High Speed Networks Budapest University of Technology and Economics High Speed Networks Laboratory Monitoring Network.

Slides:

Advertisements

Similar presentations

Fraunhofer FOKUS 2007 VoIP Defender The Future of VoIP Protection Fraunhofer FOKUS Institute, Germany.

Advertisements

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Guide to Network Defense and Countermeasures Second Edition

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Network Certification Preparation. Module - 1 Communication methods OSI reference model and layered communication TCP/IP model TCP and UDP IP addressing.

Net Neutrality Content Providers vs. ISP vs. Consumers Blake Wright.

CSE534 – Fundamentals of Computer Networks Lecture 16: Traffic Shaping + Net Neutrality Created by P. Gill Spring 2014, updated Spring 2015.

Module 5: Configuring Access to Internal Resources.

Tussle in cyberspace: Defining tomorrow ’ s internet (2002) D.Clark, J. Wroclawski, K. Sollins & R. Braden Presented by: Gergely Biczok (Slides in courtesy.

Firewalls and Intrusion Detection Systems

Introduction1-1 Introduction to Computer Networks Our goal:  get “feel” and terminology  more depth, detail later in course  approach:  use Internet.

Understanding the Network and User-Targeting Properties of Web Advertising Networks Yong Wang 1,2 Daniel Burgener 1 Aleksandar Kuzmanovic 1 Gabriel Maciá-Fernández.

1: Introduction1 Protocol “Layers” Networks are complex! r many “pieces”: m hosts m routers m links of various media m applications m protocols m hardware,

Phalanx: Withstanding (?) Multimillion-Node (?) Botnets Paper by Colin Dixon, Thomas Anderson and Arvind Krishnamurthy NSDI ‘08 ?? by Mark Ison and Gergely.

Web server security Dr Jim Briggs WEBP security1.

Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Fundamentals of Computer Networks ECE 478/578 Lecture #2 Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University of Arizona.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Chapter 1 Introduction Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

Network Planète Chadi Barakat

MPlane – Building an Intelligent Measurement Plane for the Internet Maurizio Dusi – NEC Laboratories Europe NSF Workshop on perfSONAR.

Association of Communications Engineers Corralling the Broadband Stampede May 7 – 9, 2012 Fort Worth, Texas.

Intranet, Extranet, Firewall. Intranet and Extranet.

FIREWALL Mạng máy tính nâng cao-V1.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

NET NEUTRALITY A primer. Network Neutrality The promise of the Internet Means networks should be dumb Because for once, dumb is good: – Dumb networks.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

1: Introduction1 Internet History r 1961: Kleinrock - queueing theory shows effectiveness of packet- switching r 1964: Baran - packet- switching in military.

The Parrot is Dead: Observing Unobservable Network Communications

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.

On the processing time for detection of Skype traffic P.M. Santiago del Río, J. Ramos, J.L. García-Dorado, J. Aracil Universidad Autónoma de Madrid A.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.

Heuristics to Classify Internet Backbone Traffic based on Connection Patterns Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering.

Introduction1-1 Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 1 Omar Meqdadi Department of Computer Science and Software Engineering.

Application Block Diagram III. SOFTWARE PLATFORM Figure above shows a network protocol stack for a computer that connects to an Ethernet network and.

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.

CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.

Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007.

Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF

ICS-FORTH WISDOM Workpackage 3: New security algorithm design FORTH-ICS Update and plans for the next six months Heraklion, 4 th June 2007.

Skynet: A Cloud-Based Data Transfer Architecture Aleksandar Kuzmanovic

CS 3043 Social Implications Of Computing Keith A. Pray Instructor socialimps.keithpray.net CLASS 14 LAST DAY © 2015 Keith A. Pray.

Issues in New Media: Net Neutrality. What is “net neutrality?” What is Net Neutrality? (Video)(Video) Net Neutrality (Video)(Video) Save the Internet!

Web Security Introduction (Some of the slides were adapted from Oppliger’s online slides at

Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.

Role Of Network IDS in Network Perimeter Defense.

Transport layer identification of P2P traffic Victor Gau Yi-Hsien Wang

Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.

Deep Packet Inspection. Definition Uses Privacy Concerns Neutrality Concerns.

@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.

September 2009Network Neutrality – the Norwegian ApproachPage 1 Network Neutrality – the Norwegian Approach Senior Adviser Frode Soerensen Norwegian Post.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Net Neutrality and Quality of Service. OVERVIEW Transparency and more strict regulation IAS versus specialized services NN and monitoring of overall IAS.

The FUTURE OF the internet

Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)

Securing the Network Perimeter with ISA 2004

Monitoring Network Bias

Packet Sniffing.

* Essential Network Security Book Slides.

File Transfer Issues with TCP Acceleration with FileCatalyst

Firewalls Jiang Long Spring 2002.

Protocol Application TCP/IP Layer Model

Transport Layer Identification of P2P Traffic

Presentation transcript:

High Speed Networks Budapest University of Technology and Economics High Speed Networks Laboratory Monitoring Network Bias A joint project with Prof. Aleksandar Kuzmanovic (Northwestern University) Supported by NSF CAREER Award No Gergely Biczók PhD Candidate

High Speed Networks Laboratory | | FuturICT Outline Motivation: network neutrality Internet Audit System design Implementation Future work

High Speed Networks Laboratory | | FuturICT Net neutrality: basics “… a network free of restrictions on equipment, modes of communication allowed, on content, sites, and platforms and where communication is not unreasonably degraded by other communication streams …” – Wikipedia Own definition: you get what you asked/paid for not less (e.g. blocking some websites) not more (e.g. ISP-embedded content to websites) Debate in public, struggle in legislation, war in the Internet Pro net neutrality: content providers (e.g., Google) and freedom activists Anti net neutrality: Internet Service Providers (with infrastructure, e.g., AT&T)

High Speed Networks Laboratory | | FuturICT Net Neutrality: incentives and history (Access) ISPs have incentives to violate NN “Resource management” (Comcast) Potential side deals with content providers (AT&T) Larger profit through own proprietary services (blocking Skype in favor of own VoIP service) 2005: FCC enforcing net neutrality involving Madison River Communications that blocked Vonage VoIP 2006: China using Narus middleboxes to block Skype 2007: Comcast actively poisoning BitTorrent uploads 2008: YouTube outage, routing black hole caused by Pakistani ISP’s regulatory policy 2009: BitTorrent portals are blocked around the world 2005-: Rogers (Canada) blocks/shapes P2P, shapes all encrypted (!) traffic, forces users to its own SMTP servers, embed own content (!) into third-party webpages, …

High Speed Networks Laboratory | | FuturICT Internet Audit Goal: not to take sides in the net neutrality debate, but rather to design a system capable of making the Internet more transparent A distributed system to enable network accountability: What happened, where did it happen, and who is responsible? Challenges: Non-repudiable identification of discriminating network elements Detect unfair service favoring, e.g., content provider/ISP alliances Explore a range of threat models from open DoS attacks to using network policies in destructive ways First step: monitoring biased network behavior provide the users with information

High Speed Networks Laboratory | | FuturICT Monitoring network bias An active measurement system which is Distributed Large-scale For all end-users Targeting access ISPs Capable of Detecting DPI, blocking, shaping, DNS hijacking, … Locating the discriminatory network element Finding out the subtype of biased behavior (e.g., shaping based on DPI vs. shaping) Provides an online service for end-users With feedback

High Speed Networks Laboratory | | FuturICT System overview

High Speed Networks Laboratory | | FuturICT Measurement methodology Collect reported/possible means of discrimination applied by ISPs Create active probes that likely trigger these mechanism We mostly emulate application/protocols e.g., BitTorrent-like traffic pattern without implementing a client Minimal user action is required Filtering Shaping (HTTP, FTP, SSL, BitTorrent) WWW bias (DNS hijacking, torrent portal blocking, …) Locating middleboxes By executing probes from multiple vantage points to the same end-host Correlating results Vantage point selection is critical (IP/geo, iPlane)

High Speed Networks Laboratory | | FuturICT Filtering details Port-based Sending packets with random payload to well-defined ports Signature-based Deep Packet Inspection List of byte signatures for applications/protocols We derived a list based on open-source DPI: ipp2p, l7-filter protocol definitions own packet traces Flow-pattern based for P2P applications Header inspection plus spatial correlation of flows Random payload Data exchange: Parallel TCP connections from the same IP to several others in a port range Control: Parallel UDP connections from the same IP to different IPs to the same port With the correct order of probes the subtype can be determined

High Speed Networks Laboratory | | FuturICT Implementation issues PlanetLab is widely used De facto standard test network Lot of users, slice-based access, ~20 active slices on one node Nodes go down at times M-Lab: dedicated to network transparency research Founded by: Open Technology Institute, Google, PlanetLab Consortium and researchers Administered by PlanetLab Limited number of users, ~1 slice per CPU core Ideal for active probing We are deploying our system to both platforms currently

High Speed Networks Laboratory | | FuturICT Conduct a large-scale measurement campaign Evaluate and draw the global map of biased network behavior More on the Internet Audit project at NetBias tool will be available at the M-Lab website soon Future work Thank you for your attention!