^ Top

NANOG Meeting Presentation Abstract

Preparing RIR Allocation Data for Network Security Analysis Tasks
Meeting: NANOG31
Date / Time: 2004-05-25 3:35pm - 4:05pm
Room: Grand Ballroom
Presenters: Speakers:

Brian Trammell, CERT

Brian Trammell is a Member of the Technical Staff on the CERT Network Situational Awareness team in Pittsburgh, Pennsylvania. His current work includes the design and implementation of network security data collection and analysis tools. Brian holds a B.S. in Computer Science from the Georgia Institute of Technology.
Abstract: CERT\'s Network Situational Awareness group uses data from the regional registries\' allocation databases to supplement the analysis of network security incident data. The aim of this effort is to build a single allocation tree view of the IPv4 address space so that events may be aggregated by source and destination network. We are building a tool chain to automate the preparation of RIR data for this purpose. This presentation addresses the techniques used by these tools, including:

  1. Detection and resolution of conflicting information between registries.



  2. Detection and correction of \"eroded\" ranges in reassignment records (e.g., a reassigned /24 appearing as the range x.y.z.(0,1) - x.y.z.(254,255), which causes problems with our CIDR block-centric view of the world).



  3. Detection (and, if possible, correction) of errors in the allocation data, including:

    • corrupted record metadata (modification dates, etc.)

    • corrupted ranges (clear errors in allocations. e.g., a reassigned /29 appearing as x.y.z.0 - x.y.z+1.7)

    • range hierarchy \"inversions\" (a range that overlaps another such that
      a.start < b.start < a.end < b.end; indicative of a stale record or a corrupted range)






Work to date suggests that automated tools will be able to correct all but a handful of irregularities in the source data. A process for reporting these irregularities back to the regional registries for correction or clarification may also be of some use to the Internet community at large.
Files: pdfBrian Trammell Presentation(PDF)
youtubePreparing RIR Allocation Data for Network Security Analysis Tasks
Sponsors: None.

Back to NANOG31 agenda.

NANOG31 Abstracts

  • Happy Packets - Initial Results
    Speakers:
    Randy Bush, IIJ; Tim GriffinIntel Research; .
    Zhuoqing MaoUniversity of Michigan; .
    Eric PurpusUniversity of Oregon; .
    Dan StutzbachUniversity of Oregon; .
  • Happy Packets - Initial Results
    Speakers:
    Randy Bush, IIJ; Tim GriffinIntel Research; .
    Zhuoqing MaoUniversity of Michigan; .
    Eric PurpusUniversity of Oregon; .
    Dan StutzbachUniversity of Oregon; .
  • Happy Packets - Initial Results
    Speakers:
    Randy Bush, IIJ; Tim GriffinIntel Research; .
    Zhuoqing MaoUniversity of Michigan; .
    Eric PurpusUniversity of Oregon; .
    Dan StutzbachUniversity of Oregon; .
  • Happy Packets - Initial Results
    Speakers:
    Randy Bush, IIJ; Tim GriffinIntel Research; .
    Zhuoqing MaoUniversity of Michigan; .
    Eric PurpusUniversity of Oregon; .
    Dan StutzbachUniversity of Oregon; .
  • Happy Packets - Initial Results
    Speakers:
    Randy Bush, IIJ; Tim GriffinIntel Research; .
    Zhuoqing MaoUniversity of Michigan; .
    Eric PurpusUniversity of Oregon; .
    Dan StutzbachUniversity of Oregon; .

 

^ Back to Top