Greynets Fred Baker. Problem: Detecting attacks that probe an address – Note that this is not necessarily a scanning attack (RFC 5157) There are other.

Slides:



Advertisements
Similar presentations
1 IPv6 Unique Local Addresses Update on IETF Activity ARIN Public Policy Meeting April 2005 Geoff Huston APNIC.
Advertisements

SHIM6 Update Geoff Huston Kurtis Lindqvist SHIM6 co-chairs.
IPv4 to IPv6 transition ALS Capacity Building April 2014
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)
SAVI IP Source Guard draft-baker-sava- implementation Fred Baker.
Security Firewall Firewall design principle. Firewall Characteristics.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.
Module 3.4: Switching Circuit Switching Packet Switching K. Salah.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Examining IP Header Fields
VLANs Port-based VLAN: switch ports grouped (by switch management software) so that single physical switch …… Switch(es) supporting VLAN capabilities can.
27 August EEE442 COMPUTER NETWORKS Test results & analysis.
Routing problems are easy to cause, and hard to diagnose (“Happy operators make happy packets”) Jennifer Rexford AT&T Labs—Research
1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Network Administration
TRACENET M.Engin TozalKamil Sarac The University of Texas at Dallas.
Chapter 1 Overview Review Overview of demonstration network
CIS679: Scheduling, Resource Configuration and Admission Control r Review of Last lecture r Scheduling r Resource configuration r Admission control.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
Mobile IP Chapter 19. Introduction Mobile IP is designed to allow portable computers to move from one network to another Associated with wireless technologies.
© 2002, Cisco Systems, Inc. All rights reserved..
TCP/IP Illustracted Vol1. 제목 : IP Routing ( 수 ) 한 민 규
10/8/2015CST Computer Networks1 IP Routing CST 415.
CSC 600 Internetworking with TCP/IP Unit 8: IP Multicasting (Ch. 17) Dr. Cheer-Sun Yang Spring 2001.
Draft-ietf-v6ops-scanning-implications-00 IPv6 Implications for Network Scanning Tim Chown University of Southampton (UK) IETF 66,
TELE202 Lecture 5 Packet switching in WAN 1 Lecturer Dr Z. Huang Overview ¥Last Lectures »C programming »Source: ¥This Lecture »Packet switching in Wide.
Sami Al-wakeel 1 Data Transmission and Computer Networks The Switching Networks.
Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 4 Internet Control Message Protocol (ICMP)
Network – internet – part2  Address at diff. layers  Headers at diff. layers  Equipment at diff. layers.
Day11 Devices/LAN/WAN. Network Devices Hub Switches Bridge Router Gateway.
Error and Control An IP datagram travels from node to node on the way to its destination Each router operates autonomously Failures or problems may occur.
IP addresses. Network Layer introduction 4.2 virtual circuit and datagram networks 4.3 what’s inside a router 4.4 IP: Internet Protocol datagram.
1 Traffic Management Benchmarking Framework IETF 85 Atlanta Barry Constantine Tim Copley Ram Krishnan.
Flow Aware Packet Sampling
1 6/3/2003 IEEE Link Security Study Group, June 2003, Ottawa, Canada Secure Frame Format PAR: 5 Criteria.
TCP/IP Illustracted Vol1. 제목 : IP Routing ( 수 ) 한 민 규
CS470 Computer Networking Protocols
By Toby Reed.
Multicast Routing Optimization Juan-Carlos Zúñiga Luis M. Contreras Carlos J. Bernardos Seil Jeon Younghan Kim MULTIMOB WG, July
6to4
CS 6401 Intra-domain Routing Outline Introduction to Routing Distance Vector Algorithm.
On Firewalls Fred Baker and Paul Hoffman draft-ietf-opsawg-firewalls-01.txt.
Source/Destination Routing Fred Baker Cisco Systems.
Virtual Local Area Networks In Security By Mark Reed.
The Transport Layer Implementation Services Functions Protocols
Dealing with Different Types of Networks
Multicast Outline Multicast Introduction and Motivation DVRMP.
draft-baker-opsawg-firewalls
6lo Privacy Considerations
IP Forwarding Covers the principles of end-to-end datagram delivery in IP networks.
CS4470 Computer Networking Protocols
Byungchul Park ICMP & ICMPv DPNM Lab. Byungchul Park
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
Chapter 5 The Network Layer.
IP Forwarding Relates to Lab 3.
IP Forwarding Relates to Lab 3.
Net 431: ADVANCED COMPUTER NETWORKS
Firewalls Purpose of a Firewall Characteristic of a firewall
IP Forwarding Relates to Lab 3.
IP Forwarding Relates to Lab 3.
Switching Techniques.
IP Forwarding Relates to Lab 3.
Networking and Network Protocols (Part2)
IP Forwarding Relates to Lab 3.
Bridges Neil Tang 10/10/2008 CS440 Computer Networks.
Presentation transcript:

Greynets Fred Baker

Problem: Detecting attacks that probe an address – Note that this is not necessarily a scanning attack (RFC 5157) There are other ways to more properly probe a network – If a company is known to use EUI-64 format addresses and equipment from specific vendors, the scan surface is vastly reduced – If an address was known to be in use in the past (from an SMTP envelope perhaps), it may still be in use – Observation of traffic exiting a network… – On-LAN attacks

Network Telescopes Darknet: – Commonly used to refer to an address space advertised in routing by a collector to trap probes of the address space Harrods 2005 Greynet proposal – Position a collector on a LAN to trap traffic to a few addresses collector Normal equipment

Greynet according to Fred When NS fails on a datagram delivered to a LAN – Eg, address is not in use Instead of discarding the queued datagram, forward it to a collector – The collector can apply algorithms to decide what is going on Possible smarter policies – Heuristically identify more interesting datagrams and only forward them collector Normal equipment

Why? Darknets have been useful in isolating attacks in the IPv4 network We expect similar attacks in the IPv6 network, although done in other ways Facilitate diagnostics without a lot of fuss…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.