|
|
Filtering and aggregation of network traffic
Zubov, Artem ; Blažek, Petr (oponent) ; Martinásek, Zdeněk (vedoucí práce)
Purpose of this work is to find, describe and test existing tools and features available in linux-based solution for filtering malicious traffic. As source of malicious traffic taken most widly-used Ddos attacks targeting Web servers. SYN, UDP and ICMP Flood attacks are described and different variants of they mitigation are explained. Available tools for manipulating with traffic, like ebtables and iptables tools are compared, based on each type of attack. Specially created experimental network was used for testing purposes, configured filters servers and bridge. Inspected packets flow through linux kernel network stack along with tuning options serving for increasing filter server traffic throughput. As a result, ebtables tool appears to be most productive, due to less resources it needed to process each packet (frame). Pointed out that separate detecting system is needed for this tool, in order to provide further filtering methods with data. As main conclusion, linux-based solutions provide full functionality for filtering traffic either in stand-alone state or combined with detecting systems.
|
|
|
Filtering and aggregation of network traffic
Zubov, Artem ; Blažek, Petr (oponent) ; Martinásek, Zdeněk (vedoucí práce)
Purpose of this work is to find, describe and test existing tools and features available in linux-based solution for filtering malicious traffic. As source of malicious traffic taken most widly-used Ddos attacks targeting Web servers. SYN, UDP and ICMP Flood attacks are described and different variants of they mitigation are explained. Available tools for manipulating with traffic, like ebtables and iptables tools are compared, based on each type of attack. Specially created experimental network was used for testing purposes, configured filters servers and bridge. Inspected packets flow through linux kernel network stack along with tuning options serving for increasing filter server traffic throughput. As a result, ebtables tool appears to be most productive, due to less resources it needed to process each packet (frame). Pointed out that separate detecting system is needed for this tool, in order to provide further filtering methods with data. As main conclusion, linux-based solutions provide full functionality for filtering traffic either in stand-alone state or combined with detecting systems.
|
host ::
RSS.