Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

The VPN-Alyzer When Collecting SNMP and Netflow isnt practical.
Internet Protocol How does information get sent from one device to another across a WAN?
SDN Abstractions. In an SDN Ideal World, we want… multiple applications (Composition): – So, need to worry about sharing. – About isolation. Network policies.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
TCP for today’s Web. Connections today Web-page > 300KB but objects are small 7.5KB -2.4KB [25] lots of small objects in a page. Implication: TCP Handshake.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
UNITS meeting September 30, 2004 Network Security Roger Safian
Web server security Dr Jim Briggs WEBP security1.
Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.
Computer Network (MASQ/NAT/PROXY)
Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.
Q and A, Ch. 21 IS333, Spring 2015 Victor Norman.
Department Of Computer Engineering
Firewalls. Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP.
SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –
Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Network Flow-Based Anomaly Detection of DDoS Attacks Vassilis Chatzigiannakis National Technical University of Athens, Greece TNC.
Packets and Protocols Recognizing Attacks with the protocol analyzer.
CTSP TRAINING Router 101 And Networking Basics. You Don’t Need Internet Access to Run or Connect your devices to an Ethernet switch or Router Enable DHCP.
Network Hardware. Where does internet come from?
 Internet Regulation  Some people think that Internet Regulations and Business exchange are the same. That is why many consider this a controversial.
CIS 450 – Network Security Chapter 3 – Information Gathering.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
CIS 3360: Internet: Network Layer Introduction Cliff Zou Spring 2012.
Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
MENU Implications of Securing Router Infrastructure NANOG 31 May 24, 2004 Ryan McDowell
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Firewall Security.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Karlstad University Firewall Ge Zhang. Karlstad University A typical network topology Threats example –Back door –Port scanning –…–…
BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.
1 Defense Strategies for DDoS Attacks Steven M. Bellovin
Networks Part 3: Packet Paths + Wireshark NYU-Poly: HSWP Instructor: Mandy Galante.
CCDA DESCRIBE THE METHODOLOGY USED TO DESIGN A NETWORK.
Firewalls Original slides prepared by Theo Benson.
NETWORK LOAD BALANCING (NLB) Microsoft Windows Server 2003 By Mohammad Alsawwaf ITEC452 Supervised By: Dr. Lee RADFORD UNIVERSITY.
DoS/DDoS attack and defense
IP Addressing.
NetVizura A network traffic analysis tool. Agenda Why NetVizura is needed How NetVizura works Where NetVizura is deployed Use cases.
Firewalls Fighting Spyware, Viruses, and Malware Ch 5.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Plane Verification COS 597E: Software Defined Networking.
What you need to know.  Each TDI vessel is equipped with satellite communications that supplies a LOW BANDWIDTH internet connection. Even though the.
Interconnecting Cisco Networking Devices Part 1 Pass4sureusa Pass4sure.
Computer Networks 0110-IP Gergely Windisch
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Introduction to Information Security
Intro to Networks (part 1)
Original slides prepared by Theo Benson
Lab A: Planning an Installation
Link Layer 5.1 Introduction and services
Hiding Network Computers Gateways
* Essential Network Security Book Slides.
Design Unit 26 Design a small or home office network
Firewalls Routers, Switches, Hubs VPNs
Network Topologies Charles Warren.
Memento: Making Sliding Windows Efficient for Heavy Hitters
Presentation transcript:

Measurement in Networks & SDN Applications

Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone getting DDoS-ed? Who is getting traffic for a naughty website? How many people have downloaded from a naughty site? Which links have the most bytes

Port Scan Try to find vulnerability in a host – Idea scan all the ports on the host to see which are open A scan: a small hello packet to see if host responds – After finding the open port you can perform other attacks

DDoS Try to attack a host/server – Make sure the server can’t respond to anyone else – Send it a bunch of traffic until out of memory – Send it a bunch of traffic until no more bandwidth DoS: attack the server from one machine DDoS: attack the server from many machines – Harder to defend against.

How do we measure things? Switches count bytes/packets – NetFlow/sFlow: # bytes/packets per flow To scale: samples packets and performs calculations based on samples. – 1 in ever n packets Implications: don’t see all packets. – SNMP: # bytes/packets per link

Interesting Questions Who is sending a lot to a subnet? Is someone doing a port Scan? Is someone getting DDoS-ed? Who is getting traffic for a naughty website? How many people have downloaded from a naughty site? Which links have the most bytes? Netflow SNMP

Why can’t questions be answered? When you sample  you miss packets. – Increasing the sampling rate leads to huge resource overheads. So can’t answer questions: – You miss the packets when you check sampling – Is someone doing a port Scan? Is there a short lived connection from one server to many ports on another server? – Is someone doing a DDoS? Is there a short lived connection from many servers to one?

Solution……. – You don’t want to sample because you miss stuff – But you can’t always process everything because it is hard to scale Use online streaming algorithms – See OpenSketch for more…

What are SDN Applications?

How we use the network Ensuring reachability: routing/forwarding traffic – Bad things: loop-holes, blackholes

How do we use the network Network Address Translation – You have a small number of IP address; e.g. 1 – But you want to have many devices; tablet/phone Each one needs it own IP address So you share them External IP Internal IP Internal IP

How do we use the network Load balancing: make sure servers get equal number of requests

How do we use the network Load balancing: make sure servers get equal number of requests

L.B. Security NAT Physical View Device State Policy Veriflow|H.A.S.|Libra Network OS Invariant has been violated! There’s a bug. What Next? Hub

How are Networks managed

In a hierarchical manner – With control delegated from top to bottom – Resource delegated in a similar manner

How can SDN support such delegation? Hierarchical capabilities. See more in the PANE paper.