|
|
Secure Neighbor Discovery Protocol
Bezdíček, Lukáš ; Halfar, Patrik (referee) ; Grégr, Matěj (advisor)
This report deals with designing and implementing of a complete SEND protocol for operating systems GNU/Linux. The first part of the document contains a description of ND and SEND protocols. The second part of the document defines security threats connected with unsecured ND. The third part of the report describes a design and implementation of SEND protocol named sendd . Conclusion of the document is dedicated to a summary of accomplished results and information about future development of this project.
|
|
|
Optimization of Distributed Network Flow Collector
Wrona, Jan ; Grégr, Matěj (referee) ; Žádník, Martin (advisor)
This thesis is focused on the optimization of distributed IP flow information collector. Nowadays, the centralized collector is a frequently used solution but is already reaching its performance limits in large scale and high-speed networks. The implementation of the distributed collector is in its early phase and it is necessary to look for solutions that will use it to its full potential. Therefore this thesis proposes a shared nothing architecture without a single point of failure. Using the above proposed architecture, the distributed collector is tolerant to the failure of at least one node. A distributed flow data analysis software, whose performance scales linearly with the number of nodes, is also part of this thesis.
|
|
|
Dynamic State of OMNeT++ Model via SNMP
Smejkal, Jakub ; Grégr, Matěj (referee) ; Veselý, Vladimír (advisor)
This work outlines ways of getting dynamic state into OMNeT++ model. SNMP as major technology was selected for reaching the goals. Protocols CDP and LLDP are participating in topology detection and in theoretical layer Breadth- first search is used. The output of this tool is file syntactically specied by NED language which is describing computer network.
|
|
|
Radius Monitoring Using IPFIX
Vyskočil, Pavel ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This barchelor thesis is focused on monitoring RADIUS traffic in the computer network based on IPFIX technology. A new input plugin for the FlowMon probe from the INVEA-TECH company was created using the acquiered knowledge about the RADIUS traffic and the possibilities of the IPFIX protocol. During the tests, the implemented plugin showed the ability to detect and process RADIUS comunication in the LAN network.
|
|
|
IPv6 Network Prefix Translation
Ježek, Lukáš ; Polčák, Libor (referee) ; Grégr, Matěj (advisor)
This master thesis deals with testing network prefix translation algorithm in IPv6. It tests existing implementation. This implementations are compared with each other. Some implementations end with error compilation. There are two options how to deal with this problem, it might be repaired or the port to the new kernel is created. Performance is tested with Spirent hardware packet generator.
|
|
|
Detection of Dictionary Attacks on Network Services Using IP Flow Analysis
Činčala, Martin ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
Existing research suggests that it is possible to detect dictionary attacks using IP flows. This type of detection was successfully implemented for SSH, LDAP and RDP protocols. To determine whether it is possible to use the same methods of detection for e-mail protocols virtual test environment was created. I deduced the characteristics of attacks in flows from the data, which I gained from this virtual environment. Than I chose the statistical value that separates the attacks from legitimate traffic. Variance of specific flow parameters was chosen as main characteristic of attacks. IP addresses with flows that have small variance of chosen parameters and high frequency of packet arrival are considered untrustworthy. Variance is calculated from IP history to rule out false positives. The IP history of legitimate user contains variation of flows which prevents marking this IP address as dangerous. On the basis of this principal the script, which detects the attacks from the nfdump output, was created. The success of detection of the attacks was tested on classificated data from the real environment. The results of tests showed, that with good configuration of marginal values the percentage of detected attacks is high and there are no false positives. Detection is not limited only on mail protocols. With regard to universal design, the script is able to detect dictionary attacks on SSH, LDAP, SIP, RDP, SQL, telnet and some other attacks.
|
|
|
Detection of Volumetric DoS and DDoS Attacks in Real Time on the L3 Network Layer
Škápik, Anton ; Grégr, Matěj (referee) ; Holkovič, Martin (advisor)
This bachelor thesis explores and implements capabilities of real-time DoS and DDoS detection. Leveraging NetFlow stream processing tool, the resulting product provides the ability to detect attacks within a few seconds and create rules to mitigate the attack. The rules are converted from an form of records into a flowspec filter that is distributed by BGP between the routers in the monitored network. The program was implemented and tested. The work is written in collaboration with Flowmon Networks a.s., using their proprietary applications for NetFlow record processing.
|
|
|
Modelling Gateway Redundancy Protocols
Vítek, Petr ; Grégr, Matěj (referee) ; Veselý, Vladimír (advisor)
This master's thesis report deals with the theoretical analysis of FHRP. First Hop Redundancy Protocols are network protocols which are designed to protect the default gateway and also to ensure high availability in the network by using redundancy. The reader becomes familiar with protocols VRRP, HSRP and GLBP and also learn the way how to configure them to on real Cisco devices. It also describes how implement VRRP int the simulated enviroment of OMNeT++. The result of the implementation is verified in the test topologies.
|
|
|
Detecting DoS and DDoS Attacks Using NetFlow Data
Huňka, Jan ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This thesis deals with using NetFlow data for DoS and DDoS attacks detection. Based on the findings of the analysis of attack traffic a plugin for exporter of the FlowMon probe is implemented. It monitors several heuristics and based on them determines a level of suspicion of the source IP address. During testing, it was verified that the plugin is able to reliably detect large-scale DoS and DDoS attacks on live traffic.
|
|
|
Secure Transport of NetFlow Data
Ručka, Tomáš ; Halfar, Patrik (referee) ; Grégr, Matěj (advisor)
The aim of my bachalor's thesis is secure transport NetFlow data. Communication in NetFlow is not protected against unauthorized intrusion, in addition works over UDP protocol which is protocol that allows data loss. The aim of this work is to create an encrypted tunnel through which communication will take place between the exporter and collector.
|
guest ::
RSS feed.