|
|
Netdev Driver for Acceleration COMBO Cards
Tran, Dominik ; Vrána, Roman (referee) ; Kučera, Jan (advisor)
This thesis deals with the development of the network device driver for the FPGA network COMBO cards, which should enable receiving and sending packets through standard network interface of Linux kernel. CESNET is developing a device called DDoS Protector for protection against an amplification (D)DoS attacks, which uses COMBO cards to achieve high performance. A SZE2 interface is used for high speed transfers of network data between COMBO card and a controlling software application, using technique of bypassing kernel network stack and other methods. DDoS Protector has to support standard network protocols, whose implementation directly on top of the SZE2 is very difficult. Instead, using kernel network stack, which is, by default, bypassed to achieve high performance, is much easier to implement and supports all sorts of protocols. Creation of the network device driver enables us to use kernel network stack and other network applications for COMBO cards. Based on the study of SZE2 interface and driver development, I designed and then successfully implemented network device driver. Driver was tested to ensure standard protocols work. It was also tested from the performance point of view. I have also developed the same type of driver for the newer interface - NDP and an application for an accelerated packet forwarding, both of which are functional and were not part of the thesis specification.
|
|
|
IPv6 Hosts Monitoring
Rapavý, Martin ; Kašpárek, Tomáš (referee) ; Lampa, Petr (advisor)
This thesis is dedicated to network layer protocol IPv6, purposes of its creation and penetration. Former chapters briefly describe IPv6 protocol format and protocols, methods and technologies related to IPv6. The thesis summarizes security risks and flaws in IPv6 and ICMPv6 protocols. In context of the risks and flaws the thesis describes several of local ICMP attacks. It also mentions security incidents resulting from exploiting those security flaws and means of countermeasures. One of the used countermeasures is passive monitoring of ICMP messages. Thesis contains brief description of tool used to achieve this - NDPMon with its advantages, disadvantages and concepts of usage. Rest of the thesis describes design and implementation of monitoring tool similar to NDPMon, but with some improvements.
|
|
|
Netdev Driver for Acceleration COMBO Cards
Tran, Dominik ; Vrána, Roman (referee) ; Kučera, Jan (advisor)
This thesis deals with the development of the network device driver for the FPGA network COMBO cards, which should enable receiving and sending packets through standard network interface of Linux kernel. CESNET is developing a device called DDoS Protector for protection against an amplification (D)DoS attacks, which uses COMBO cards to achieve high performance. A SZE2 interface is used for high speed transfers of network data between COMBO card and a controlling software application, using technique of bypassing kernel network stack and other methods. DDoS Protector has to support standard network protocols, whose implementation directly on top of the SZE2 is very difficult. Instead, using kernel network stack, which is, by default, bypassed to achieve high performance, is much easier to implement and supports all sorts of protocols. Creation of the network device driver enables us to use kernel network stack and other network applications for COMBO cards. Based on the study of SZE2 interface and driver development, I designed and then successfully implemented network device driver. Driver was tested to ensure standard protocols work. It was also tested from the performance point of view. I have also developed the same type of driver for the newer interface - NDP and an application for an accelerated packet forwarding, both of which are functional and were not part of the thesis specification.
|
|
|
IPv6 Hosts Monitoring
Rapavý, Martin ; Kašpárek, Tomáš (referee) ; Lampa, Petr (advisor)
This thesis is dedicated to network layer protocol IPv6, purposes of its creation and penetration. Former chapters briefly describe IPv6 protocol format and protocols, methods and technologies related to IPv6. The thesis summarizes security risks and flaws in IPv6 and ICMPv6 protocols. In context of the risks and flaws the thesis describes several of local ICMP attacks. It also mentions security incidents resulting from exploiting those security flaws and means of countermeasures. One of the used countermeasures is passive monitoring of ICMP messages. Thesis contains brief description of tool used to achieve this - NDPMon with its advantages, disadvantages and concepts of usage. Rest of the thesis describes design and implementation of monitoring tool similar to NDPMon, but with some improvements.
|
|
| |
guest ::
