Presentation is loading. Please wait.

Presentation is loading. Please wait.

FlowScan at the University of Wisconsin Perry Brunelli, Network Services.

Published byDale Nelson Modified over 9 years ago

Similar presentations

Presentation on theme: "FlowScan at the University of Wisconsin Perry Brunelli, Network Services."— Presentation transcript:

1 FlowScan at the University of Wisconsin Perry Brunelli, Network Services

2 Flowscan - freely available perl scripts and modules that aggregate other freely available tools for representing flows Analyzes and reports on NetFlow data collected by CAIDA’s clfowd Stored using RRDtool - time series data Flowscan provides reporting capabilities and visualization of flow data Measurement Tools – FlowScan

3 See: http://net.doit.wisc.edu/~plonka/lisa/FlowScan/ http://net.doit.wisc.edu/~plonka plonka@doit.wisc.edu Dave -> For more on Flowscan

4 Fall 2000 Traffic

5 Fall 2000 Traffic - Continued

6 Fall 2001 Traffic

7 Fall 2001 Traffic – Continued

8 A look at the past year

9 Network Events of Interest

10 Code Red Worm Propagation The following graph shows the difference between the number of UW-Madison IP addresses that have transmitted traffic and the number that have received traffic. These values are plotted independently for each of UW-Madison's four class B networks. This metric represents the number of campus host IP addresses that participated in "monologues" - one way exchanges of IP information with hosts in the outside world. A negative value indicates that more src addresses have been used as received IP traffic than have generated outbound IP traffic. Negative numbers in the plot are an indication of inbound "scanning" or probing behavior (such as that done by the hosts in the outside world that were infected with the Code Red worm) because those scans often attempt to talk to unused campus IP addresses or to hosts which simply do not respond because of firewall policies.

11 Code Red Worm Propagation

12 DOS Attack On Monday, July 9, 2001, UW-Madison network engineers discovered that for the past two days, various campus hosts running the Windows IIS HTTP server were enlisted as slaves in an outbound Distributed-Denial-of-Service attack. The outbound traffic consisted of large ICMP ECHO packets to a small set of destination "victim" hosts.

13 Outbound DDoS flood from 30+ hosts in 128.104/16

14 WiscNet Traffic

15 WiscNet by Protocol

Download ppt "FlowScan at the University of Wisconsin Perry Brunelli, Network Services."

Similar presentations

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
Netflow Data-Mining Techniques Chris Poetzel Argonne National Laboratory Scott Pinkerton.

Netflow Data-Mining Techniques Chris Poetzel Argonne National Laboratory Scott Pinkerton.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
FlowScan at the University of Wisconsin-Madison Copyright Dave Plonka and Perry Brunelli, 2001. This work is the intellectual property of the authors.

FlowScan at the University of Wisconsin-Madison Copyright Dave Plonka and Perry Brunelli, This work is the intellectual property of the authors.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Network Measurements: Unused IP address space traffic analysis at SSSUP Campus Network Francesco Paolucci, Piero Castoldi Research Unit at Scuola Superiore.

Network Measurements: Unused IP address space traffic analysis at SSSUP Campus Network Francesco Paolucci, Piero Castoldi Research Unit at Scuola Superiore.
Supercomputing Center Measurement and Performance Analysis of Supercomputing Traffic by FlowScan+ 2.0 Supercomputing Center of KISTI Kookhan Kim August.

Supercomputing Center Measurement and Performance Analysis of Supercomputing Traffic by FlowScan+ 2.0 Supercomputing Center of KISTI Kookhan Kim August.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Behavior Intrusion Detection: Enhanced Hakan Evecek Rodolfo Ortiz Hakan Evecek Rodolfo Ortiz.

Behavior Intrusion Detection: Enhanced Hakan Evecek Rodolfo Ortiz Hakan Evecek Rodolfo Ortiz.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Definition : Computer Virus A computer program with the characteristic feature of being able to generate copies of itself, and thereby spread. Additionally.

Definition : Computer Virus A computer program with the characteristic feature of being able to generate copies of itself, and thereby spread. Additionally.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.

Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.
Design and Implementation of SIP-aware DDoS Attack Detection System.

Design and Implementation of SIP-aware DDoS Attack Detection System.
Using Argus Audit Trails to Enhance IDS Analysis Jed Haile Nitro Data Systems

Using Argus Audit Trails to Enhance IDS Analysis Jed Haile Nitro Data Systems
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Similar presentations

Ads by Google