|
|
Filtering of denial-of-service attacks
Klimeš, Jan ; Blažek, Petr (referee) ; Gerlich, Tomáš (advisor)
This thesis deals with filtering selected DDoS attacks on denial of the service. The the toretical part deals with the problems of general mechanisms used for DDoS attacks, defense mechanisms and mechanisms of detection and filtration. The practical part deals with the filtering of attacks using the iptables and IPS Suricata firewall on the Linux operating system in an experimental workplace using a network traffic generator to verify its functionality and performance, including the statistical processing of output data from filter tools using the Elasticsearch database.
|
|
|
Port Block Allocation for Network Address Translation
Odehnal, Tomáš ; Podermański, Tomáš (referee) ; Grégr, Matěj (advisor)
Cílem této semestrální práce je nastudovat problematiku Carrier-Grade NAT (CGN) přístupu, který musí provádět záznam o překladu adres každého nového spojení. Protože CGN leží na rozhraních rozsáhlých sítí, může denně zaznamenat statisíce spojení. Toto množšství záznamů má vysoké paměťové nároky a ještě složitější je hledání konkrétního záznamu. Tyto problémy je možné řešit pomocí alokace bloku portů pro překlad adres. Výstupem této práce je vytvoření pravidla do iptables, které provádí tuto alokaci bloků pro překlad adres. To se skládá z uživatelské části, která zpracovává pravidla a kernelovský modul provádějící funkcionalitu pravidla.
|
|
|
Security of Linux OS
Polách, Milan ; Vychodil, Petr (referee) ; Vymazal, Michal (advisor)
This thesis is focused on the possibility of better networking security operating system GNU/Linux with an appropriate set of rules Netfilter. There was established a program to allow easy configuration of rules for IP Address versions 4 and 6. This program not only allows to set individual rules, but also interfere with the newly required service and decide, how it will be further worked with. The first is the theoretical part describes the network communication with the model TCP/IP, the following is the introduction of Netfilter and outlining the local security. The practical part describes the various technologies and methods used for programming. The result of this work is easy to use program to set firewall rules for IP Address versions 6 with the possibility of deciding on the new established network traffic. The program is designed for new users of the operating system, who want to better secure their computer without the knowledge of Netfilter.
|
|
| |
|
|
Port Block Allocation for Network Address Translation
Odehnal, Tomáš ; Podermański, Tomáš (referee) ; Grégr, Matěj (advisor)
Cílem této semestrální práce je nastudovat problematiku Carrier-Grade NAT (CGN) přístupu, který musí provádět záznam o překladu adres každého nového spojení. Protože CGN leží na rozhraních rozsáhlých sítí, může denně zaznamenat statisíce spojení. Toto množšství záznamů má vysoké paměťové nároky a ještě složitější je hledání konkrétního záznamu. Tyto problémy je možné řešit pomocí alokace bloku portů pro překlad adres. Výstupem této práce je vytvoření pravidla do iptables, které provádí tuto alokaci bloků pro překlad adres. To se skládá z uživatelské části, která zpracovává pravidla a kernelovský modul provádějící funkcionalitu pravidla.
|
|
|
Návrh univerzitního firewallu na platformě Cisco
Burian, Jan
The diploma thesis focuses on design of university firewall on Cisco platform. The design deals with important functionalities, which are used in the current solution. These include routing, network address translation, access control lists, VPN. The thesis furher deals with dynamic insertion rules, which are generated based on traffic analysis by Flowmon probe and its ADS module. The new design is implemented in a testing environment and its funcionality is verified. The thesis will serve like feasibility study for final implementation in the production MENDELU network.
|
|
|
Filtering of denial-of-service attacks
Klimeš, Jan ; Blažek, Petr (referee) ; Gerlich, Tomáš (advisor)
This thesis deals with filtering selected DDoS attacks on denial of the service. The the toretical part deals with the problems of general mechanisms used for DDoS attacks, defense mechanisms and mechanisms of detection and filtration. The practical part deals with the filtering of attacks using the iptables and IPS Suricata firewall on the Linux operating system in an experimental workplace using a network traffic generator to verify its functionality and performance, including the statistical processing of output data from filter tools using the Elasticsearch database.
|
|
|
Advanced features of traffic shaping for 802.3 and 802.11 networks under OS Linux
Pánek, Michal ; Endrle, Pavel (referee) ; Szőcs, Juraj (advisor)
This bachelor work deals with possibilities of traffic shaping and control in OS Linux. First part of the work examines indiviual tools needed for working with data stream. The second part consideres methods intended for traffic shaping. From these methods intended for use in standarts 802.3 and 802.11 were selected and described. The second part of paper focused on Hierarchical Token Bucket and Class-based queueing method. The third part is the practical application of methods on the hardware, the measurement of the individual standards and processing into charts.
|
|
|
P2P Networks Blocking
Švajda, Patrik ; Žádník, Martin (referee) ; Tobola, Jiří (advisor)
This bachelor's thesis deals with filtering P2P networks intend for changing data. My work describes layers of ISO/OSI model, which is able to blocking these networks. For Linux describes tools of detecting P2P networks with the aid of data part of packet. Testing proves success of blocking by L7- filter and IPP2P filter.
|
|
|
Implementation of the Network Traffic Filter by Microblaze in FPGA
Viktorin, Jan ; Korček, Pavol (referee) ; Kaštil, Jan (advisor)
The thesis explores the area of hardware acceleration of a software network traffic filter running inside processor MicroBlaze in the FPGA Spartan-3E. The accelerated application is widely used firewall from the Linux Kernel called iptables, more precisely its extension L7-filter. L7-filter performs lookups inside network traffic using regular expressions. Because of its significant influence on the application performance, it has been exchanged with a hardware unit controlled from the Linux Kernel. The performance has been increased more than twice.
|
guest ::
