume, address uniformity, port settings, number of packets and flows, etc. 2) Traffic matrices concerning peering links, AS, and DNS domains etc. 3) Link utilization. 4) Any self-defined type of active flow as needed. 5) Traffic breakdown by protocols, applications (network services). 6) Routing information such as routing loop s and errors. Now we are capable of focusing on the outcomes of our interests which can be acquired from AF_CAPPKT, packet meter/filter, packet classifier and flow-based filters, and do further analysis by the methods we have adopted previously [13][14] and others [15] to conflate, correlate, associate and refine all above-mentioned measurement data to discriminate anomalies such as DoS from normal traffic. C. Data Repository and Mining The data repository is a large RAID-5 array for storage of all kinds of selective data from AF_CAPPKT, packet meter/filter, packet classifier and flow-based filters. It contains 1.8TB of disk space that consists of 10 Ultra SCSI 3 hard disks (180GB each). Data mining (DM) is a promising technique for IDS, especially for detecting novel attacks. By DM, our agent is not only able to give a profile of normal traffic, i.e. attack-free traffic, in the network, and then provide statistical anomaly -based detection results by comparing current data with previously -derived profile (profile-based), but also able to do further in-depth post-mortem analysis off-line on the bad or strange traffic flow and/or packet pattern for identifying novel rules, refining or deleting out-of-date ones to improve the capability and efficiency of current classifier and/or packet filter. Currently, we mainly look at the following statistical calculations for obtaining novel signs of anomalies: intensity measure, distribution measure, categorical and counting measure. Since the values obtained are from disparate distributions, we also need to normalize them. III. Workflow of Operations Figure 3 shows the operational workflow of all components of t his monitoring agent.

4 dport protocol 17(udp) 17(udp) 17(udp) size timestamp interface nic0 nic0 nic payload Signature (multiply fields on which classification is based) derived from anomaly packet record: {saddr: any/32 daddr: any netid/24 sport: any dport: 1434 ms-sql-m protocol: udp pkt size: 404bytes/pkt }. Figure 5 and Figure 6 illustrate the consecutive traffic anomalies on a link in CERNET when the latest large-scale network worm broke out on March 8th, 2003 [19]. The following packet pattern is one of the anomalous signatures detected by this agent. It accounts for 74.3% of the total inbound packets at about 3:00 P.M., and consumes network resources maliciously. Fig. 3 workflow of the monitoring agent IV. Monitoring Results In this section we present a sample of monitoring results to demonstrate its performance and capability of traffic anomaly detection. Figure 5 illustrate the sharp increase in link utilization when MS-SQL Slammer worm broke out globally at almost exact ly 13:30 P.M. (CST) on Saturday January 25th, 2003 [18]. Fig. 4 link utilization of a GigE (Slammer worm outbreak) Table 3: Packet Records of SQL Slammer Worm value saddr daddr / / /24 sport Fig 5 traffic mix of a GigE link Table 4: Packet Records of Worm value saddr

5 daddr / / /24 sport dport protocol 6(tcp) 6(t cp) 6(tcp) size timestamp :09: :09:01 interface nic1 nic1 nic :09:01 payload Packet record signature: {s addr: any/32 daddr: any netid/24 sport: any dport: 445 microsoft-ds protocol: tcp pkt size: 48bytes/pkt }. V. Cooperation with Other Systems Figure 6 shows how the monitoring agent cooperates harmoniously with NMS, IDS and ABS in CERNET. Fig. 6 agent cooperates with IDS, NMS and ABS VI. Conclusions We describe the CERNET passive monitoring agent that is capable of supporting Gigabit Ethernet data rate and presents its capabilities with several sample measurements in this paper. The advantages of this agent are as follows: 1) The design and implementation of it is suitable for deploying either on a SMP host or a tightly-coupled environment (cluster or server farm). 2) It equips a powerful collection engine for real-time packet capture on high -speed links. 3) It provides a daily traffic measurement report. 4) It performs packet pattern and flow-based traffic analysis on-line and off-line for network anomaly detection. 5) It adjusts dynamically the packet filter and classification rules, and flow filter rules for accurately identify network anomalies and attacks with great flexibility. 6) Its monitoring results are useful in many diverse systems such as IDS, NMS and ABS. VII. Ongoing and Future Work We are still devoting to enhance this agent s capability of finding novel filter rules and anomaly signatures with a formalized description scripts. However, the major part of our future work is to deploy much more monitoring agents throughout CERNET to detect, identify network anomalies and attacks, to correlate these which occur at different positions to study the possible context amongst them, and to depict dynamically the operational status of CERNET. References [1] W. Stallings. SNMP, SNMPv2, and SNMPv3, and RMON 1 and 2, Addison Wesley, 3 rd edition, [2] Tcpdump web page, [3] S. McCanne, V. Jacobson, The BSD Packet Filter: A New Architecture for User-level Packet Capture, In Proceedings of the Winter 1993 USENIX Conference, pp USENIX Association, January, [4] NetFlow services and applications. h/napps_wp.htm, 2002, Cisco white paper. [5] CoralReef web page. [6] CERNET. [7] T. McGregor, H. W. Braun, J. Brown, The NLANR Network Analysis Infrastructure, IEEE Communications, Vol. 38, No. 5, May, [8] C. Fraleigh, C. Diot, B. Lyles, S. Moon, P. Owezarski, D. Papagiannaki, F. Tobagi, Design and Deployment of a Passive Monitoring Infrastructure, Passive and Active Measurement Workshop (PAM) 2001, Amsterdam, The Netherlands, April, [9] Z. C. Li, H. Zhang, et al. Linuxflow: A High Speed Backbone Measurement Facility, accepted for Passive and Active Measurement Workshop (PAM) 2003, La Jolla, California, USA, April, [10] P. Gupta, N. Mckeown, Packet Classification on Multiple s, In Proceedings of ACM SIGCOMM 99, ACM, August, [11] P. Gupta, Algorithm for Routing Lookups and Packet Classification, Ph.D. Dissertation, Computer Science Department, Stanford University, December, [12] M. Degermark, A. Brodnik, S. Carlsson and S. Pink, Small Forwardin g Tables for Fast Routing Lookups, Proceedings of ACM SIGCOMM, pp3-14, October, [13] H. Zhang, G. Xu, Advanced Method for Detecting Unusual Behaviors on Networks in Real-Time, In Proceedings of ICCT-2000, Beijing, China, August, [14] H. Zhang, Z. M. Li, A Stream Pattern Based Live Traffic Analysis Model System in CERNET, In Proceedings of ISFST 2002, Wuhan, China, October, [15] G. M. Voelker, S. Savage, Inferring Internet Denial-of-Service Activity, USENIX Security Symposium, [16] L. Torvalds and Free Software Community. The Linux Kernel, September, [17] CERNET Network Time Service. December, [18] CERT Advisory CA MS-SQL Server Worm. January, 25, [19] CERT Advisory CA Increased Activity Targeting Windows Shares, March 11, 2003

Linuxflow: A High Speed Backbone Measurement Facility

Linuxflow: A High Speed Backbone Measurement Facility Linuxflow: A High Speed Backbone Measurement Facility ZhiChun Li (lizc@serv.edu.cn( lizc@serv.edu.cn) Hui Zhang (hzhang@cernet.edu.cn( hzhang@cernet.edu.cn) CERNET, Tsinghua Univ,, China CHINA EDUCATION

More information

Statistical Characteristics of Multicast Traffic on a National Backbone Network

Statistical Characteristics of Multicast Traffic on a National Backbone Network Statistical Characteristics of Multicast Traffic on a National Backbone Network Tao He, Xing Li, Jian Qiu Department of Electronic Engineering Tsinghua University, Beijing, 84, China Telephone: +86--6279255

More information

Linuxflow: A High Speed Backbone Measurement Facility

Linuxflow: A High Speed Backbone Measurement Facility Linuxflow: A High Speed Backbone Measurement Facility LI Zhichun, ZHANG Hui, YOU Yue, HE Tao lizc@serv.edu.cn hzhang@cernet.edu.cn China Education and Research Network Center (CERNET) Tsinghua University,

More information

Infrastructure for active and passive measurements at 10Gbps and beyond

Infrastructure for active and passive measurements at 10Gbps and beyond Infrastructure for active and passive measurements at 10Gbps and beyond Best Practice Document Produced by UNINETT led working group on network monitoring (UFS 142) Author: Arne Øslebø August 2014 1 TERENA

More information

Monitoring high-speed networks using ntop. Luca Deri

Monitoring high-speed networks using ntop. Luca Deri <deri@ntop.org> Monitoring high-speed networks using ntop Luca Deri 1 Project History Started in 1997 as monitoring application for the Univ. of Pisa 1998: First public release v 0.4 (GPL2) 1999-2002:

More information

Signature-aware Traffic Monitoring with IPFIX 1

Signature-aware Traffic Monitoring with IPFIX 1 Signature-aware Traffic Monitoring with IPFIX 1 Youngseok Lee, Seongho Shin, and Taeck-geun Kwon Dept. of Computer Engineering, Chungnam National University, 220 Gungdong Yusonggu, Daejon, Korea, 305-764

More information

Netflow Overview. PacNOG 6 Nadi, Fiji

Netflow Overview. PacNOG 6 Nadi, Fiji Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools

More information

The Architecture of NG-MON: a Passive Network Monitoring System for High-Speed IP Networks 1

The Architecture of NG-MON: a Passive Network Monitoring System for High-Speed IP Networks 1 The Architecture of NG-MON: a Passive Network Monitoring System for High-Speed IP Networks 1 Se-Hee Han 1, Myung-Sup Kim 2, Hong-Taek Ju 3 and James Won-Ki Hong 4 1,2,4 Department of Computer Science and

More information

ABSTRACT 1.1 MEASUREMENT APPROACHES 1. INTRODUCTION 2. OCXMON/CORAL PASSIVE MONITORING OF INTERNET TRAFFIC AT SUPERCOMPUTING 98

ABSTRACT 1.1 MEASUREMENT APPROACHES 1. INTRODUCTION 2. OCXMON/CORAL PASSIVE MONITORING OF INTERNET TRAFFIC AT SUPERCOMPUTING 98 PASSIVE MONITORING OF INTERNET TRAFFIC AT SUPERCOMPUTING 98 Brynjar Åge Viken e mail: brynjar@item.ntnu.no, bviken@nlanr.net National Laboratory for Applied Network Research, Measurement and Operations

More information

The SCAMPI Scaleable Monitoring Platform for the Internet. Baiba Kaskina TERENA baiba@terena.nl

The SCAMPI Scaleable Monitoring Platform for the Internet. Baiba Kaskina TERENA baiba@terena.nl The SCAMPI Scaleable Monitoring Platform for the Internet Baiba Kaskina TERENA baiba@terena.nl Agenda Project overview Project objectives Project partners Work packages Technical information SCAMPI architecture

More information

ECE 578 Term Paper Network Security through IP packet Filtering

ECE 578 Term Paper Network Security through IP packet Filtering ECE 578 Term Paper Network Security through IP packet Filtering Cheedu Venugopal Reddy Dept of Electrical Eng and Comp science Oregon State University Bin Cao Dept of electrical Eng and Comp science Oregon

More information

Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

More information

Network Management & Monitoring

Network Management & Monitoring Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring

More information

Network Monitoring and Management NetFlow Overview

Network Monitoring and Management NetFlow Overview Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

Research on Errors of Utilized Bandwidth Measured by NetFlow

Research on Errors of Utilized Bandwidth Measured by NetFlow Research on s of Utilized Bandwidth Measured by NetFlow Haiting Zhu 1, Xiaoguo Zhang 1,2, Wei Ding 1 1 School of Computer Science and Engineering, Southeast University, Nanjing 211189, China 2 Electronic

More information

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to

More information

Open Source in Network Administration: the ntop Project

Open Source in Network Administration: the ntop Project Open Source in Network Administration: the ntop Project Luca Deri 1 Project History Started in 1997 as monitoring application for the Univ. of Pisa 1998: First public release v 0.4 (GPL2) 1999-2002:

More information

TICKETing High-Speed Traffic with Commodity Hardware and Software

TICKETing High-Speed Traffic with Commodity Hardware and Software TICKETing High-Speed Traffic with Commodity Hardware and Software Eric Weigle and Wu-chun Feng {ehw, feng}@lanl.gov Computer & Computational Sciences Division Department of Computer & Information Science

More information

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to

More information

Packet Flow Analysis and Congestion Control of Big Data by Hadoop

Packet Flow Analysis and Congestion Control of Big Data by Hadoop Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 6, June 2015, pg.456

More information

Page 1. Outline EEC 274 Internet Measurements & Analysis. Traffic Measurements. Motivations. Applications

Page 1. Outline EEC 274 Internet Measurements & Analysis. Traffic Measurements. Motivations. Applications Outline EEC 274 Internet Measurements & Analysis Spring Quarter, 2006 Traffic Measurements Traffic measurements What metrics are we interested in? Measurement and analysis methodologies Traffic characterization

More information

packet retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.

packet retransmitting based on dynamic route table technology, as shown in fig. 2 and 3. Implementation of an Emulation Environment for Large Scale Network Security Experiments Cui Yimin, Liu Li, Jin Qi, Kuang Xiaohui National Key Laboratory of Science and Technology on Information System

More information

Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor

Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor -0- Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor Lambert Schaelicke, Matthew R. Geiger, Curt J. Freeland Department of Computer Science and Engineering University

More information

Introduction to Netflow

Introduction to Netflow Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)

More information

Chuck Cranor, Ted Johnson, Oliver Spatscheck

Chuck Cranor, Ted Johnson, Oliver Spatscheck Gigascope: How to monitor network traffic 5Gbit/sec at a time. Chuck Cranor, Ted Johnson, Oliver Spatscheck June, 2003 1 Outline Motivation Illustrative applications Gigascope features Gigascope technical

More information

IP Network Monitoring and Measurements: Techniques and Experiences

IP Network Monitoring and Measurements: Techniques and Experiences IP Network Monitoring and Measurements: Techniques and Experiences Philippe Owezarski LAAS-CNRS Toulouse, France Owe@laas.fr 1 Outline 4 Introduction 4 Monitoring problematic 8Only based on network administration

More information

NETI@home: A Distributed Approach to Collecting End-to-End Network Performance Measurements

NETI@home: A Distributed Approach to Collecting End-to-End Network Performance Measurements NETI@home: A Distributed Approach to Collecting End-to-End Network Performance Measurements Charles Robert Simpson, Jr. and George F. Riley Georgia Institute of Technology (Georgia Tech), Atlanta Georgia,

More information

Enabling Open-Source High Speed Network Monitoring on NetFPGA

Enabling Open-Source High Speed Network Monitoring on NetFPGA Network Operations and Management Symposium (NOMS) 2012 Enabling Open-Source High Speed Network Monitoring on NetFPGA Gianni Antichi, Stefano Giordano Email: @iet.unipi.it Department of Information

More information

Monitoring Large Flows in Network

Monitoring Large Flows in Network Monitoring Large Flows in Network Jing Li, Chengchen Hu, Bin Liu Department of Computer Science and Technology, Tsinghua University Beijing, P. R. China, 100084 { l-j02, hucc03 }@mails.tsinghua.edu.cn,

More information

3. MONITORING AND TESTING THE ETHERNET NETWORK

3. MONITORING AND TESTING THE ETHERNET NETWORK 3. MONITORING AND TESTING THE ETHERNET NETWORK 3.1 Introduction The following parameters are covered by the Ethernet performance metrics: Latency (delay) the amount of time required for a frame to travel

More information

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate

More information

High-Performance IP Service Node with Layer 4 to 7 Packet Processing Features

High-Performance IP Service Node with Layer 4 to 7 Packet Processing Features UDC 621.395.31:681.3 High-Performance IP Service Node with Layer 4 to 7 Packet Processing Features VTsuneo Katsuyama VAkira Hakata VMasafumi Katoh VAkira Takeyama (Manuscript received February 27, 2001)

More information

IBM QRadar Security Intelligence Platform appliances

IBM QRadar Security Intelligence Platform appliances IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event

More information

Extensible Network Configuration and Communication Framework

Extensible Network Configuration and Communication Framework Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood Applied Research Laboratory Department of Computer Science and Engineering: Washington University in Saint Louis

More information

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Martin Elich 1,3, Matěj Grégr 1,2 and Pavel Čeleda1,3 1 CESNET, z.s.p.o., Prague, Czech Republic 2 Brno University of Technology,

More information

QRadar Security Intelligence Platform Appliances

QRadar Security Intelligence Platform Appliances DATASHEET Total Security Intelligence An IBM Company QRadar Security Intelligence Platform Appliances QRadar Security Intelligence Platform appliances combine typically disparate network and security management

More information

Characteristics of Network Traffic Flow Anomalies

Characteristics of Network Traffic Flow Anomalies Characteristics of Network Traffic Flow Anomalies Paul Barford and David Plonka I. INTRODUCTION One of the primary tasks of network administrators is monitoring routers and switches for anomalous traffic

More information

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate

More information

An apparatus for P2P classification in Netflow traces

An apparatus for P2P classification in Netflow traces An apparatus for P2P classification in Netflow traces Andrew M Gossett, Ioannis Papapanagiotou and Michael Devetsikiotis Electrical and Computer Engineering, North Carolina State University, Raleigh, USA

More information

Case Study: Instrumenting a Network for NetFlow Security Visualization Tools

Case Study: Instrumenting a Network for NetFlow Security Visualization Tools Case Study: Instrumenting a Network for NetFlow Security Visualization Tools William Yurcik* Yifan Li SIFT Research Group National Center for Supercomputing Applications (NCSA) University of Illinois at

More information

50. DFN Betriebstagung

50. DFN Betriebstagung 50. DFN Betriebstagung IPS Serial Clustering in 10GbE Environment Tuukka Helander, Stonesoft Germany GmbH Frank Brüggemann, RWTH Aachen Slide 1 Agenda Introduction Stonesoft clustering Firewall parallel

More information

A Collaborative Network Security Management System in Metropolitan Area Network

A Collaborative Network Security Management System in Metropolitan Area Network A Collaborative Network Security Management System in Metropolitan Area Network Beipeng Mu and Xinming Chen Department of Automation Tsinghua University Beijing, China Email: {mbp7, chen-xm}@mails.tsinghua.edu.cn

More information

White Paper. Intrusion Detection Deploying the Shomiti Century Tap

White Paper. Intrusion Detection Deploying the Shomiti Century Tap White Paper Intrusion Detection Deploying the Shomiti Century Tap . Shomiti Tap Deployment Purpose of this Paper The scalability of Intrusion Detection Systems (IDS) is often an issue when deploying an

More information

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY SEPTEMBER 2004 1 Overview Challenge To troubleshoot capacity and quality problems and to understand

More information

Quantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking

Quantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking Quantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking Burjiz Soorty School of Computing and Mathematical Sciences Auckland University of Technology Auckland, New Zealand

More information

Network Virtualization Based on Flows

Network Virtualization Based on Flows TERENA NETWORKING CONFERENCE 2009 June 9, 2009 Network Virtualization Based on Flows Peter Sjödin Markus Hidell, Georgia Kontesidou, Kyriakos Zarifis KTH Royal Institute of Technology, Stockholm Outline

More information

Distributed RAID Architectures for Cluster I/O Computing. Kai Hwang

Distributed RAID Architectures for Cluster I/O Computing. Kai Hwang Distributed RAID Architectures for Cluster I/O Computing Kai Hwang Internet and Cluster Computing Lab. University of Southern California 1 Presentation Outline : Scalable Cluster I/O The RAID-x Architecture

More information

A Protocol Based Packet Sniffer

A Protocol Based Packet Sniffer Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 3, March 2015,

More information

Autonomous NetFlow Probe

Autonomous NetFlow Probe Autonomous Ladislav Lhotka lhotka@cesnet.cz Martin Žádník xzadni00@stud.fit.vutbr.cz TF-CSIRT meeting, September 15, 2005 Outline 1 2 Specification Hardware Firmware Software 3 4 Short-term fixes Test

More information

Network congestion control using NetFlow

Network congestion control using NetFlow Network congestion control using NetFlow Maxim A. Kolosovskiy Elena N. Kryuchkova Altai State Technical University, Russia Abstract The goal of congestion control is to avoid congestion in network elements.

More information

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B. ICND2 NetFlow Question 1 What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring B. Network Planning C. Security Analysis D. Accounting/Billing Answer: A C D NetFlow

More information

The Lagopus SDN Software Switch. 3.1 SDN and OpenFlow. 3. Cloud Computing Technology

The Lagopus SDN Software Switch. 3.1 SDN and OpenFlow. 3. Cloud Computing Technology 3. The Lagopus SDN Software Switch Here we explain the capabilities of the new Lagopus software switch in detail, starting with the basics of SDN and OpenFlow. 3.1 SDN and OpenFlow Those engaged in network-related

More information

Bro at 10 Gps: Current Testing and Plans

Bro at 10 Gps: Current Testing and Plans U.S. Department of Energy Bro at 10 Gps: Current Testing and Plans Office of Science Brian L. Tierney Lawrence Berkeley National Laboratory Bro s Use at LBL Operational 24 7 since 1996 Monitors traffic

More information

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes NetFlow Aggregation This document describes the Cisco IOS NetFlow Aggregation feature, which allows Cisco NetFlow users to summarize NetFlow export data on an IOS router before the data is exported to

More information

An Infrastructure for Passive Network Monitoring of Application Data Streams

An Infrastructure for Passive Network Monitoring of Application Data Streams An Infrastructure for Passive Network Monitoring of Application Data Streams Deb Agarwal, José María González, Goujun Jin, Brian Tierney Computing Sciences Directorate Lawrence Berkeley National Laboratory

More information

Sockets vs. RDMA Interface over 10-Gigabit Networks: An In-depth Analysis of the Memory Traffic Bottleneck

Sockets vs. RDMA Interface over 10-Gigabit Networks: An In-depth Analysis of the Memory Traffic Bottleneck Sockets vs. RDMA Interface over 1-Gigabit Networks: An In-depth Analysis of the Memory Traffic Bottleneck Pavan Balaji Hemal V. Shah D. K. Panda Network Based Computing Lab Computer Science and Engineering

More information

A HYBRID RULE BASED FUZZY-NEURAL EXPERT SYSTEM FOR PASSIVE NETWORK MONITORING

A HYBRID RULE BASED FUZZY-NEURAL EXPERT SYSTEM FOR PASSIVE NETWORK MONITORING A HYBRID RULE BASED FUZZY-NEURAL EXPERT SYSTEM FOR PASSIVE NETWORK MONITORING AZRUDDIN AHMAD, GOBITHASAN RUDRUSAMY, RAHMAT BUDIARTO, AZMAN SAMSUDIN, SURESRAWAN RAMADASS. Network Research Group School of

More information

Enabling Technologies for Distributed Computing

Enabling Technologies for Distributed Computing Enabling Technologies for Distributed Computing Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF Multi-core CPUs and Multithreading Technologies

More information

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected

More information

Limitations of Packet Measurement

Limitations of Packet Measurement Limitations of Packet Measurement Collect and process less information: Only collect packet headers, not payload Ignore single packets (aggregate) Ignore some packets (sampling) Make collection and processing

More information

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of

More information

OpenFlow with Intel 82599. Voravit Tanyingyong, Markus Hidell, Peter Sjödin

OpenFlow with Intel 82599. Voravit Tanyingyong, Markus Hidell, Peter Sjödin OpenFlow with Intel 82599 Voravit Tanyingyong, Markus Hidell, Peter Sjödin Outline Background Goal Design Experiment and Evaluation Conclusion OpenFlow SW HW Open up commercial network hardware for experiment

More information

Cisco Performance Visibility Manager 1.0.1

Cisco Performance Visibility Manager 1.0.1 Cisco Performance Visibility Manager 1.0.1 Cisco Performance Visibility Manager (PVM) is a proactive network- and applicationperformance monitoring, reporting, and troubleshooting system for maximizing

More information

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 1 内 容 流 量 分 析 简 介 IPv6 下 的 新 问 题 和 挑 战 协 议 格 式 变 更 用 户 行 为 特 征 变 更 安 全 问 题 演 化 流 量 导 出 手 段 变 化 设 备 参 考 配 置 流 量 工 具 总 结 2 流 量 分 析 简 介 流 量 分 析 目 标 who, what, where,

More information

Internet Traffic Measurement

Internet Traffic Measurement Internet Traffic Measurement Internet Traffic Measurement Network Monitor Placement Measurement Analysis Tools Measurement Result Reporting Probing Mechanism Vantage Points Edge vs Core Hardware vs Software

More information

DiCAP: Distributed Packet Capturing Architecture for High-Speed Network Links

DiCAP: Distributed Packet Capturing Architecture for High-Speed Network Links DiCAP: Distributed Packet Capturing Architecture for High-Speed Network Links Cristian Morariu, Burkhard Stiller Communication Systems Group CSG, Department of Informatics IFI, University of Zürich Binzmühlestrasse

More information

QRadar Security Management Appliances

QRadar Security Management Appliances QRadar Security Management Appliances Q1 Labs QRadar network security management appliances and related software provide enterprises with an integrated framework that combines typically disparate network

More information

Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Analysis Versus Packet Analysis. What Should You Choose? Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation

More information

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2 1 ISTANBUL 1.1 MPLS overview 1 1.1.1 Principle Use of a ATM core network 2 Overlay Network One Virtual Circuit per communication No routing protocol Scalability problem 2 1.1.1 Principle Weakness of overlay

More information

nfdump and NfSen 18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH

nfdump and NfSen 18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH 18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH Some operational questions, popping up now and then: Do you see this peek on port 445 as well? What caused this peek on your

More information

Layer 3 Network + Dedicated Internet Connectivity

Layer 3 Network + Dedicated Internet Connectivity Layer 3 Network + Dedicated Internet Connectivity Client: One of the IT Departments in a Northern State Customer's requirement: The customer wanted to establish CAN connectivity (Campus Area Network) for

More information

Putting it on the NIC: A Case Study on application offloading to a Network Interface Card (NIC)

Putting it on the NIC: A Case Study on application offloading to a Network Interface Card (NIC) This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE CCNC 2006 proceedings. Putting it on the NIC: A Case Study on application

More information

Local-Area Network -LAN

Local-Area Network -LAN Computer Networks A group of two or more computer systems linked together. There are many [types] of computer networks: Peer To Peer (workgroups) The computers are connected by a network, however, there

More information

Observer Probe Family

Observer Probe Family Observer Probe Family Distributed analysis for local and remote networks Monitor and troubleshoot vital network links in real time from any location Network Instruments offers a complete line of software

More information

Design Issues in a Bare PC Web Server

Design Issues in a Bare PC Web Server Design Issues in a Bare PC Web Server Long He, Ramesh K. Karne, Alexander L. Wijesinha, Sandeep Girumala, and Gholam H. Khaksari Department of Computer & Information Sciences, Towson University, 78 York

More information

Gigabit Ethernet Design

Gigabit Ethernet Design Gigabit Ethernet Design Laura Jeanne Knapp Network Consultant 1-919-254-8801 laura@lauraknapp.com www.lauraknapp.com Tom Hadley Network Consultant 1-919-301-3052 tmhadley@us.ibm.com HSEdes_ 010 ed and

More information

A Catechistic Method for Traffic Pattern Discovery in MANET

A Catechistic Method for Traffic Pattern Discovery in MANET A Catechistic Method for Traffic Pattern Discovery in MANET R. Saranya 1, R. Santhosh 2 1 PG Scholar, Computer Science and Engineering, Karpagam University, Coimbatore. 2 Assistant Professor, Computer

More information

D1.2 Network Load Balancing

D1.2 Network Load Balancing D1. Network Load Balancing Ronald van der Pol, Freek Dijkstra, Igor Idziejczak, and Mark Meijerink SARA Computing and Networking Services, Science Park 11, 9 XG Amsterdam, The Netherlands June ronald.vanderpol@sara.nl,freek.dijkstra@sara.nl,

More information

Approaching Real-time Network Traffic Classification

Approaching Real-time Network Traffic Classification 22 Approaching Real-time Network Traffic Classification ISSN 1470-5559 Wei Li, Kaysar Abdin, Robert Dann and Andrew Moore RR-06-12 October 2006 Department of Computer Science Approaching Real-time Network

More information

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent? What is Network Agent? The Websense Network Agent software component uses sniffer technology to monitor all of the internet traffic on the network machines that you assign to it. Network Agent filters

More information

Building Secure Network Infrastructure For LANs

Building Secure Network Infrastructure For LANs Building Secure Network Infrastructure For LANs Yeung, K., Hau; and Leung, T., Chuen Abstract This paper discusses the building of secure network infrastructure for local area networks. It first gives

More information

SAN Conceptual and Design Basics

SAN Conceptual and Design Basics TECHNICAL NOTE VMware Infrastructure 3 SAN Conceptual and Design Basics VMware ESX Server can be used in conjunction with a SAN (storage area network), a specialized high speed network that connects computer

More information

GR2000: a Gigabit Router for a Guaranteed Network

GR2000: a Gigabit Router for a Guaranteed Network Hitachi Review Vol. 48 (1999), No. 4 203 GR2000: a Gigabit Router for a Guaranteed Network Kazuo Sugai Yoshihito Sako Takeshi Aimoto OVERVIEW: Driven by the progress of the information society, corporate

More information

New!! - Higher performance for Windows and UNIX environments

New!! - Higher performance for Windows and UNIX environments New!! - Higher performance for Windows and UNIX environments The IBM TotalStorage Network Attached Storage Gateway 300 (NAS Gateway 300) is designed to act as a gateway between a storage area network (SAN)

More information

Throughput logging tool written in C. Can t simply do full packet captures for everything because of size and ethics

Throughput logging tool written in C. Can t simply do full packet captures for everything because of size and ethics Michel Laterman We have a monitor set up that receives a mirror from the edge routers Monitor uses an ENDACE DAG 8.1SX card (10Gbps) & Bro to record connection level info about network usage Can t simply

More information

Hadoop Technology for Flow Analysis of the Internet Traffic

Hadoop Technology for Flow Analysis of the Internet Traffic Hadoop Technology for Flow Analysis of the Internet Traffic Rakshitha Kiran P PG Scholar, Dept. of C.S, Shree Devi Institute of Technology, Mangalore, Karnataka, India ABSTRACT: Flow analysis of the internet

More information

OpenFlow Based Load Balancing

OpenFlow Based Load Balancing OpenFlow Based Load Balancing Hardeep Uppal and Dane Brandon University of Washington CSE561: Networking Project Report Abstract: In today s high-traffic internet, it is often desirable to have multiple

More information

The new frontier of the DATA acquisition using 1 and 10 Gb/s Ethernet links. Filippo Costa on behalf of the ALICE DAQ group

The new frontier of the DATA acquisition using 1 and 10 Gb/s Ethernet links. Filippo Costa on behalf of the ALICE DAQ group The new frontier of the DATA acquisition using 1 and 10 Gb/s Ethernet links Filippo Costa on behalf of the ALICE DAQ group DATE software 2 DATE (ALICE Data Acquisition and Test Environment) ALICE is a

More information

NetFlow Analysis with MapReduce

NetFlow Analysis with MapReduce NetFlow Analysis with MapReduce Wonchul Kang, Yeonhee Lee, Youngseok Lee Chungnam National University {teshi85, yhlee06, lee}@cnu.ac.kr 2010.04.24(Sat) based on "An Internet Traffic Analysis Method with

More information

Introduction to Passive Network Traffic Monitoring

Introduction to Passive Network Traffic Monitoring Introduction to Passive Network Traffic Monitoring CS459 ~ Internet Measurements Spring 2015 Despoina Antonakaki antonakd@csd.uoc.gr Active Monitoring Inject test packets into the network or send packets

More information

Network Based Intrusion Detection Using Honey pot Deception

Network Based Intrusion Detection Using Honey pot Deception Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.

More information

VON/K: A Fast Virtual Overlay Network Embedded in KVM Hypervisor for High Performance Computing

VON/K: A Fast Virtual Overlay Network Embedded in KVM Hypervisor for High Performance Computing Journal of Information & Computational Science 9: 5 (2012) 1273 1280 Available at http://www.joics.com VON/K: A Fast Virtual Overlay Network Embedded in KVM Hypervisor for High Performance Computing Yuan

More information

SMARTxAC: A Passive Monitoring and Analysis System for High-Speed Networks

SMARTxAC: A Passive Monitoring and Analysis System for High-Speed Networks SMARTxAC: A Passive Monitoring and Analysis System for High-Speed Networks Pere Barlet-Ros, Josep Solé-Pareta, Javier Barrantes, Eva Codina, Jordi Domingo-Pascual Advanced Broadband Communications Center

More information

Analysis of Automated Model against DDoS Attacks

Analysis of Automated Model against DDoS Attacks Analysis of Automated Model against DDoS Attacks Udaya Kiran Tupakula Vijay Varadharajan Information and Networked Systems Security Research Division of Information and Communication Sciences Macquarie

More information

The Fundamentals of Intrusion Prevention System Testing

The Fundamentals of Intrusion Prevention System Testing The Fundamentals of Intrusion Prevention System Testing New network-based Intrusion Prevention Systems (IPS) complement traditional security products to provide enterprises with unparalleled protection

More information

Q1 Labs Inc. 15 Piedmont Center, suite 1040 Atlanta, Georgia 30305 USA +1-877-471-5227 info@q1labs.com www.q1labs.com

Q1 Labs Inc. 15 Piedmont Center, suite 1040 Atlanta, Georgia 30305 USA +1-877-471-5227 info@q1labs.com www.q1labs.com 1. Name of the Technology and the Corporation supporting it Product: Company: RFI Contact: QVISION Q1 Labs Inc. 15 Piedmont Center, suite 1040 Atlanta, Georgia 30305 USA +1-877-471-5227 info@q1labs.com

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs

and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs ICmyNet.Flow: NetFlow based traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF Faculty

More information