|
« NANOG32 Home
Tracking Global Threats with the Internet Motion SensorMichael Bailey and Evan Cooke, University of Michigan; Danny McPherson, Arbor Networks; Tim Battles, AT&TPresentation Date: October 19, 2004, 11:30 AM - 12:00 PM
Room: Grand Ballroom
Abstract:
As national utility infrastructures become intertwined with emerging global data networks, the stability and integrity of the two have become synonymous. This connection, while necessary, leaves network assets vulnerable to the rapidly moving threats of today's Internet, including distributed denial of service attacks, fast moving worms, and routing exploits. This presentation introduces the Internet Motion Sensor (IMS), a globally scoped Internet monitoring system whose goal is to measure, characterize, and track threats.
The IMS architecture is based on three novel components. First, a Distributed Monitoring Infrastructure increases visibility into global threats. Second, a Lightweight Active Responder provides enough interactivity that traffic on the same service can be differentiated independent of application semantics. Third, a Payload Signatures and Caching mechanism avoids recording duplicated payloads reducing overhead and assists in identifying new and unique payloads. We explore the benefits of this system in the context of a three-year deployment across multiple dark address blocks ranging in size from /24s to a /8. Data gathered from these deployments is used to demonstrate the ability of the IMS to capture and characterize recent activity, such as that on Sasser and Dabber Backdoors.
Archived Files:
NANOG32 Abstracts- 802.1X: Deployment Experiences and Obstacles to Widespread Adoption
Terry Simons, University of Utah/open1x.org; Jon Snyder, Portland State University
- AOL Welcome Reception
- Tutorial: BGP Multihoming Techniques
Philip Smith, Cisco Systems
- BGP—The Movie
Geoff Huston and George Michaelson, APNIC; Philip Smith, Cisco Systems
- Botnets
John Kristoff, Northwestern University
- Detecting Inconsistent Advertisements from Neighboring ASes
Nick Feamster, MIT; Z. Morley Mao, University of Michigan; Jennifer Rexford, AT&T Research
- DNS Anomalies and Their Impact on DNS Cache Servers
Chika Yoshimura, NTT Communcations; Katsuyasu Toyama, Keisuke Ishibashi, and Tsuyoshi Toyono, NTT Labs; Masahiro Ishino, NTT Communcations; Kazunori Fujiwara, JPRS
- DNSSEC Deployment: Big Steps Forward; Several Steps to Go
Steve Crocker, Shinkuro; Rob Austein, Internet Systems Consortium; Russ Mundy and Suresh Krishnaswamy, SPARTA, Inc.
- Evolving the Core: Deployment Challenges and the Internet
Scott Marcus, FCC
- Extension of Multi-Service Networks
Dave Siegel, Global Crossing
- Good Engineering Practice as it Applies to Unlicensed Wireless Networks
Tim Pozar, Late Night Software
- Tutorial: Internet Number Resource Management and Administration
Ray Plzak and Richard Jimmerson, ARIN
- Tutorial: IPv6 Deployment and Case Studies
Salman Asadullah and Ciprian Popoviciu, Cisco Systems
- Tutorial: ISP Security Toolkits
Tim Battles, AT&T
- Life and Times of J-Root
Piet Barber, Matt Larson, Mark Kosters, and Pete Toscano, Verisign
- LinkRank: A Tool for Diagnosis of BGP Routing Dynamics
Mohit Lad and Lixia Zhang, UCLA; Dan Massey, Colorado State University
- Network Design to Support Very High-Capacity Streaming and Caching Infrastructures
Vijay Gill, AOL Time Warner
- Optical Switching, a Great Tool in Platform Migration at AMS-IX
Romeo Zwart, Amsterdam Internet Exchange
- Optimizing Operational Input to ARIN: What Is Needed and How Do We Get It?
Moderator: ARIN staff
- Tutorial: Options for Blackhole and Discard Routing
Joe Soricelli, Juniper; Wayne Gustavus, Verizon
- Research Forum: Performing BGP Experiments on a Semi-Realistic Internet Environment
Ke Zhang, Soon-Tee Teoh, Shih-Ming Tseng, Chen-Nee Chuah, Kwan-Liu Ma, and Felix Wu, University of California, Davis
- Research Forum: Sizing Router Buffers
Guido Appenzeller, Stanford University
- RPSLng Status Update
Larry Blunk, Merit Network
- BOF: SP Security and NSP-SEC BOF VII
Moderators: Merike Kaeo, Double Shot Security; Roland Dobbins, Cisco
- Tracking Global Threats with the Internet Motion Sensor
Michael Bailey and Evan Cooke, University of Michigan; Danny McPherson, Arbor Networks; Tim Battles, AT&T
- Welcome, Introductions
Ray Plzak, ARIN; Rich Colella, AOL; Ron da Silva, Time Warner Cable; Susan Harris, Merit Network
- What Will Stop Spam?
Charles Stiles, AOL Time Warner; Carl Hutzler, America Online
- Show All
Back to the NANOG32 main page.
|
