| About Merit | Products & Services | Infrastructure & Research | Partnerships & Consortia | Search | Merit Home | IPMA Home |
Posted-Date: Mon, 9 Mar 1998 12:15:14 -0800 Message-Id: <199803092015.AA17035@los.isi.edu> Received: by los.isi.edu (5.65c/4.0.3-6) id; Mon, 9 Mar 1998 12:15:14 -0800 To: nanog@merit.edu Subject: Re: Some abuse detection hacks ... Cc: Prue@ISI.EDU Sender: owner-nanog@merit.edu Avi Freedman's post with a perl script to look for network abuses a while back got me to thinking that a C program could be written to do what his scripts do in near real time, continuously, if desired. It is possible to get Cisco routers to dump netflow data records to a host. I modified a Cisco demonstration program called fdget.c to look at the netflow data records and search for illegimate default pointing or transit routing from unauthorized source AS's to unauthorized destination AS's. I have made this program available via anonymous ftp (not a URL) on venera.isi.edu in subdirectory mon. This directory is blind. You must know what files you wish to retrieve by exact name. The files of interest are: atack.c README.atack flowdata.h I hope that you find them useful. My thanks go to Cisco for letting me distribute this program even though most of the code was written by Cisco. So keep in mind any bugs are mine. Walt Prue Los Nettos USC/ISI
| Merit Network, Inc. |
|
|
| 4251 Plymouth Rd., Suite C | copyright 1997 Merit Network, Inc. | |
| Ann Arbor, Michigan 48105-2785 | Maintainer: www@www.merit.edu | |
| 313-764-9430 | http://www.merit.edu/ |