Presentation is loading. Please wait.

Presentation is loading. Please wait.

Greynets Fred Baker. Problem: Detecting attacks that probe an address – Note that this is not necessarily a scanning attack (RFC 5157) There are other.

Published byRebecca Hodges Modified over 10 years ago

Similar presentations

Presentation on theme: "Greynets Fred Baker. Problem: Detecting attacks that probe an address – Note that this is not necessarily a scanning attack (RFC 5157) There are other."— Presentation transcript:

1 Greynets Fred Baker

2 Problem: Detecting attacks that probe an address – Note that this is not necessarily a scanning attack (RFC 5157) There are other ways to more properly probe a network – If a company is known to use EUI-64 format addresses and equipment from specific vendors, the scan surface is vastly reduced – If an address was known to be in use in the past (from an SMTP envelope perhaps), it may still be in use – Observation of traffic exiting a network… – On-LAN attacks

3 Network Telescopes Darknet: – Commonly used to refer to an address space advertised in routing by a collector to trap probes of the address space Harrods 2005 Greynet proposal – Position a collector on a LAN to trap traffic to a few addresses collector Normal equipment

4 Greynet according to Fred When NS fails on a datagram delivered to a LAN – Eg, address is not in use Instead of discarding the queued datagram, forward it to a collector – The collector can apply algorithms to decide what is going on Possible smarter policies – Heuristically identify more interesting datagrams and only forward them collector Normal equipment

5 Why? Darknets have been useful in isolating attacks in the IPv4 network We expect similar attacks in the IPv6 network, although done in other ways Facilitate diagnostics without a lot of fuss…

Download ppt "Greynets Fred Baker. Problem: Detecting attacks that probe an address – Note that this is not necessarily a scanning attack (RFC 5157) There are other."

Similar presentations

1 IPv6 Unique Local Addresses Update on IETF Activity ARIN Public Policy Meeting April 2005 Geoff Huston APNIC.

1 IPv6 Unique Local Addresses Update on IETF Activity ARIN Public Policy Meeting April 2005 Geoff Huston APNIC.
SHIM6 Update Geoff Huston Kurtis Lindqvist SHIM6 co-chairs.

SHIM6 Update Geoff Huston Kurtis Lindqvist SHIM6 co-chairs.
IPv4 to IPv6 transition ALS Capacity Building April 2014

IPv4 to IPv6 transition ALS Capacity Building April 2014
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by 2008. Solution: Design a new IP with a larger address space, called the IP version.

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)

CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)
SAVI IP Source Guard draft-baker-sava- implementation Fred Baker.

SAVI IP Source Guard draft-baker-sava- implementation Fred Baker.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.

FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.
Module 3.4: Switching Circuit Switching Packet Switching K. Salah.

Module 3.4: Switching Circuit Switching Packet Switching K. Salah.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Examining IP Header Fields

Examining IP Header Fields
VLANs Port-based VLAN: switch ports grouped (by switch management software) so that single physical switch …… Switch(es) supporting VLAN capabilities can.

VLANs Port-based VLAN: switch ports grouped (by switch management software) so that single physical switch …… Switch(es) supporting VLAN capabilities can.
27 August 20081 EEE442 COMPUTER NETWORKS Test results & analysis.

27 August EEE442 COMPUTER NETWORKS Test results & analysis.
Routing problems are easy to cause, and hard to diagnose (“Happy operators make happy packets”) Jennifer Rexford AT&T Labs—Research

Routing problems are easy to cause, and hard to diagnose (“Happy operators make happy packets”) Jennifer Rexford AT&T Labs—Research
1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.

1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Network Administration

Network Administration

Similar presentations

Ads by Google