Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.

Published byDarren Stone Modified over 8 years ago

Similar presentations

Presentation on theme: "Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification."— Presentation transcript:

1 Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification

2 Identifying an Attack

3 Identification Tools

4

5 Network Benchmark Parameter

6 Device Status  CPU  Memory  Temperature

7 CPU Load

8 Abnormal CPU Load

9

10 Identifying an Attack through CPU Load

11

12

13 Temperature

14 Traffic Analysis  Technology (Netflow & Sniffer)  Layer 3 or 4 based  Application based

15 Netflow Detect & Affirm

16 Use Netflow

17 Detect DoS

18 Example

19 Layer 3 or 4 TOP N  IP address based  Protocol based  Port based  Packet Size based  AS based

20 Index

21 overview Normalin/Normalout Spoofin/Spoofout Bandwidth 、 PPS and Packet Size

22 Traffic Statistics Picture According to bandwidth bandwidth 、 packet size and PPS According to direction normalin/normalout spoofin/spoofout According to time 4 hours , 2 days , 1 week , 2 months max , min , average , now

23 Traffic Statistics Picture (overview)

24 Traffic Statistics

25 IP TOP 20 Order by source/destination address Order by source  destination peer Order by bandwidth and PPS

26 Traffic Analyse (TOP20)

27

28 Packet size TOP20 Order by bandwidth 、 PPS

29 Port Distribution TOP20 Order by sour/dest port summary Order by sour/dest port direction Order by bandwidth and pps

30 Port distribution TOP20

31 Protocol statistic TOP20 According to protocol normalin 、 normalout 、 spoofin and spoofout Order by bandwidth and pps

32 Protocol Statistic TOP20

33 Protocol Picture According to bandwidth and pps According to type TCP UDP ICMP According to time 4hours , 2day , 1week , 2month Max, min, average, now

34 Protocol (TCP UDP ICMP) Statistics Overview

35 Protocol (TCP UDP ICMP) Statistics

36 AS Statistic TOP20 According to direction normalin 、 normalout 、 spoofin and spoofout According to bandwidth and pps

37 AS Statistic TOP20

38 Abnormal Traffic Query System

39

40 Routing Protocol Status  Route Entries  Routing Protocol Stability

41 Route Monitoring

42 Routing (BGP summary)

43 Routing Monitoring

44 BGP Statistics

45 BGP Monitoring (TEIN2-NORTH)

46 BGP Monitoring (TEIN2-SOUTH)

47 BGP Monitoring (TEIN2-JP)

48 AS Path Entries

49 Community Entries

50 IPv4 Prefix

51 IPv6 Prefix

52 Route Flapping Top 20 No.PREFIXASOscillation 1195.251.96.0/2454083400 2156.148.0.0/161372829 3195.251.98.0/2354082714 4195.251.0.0/2354082301 5193.194.64.0/1932081952 6195.251.104.0/2454081895 7194.177.196.0/2433231528 884.205.64.0/24126541417 984.205.65.0/24126541266 1084.205.77.0/24126541250 1184.205.67.0/24126541147 1284.205.76.0/24126541134 1384.205.78.0/24126541074 1484.205.75.0/24126541025 1584.205.69.0/24126541008 1684.205.74.0/2412654998 17195.60.236.0/2239154941 1884.205.71.0/2412654940 19193.124.160.0/215402922 20193.124.208.0/203335874 No.ASOscillation 168046486 278638707 3540836036 4201831828 513721231 6462117600 7110317268 855917071 91265413666 10220013621 11538712209 12261410461 13165910013 147669504 152377633 166687213 1755016840 185536190 1925616062 2024226026

53 IPv6 Route Flapping Top 10 No.PREFIXAS Oscillat ion 12001:4c00::/3234695673 22001:1a70::/3212046529 32001:1410::/3225538508 42001:4b58::/326802443 52001:1b20::/328665441 62001:a98::/328517439 72001:720::/32766431 82001:4170::/3213092407 92001:778::/322847392 102001:1a18::/323268391 No.ASOscillation 1195716 234695673 3559610 412046529 525538508 66802443 78665441 88517439 9766431 1013092407

54 AAA & Log Audit  Account  SYSLOG  Log audit tools

55 Configuring Syslog on a router

56 Configuration change notification and logging

57 Log skill

58 SNMP Authentication Failure via SYSLOG

59

60 Classification Objectives

61 Classification ACLs

62 Classification and Traceback ACLs

63

64

65

66

67 Classification ACLs - Hints

68 Netflow Classification Technique

69 show ip cache flow

70 show ip cache verbose flow

71 Sink Hole – How to Classify?

Download ppt "Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification."

Similar presentations

NETFLOW & NETWORK-BASED APPLICATION RECOGNITION

NETFLOW & NETWORK-BASED APPLICATION RECOGNITION
Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Point Protection 111. Check List AAA to the Network Devices Controlling Packets Destined to the Network Devices Config Audits.

Point Protection 111. Check List AAA to the Network Devices Controlling Packets Destined to the Network Devices Config Audits.
Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Securing the Router Chris Cunningham.

Securing the Router Chris Cunningham.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
2006 Double Shot Security, Inc. All rights reserved 1 Operational Security Current Practices APNIC22 - Kaohsiung, Taiwan Merike Kaeo

2006 Double Shot Security, Inc. All rights reserved 1 Operational Security Current Practices APNIC22 - Kaohsiung, Taiwan Merike Kaeo
Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Network Operations and Network Management.

Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Network Operations and Network Management.
1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)

1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)
Implementing a Highly Available Network

Implementing a Highly Available Network
Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.
1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.

1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.
1 Controlling High Bandwidth Aggregates in the Network.

1 Controlling High Bandwidth Aggregates in the Network.
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
Monitoring System Monitors Basics Monitor Types Alarms Actions RRD Charts Reports.

Monitoring System Monitors Basics Monitor Types Alarms Actions RRD Charts Reports.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.

Similar presentations

Ads by Google