Presentation is loading. Please wait.

Presentation is loading. Please wait.

Denial of Service Mitigation with OpenFlow using SciPass

Published byClarence Reed Modified over 7 years ago

Similar presentations

Presentation on theme: "Denial of Service Mitigation with OpenFlow using SciPass"— Presentation transcript:

1 Denial of Service Mitigation with OpenFlow using SciPass
Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana University INTERNATIONAL NETWORKS At Indiana University Supported by the National Science Foundation

2 Goals Provide adequate security at 100G network speeds
Detect Distributed Denial of Service (DDOS) attacks Stop attack inside the Wide Area Network (WAN) Do not impede legitimate traffic

3 Intrusion Detection System
Deep packet inspection Look for known traffic patterns and signatures that signal an attack Useful for identifying DDOS There are many Intrusion detection systems. They allow for deep packet inspection and can trigger on traffic patterns that may signal an attack. The traffic patterns can be manually set or more helpfully look for known signatures. Once the IDS identifies bad traffic it can signal another action. Typically at this point some human intervention may be required to put manual blocks in place.

4 SciPass Indiana University developed SDN Application
Adaptive IDS cluster load balancing Reactive white and blacklisting Web Service API for IDS Feedback Designed primarily for Science DMZ

5 SciPass Normal Operation

6 SciPass Blacklist Feature
Can match: Source / Destination IP Source / Destination Port Ethernet Type SciPass sends OpenFlow rules to switch Flow Based: Block HTTP traffic from Host A to B Prefix Based: Block all traffic to /32 Prefix Based: Block all traffic to or from /24 IDS signals bad traffic to SciPass via web services

7 SciPass Black List Example

8 Path Forward Lab Deployment SciPass + Brocade MLXe + IDS (Bro)
Generate test traffic Squash false positives Feasibility / Scale TransPAC4 Field Deployment in logging mode TransPAC4 Field Deployment in automatic mode

9 Questions / Comments? http://globalnoc.iu.edu/sdn/scipass.html
Hans Addleman - TransPAC4 NSF IRNC Award: #

Download ppt "Denial of Service Mitigation with OpenFlow using SciPass"

Similar presentations

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.

Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
John Kristoff DePaul Security Forum 2003 1 Network Defenses to Denial of Service Attacks John Kristoff +01 312 362-5878.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.

Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
Department Of Computer Engineering

Department Of Computer Engineering
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.

OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Software-Defined Networks Jennifer Rexford Princeton University.

Software-Defined Networks Jennifer Rexford Princeton University.
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.

Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

Similar presentations

Ads by Google