DOCSLIB.ORG

Improving Networking

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Improving Networking IMPERIAL COLLEGE LONDON FINALYEARPROJECT JUNE 14, 2010 Improving Networking by moving the network stack to userspace Author: Matthew WHITWORTH Supervisor: Dr. Naranker DULAY 2 Abstract In our modern, networked world the software, protocols and algorithms involved in communication are among some of the most critical parts of an operating system. The core communication software in most modern systems is the network stack, but its basic monolithic design and functioning has remained unchanged for decades. Here we present an adaptable user-space network stack, as an addition to my operating system Whitix. The ideas and concepts presented in this report, however, are applicable to any mainstream operating system. We show how re-imagining the whole architecture of networking in a modern operating system offers numerous benefits for stack-application interactivity, protocol extensibility, and improvements in network throughput and latency. 3 4 Acknowledgements I would like to thank Naranker Dulay for supervising me during the course of this project. His time spent offering constructive feedback about the progress of the project is very much appreciated. I would also like to thank my family and friends for their support, and also anybody who has contributed to Whitix in the past or offered encouragement with the project. 5 6 Contents 1 Introduction 11 1.1 Motivation.................................... 11 1.1.1 Adaptability and interactivity.................... 11 1.1.2 Multiprocessor systems and locking................ 12 1.1.3 Cache performance.......................... 14 1.2 Whitix....................................... 14 1.3 Outline...................................... 15 2 Hardware and the LDL 17 2.1 Architectural overview............................. 17 2.2 Network drivers................................. 18 2.2.1 Driver and device setup........................ 20 2.2.2 Sending packets............................ 21 2.2.3 Receiving packets........................... 21 2.3 Linux Driver Layer............................... 22 2.3.1 Caveats.................................. 22 2.4 Network device manager........................... 23 2.5 Hardware address cache............................ 24 2.6 Packet I/O.................................... 25 2.7 Summary..................................... 26 3 Network channels 27 3.1 Background.................................... 27 3.2 Design....................................... 28 3.2.1 Possibilities............................... 28 3.2.2 Tradeoffs................................. 32 3.2.3 Architectural overview........................ 33 3.3 Channel management............................. 35 3.3.1 Setup................................... 36 3.3.2 Control.................................. 38 3.3.3 Organization.............................. 38 7 CONTENTS CONTENTS 3.3.4 Destruction............................... 39 3.4 Memory management............................. 39 3.4.1 Memory layout............................. 40 3.4.2 Usercode library............................ 45 3.5 File emulation.................................. 46 3.6 Packet classification............................... 47 3.6.1 Family matching............................ 47 3.6.2 Protocols: Matching packets to channels............. 49 3.7 Routing...................................... 50 3.7.1 Firewall................................. 51 3.8 Testing....................................... 51 3.9 Discussion.................................... 53 3.10 Summary..................................... 54 4 Userspace networking 55 4.1 Background.................................... 55 4.1.1 Microkernel research......................... 56 4.2 Overview..................................... 57 4.3 Network stack.................................. 59 4.3.1 Architecture............................... 59 4.3.2 APIs.................................... 61 4.3.3 Internal layers: channels and IP................... 63 4.3.4 UDP and ICMP sockets........................ 64 4.4 TCP........................................ 66 4.4.1 Design choices............................. 66 4.4.2 Possible TCP changes......................... 67 4.4.3 Sending packets............................ 68 4.4.4 Retransmission............................. 69 4.4.5 Receiving packets and the state machine............. 69 4.4.6 Socket polling.............................. 71 4.5 Utilities...................................... 72 4.5.1 firewall.................................. 72 4.5.2 nprof................................... 73 4.5.3 dhcp................................... 73 4.5.4 dns.................................... 73 4.5.5 ping.................................... 74 4.6 Applications................................... 74 4.6.1 ftp..................................... 75 4.6.2 telnet................................... 76 4.6.3 httpd................................... 76 4.7 Testing....................................... 78 4.7.1 Specific methods............................ 78 4.7.2 Application testing and summary.................. 79 4.8 Discussion.................................... 80 4.9 Summary..................................... 80 8 CONTENTS CONTENTS 5 Dynamic protocols 83 5.1 Background.................................... 83 5.1.1 Adaptable and interactive protocols................ 83 5.1.2 Statistics, profiling and adaptation................. 85 5.1.3 Asynchronous I/O........................... 86 5.2 Architecture................................... 87 5.3 Statistics and profiling............................. 88 5.3.1 Categories................................ 89 5.3.2 Use.................................... 90 5.4 Adaptation.................................... 91 5.4.1 Current adaptive technologies.................... 91 5.4.2 Application hints............................ 91 5.4.3 Profiling data.............................. 92 5.5 Events....................................... 93 5.5.1 Design.................................. 94 5.5.2 TCP.................................... 95 5.5.3 Asynchronous I/O........................... 98 5.5.4 Event delivery.............................. 99 5.6 Discussion.................................... 101 5.7 Summary..................................... 102 6 Performance 103 6.1 Background.................................... 103 6.2 Method...................................... 104 6.2.1 Caveats.................................. 104 6.2.2 Procedure................................ 105 6.2.3 Timers.................................. 107 6.3 Experimental testbed.............................. 107 6.4 Analysis...................................... 108 6.4.1 Send................................... 111 6.4.2 Receive.................................. 112 6.5 Summary..................................... 112 7 Evaluation 113 7.1 Flexibility and adaptability.......................... 113 7.2 Correctness and stability............................ 114 7.2.1 Comparisons.............................. 116 7.3 Functionality and usability.......................... 116 7.4 Scalability..................................... 117 7.5 Summary..................................... 119 8 Conclusion 121 8.1 Scale and schedule............................... 122 8.2 Future work................................... 124 8.2.1 Merging shared memory and message queues.......... 124 8.2.2 More protocol suites.......................... 125 9 CONTENTS CONTENTS 8.2.3 Stateful firewall............................ 125 8.2.4 Remote network stack management................ 125 8.3 Final comments................................. 126 9 Bibliography 127 Appendices 131 A Network statistics file format 133 A.1 Header...................................... 133 A.2 Port entries.................................... 134 A.3 Host entries.................................... 134 B System calls 135 B.1 SysChannelCreate................................ 135 B.2 SysChannelControl............................... 136 C Usercode library functions 137 10 Chapter 1 Introduction In this report, I present an adaptable interactive TCP/IP user-space network stack as an addition to my operating system Whitix.1 As well as decoupling the policy of producing and processing packets from the mechanism of sending and receiving them, it scales and adapts better than existing solutions as well as adhering strongly to the end-to-end principle of the Internet. First of all, I will list the current problems and limitations in the field of network stacks, before proposing my solution in detail and the original contributions that I will make, along with a list of objectives that need to be achieved to satisfy the project goals. 1.1 Motivation In our modern, networked world the software, protocols and algorithms involved in communication are among some of the most critical parts of an operating system. The core communication software in most modern systems is the network stack, but its basic monolithic design and functionality appears to have remained unchanged since the 1970s. With the progress in processor technology aiming towards multi- core and many-core systems,[38] there is a need for a new network stack design to replace the current monolithic stacks of today with (what I believe to be) their restricted legacy designs. First of all, I shall summarize the problems inherent in current implementations. 1.1.1 Adaptability and interactivity The first major problem is the lack of adaptability in and feedback from the net- work stack in general. Although certain transport protocols like TCP can adapt their data transmission algorithms
Load more

Recommended publications
  • Network/Socket Programming in Java
    Network/Socket Programming in Java Rajkumar Buyya Elements of C-S Computing a client, a server, and network Request Client Server Network Result Client machine Server machine java.net n Used to manage: c URL streams c Client/server sockets c Datagrams Part III - Networking ServerSocket(1234) Output/write stream Input/read stream Socket(“128.250.25.158”, 1234) Server_name: “manjira.cs.mu.oz.au” 4 Server side Socket Operations 1. Open Server Socket: ServerSocket server; DataOutputStream os; DataInputStream is; server = new ServerSocket( PORT ); 2. Wait for Client Request: Socket client = server.accept(); 3. Create I/O streams for communicating to clients is = new DataInputStream( client.getInputStream() ); os = new DataOutputStream( client.getOutputStream() ); 4. Perform communication with client Receiive from client: String line = is.readLine(); Send to client: os.writeBytes("Hello\n"); 5. Close sockets: client.close(); For multithreade server: while(true) { i. wait for client requests (step 2 above) ii. create a thread with “client” socket as parameter (the thread creates streams (as in step (3) and does communication as stated in (4). Remove thread once service is provided. } Client side Socket Operations 1. Get connection to server: client = new Socket( server, port_id ); 2. Create I/O streams for communicating to clients is = new DataInputStream( client.getInputStream() ); os = new DataOutputStream( client.getOutputStream() ); 3. Perform communication with client Receiive from client: String line = is.readLine(); Send to client: os.writeBytes("Hello\n");
    [Show full text]
  • Retrofitting Privacy Controls to Stock Android
    Saarland University Faculty of Mathematics and Computer Science Department of Computer Science Retrofitting Privacy Controls to Stock Android Dissertation zur Erlangung des Grades des Doktors der Ingenieurwissenschaften der Fakultät für Mathematik und Informatik der Universität des Saarlandes von Philipp von Styp-Rekowsky Saarbrücken, Dezember 2019 Tag des Kolloquiums: 18. Januar 2021 Dekan: Prof. Dr. Thomas Schuster Prüfungsausschuss: Vorsitzender: Prof. Dr. Thorsten Herfet Berichterstattende: Prof. Dr. Michael Backes Prof. Dr. Andreas Zeller Akademischer Mitarbeiter: Dr. Michael Schilling Zusammenfassung Android ist nicht nur das beliebteste Betriebssystem für mobile Endgeräte, sondern auch ein ein attraktives Ziel für Angreifer. Um diesen zu begegnen, nutzt Androids Sicher- heitskonzept App-Isolation und Zugangskontrolle zu kritischen Systemressourcen. Nutzer haben dabei aber nur wenige Optionen, App-Berechtigungen gemäß ihrer Bedürfnisse einzuschränken, sondern die Entwickler entscheiden über zu gewährende Berechtigungen. Androids Sicherheitsmodell kann zudem nicht durch Dritte angepasst werden, so dass Nutzer zum Schutz ihrer Privatsphäre auf die Gerätehersteller angewiesen sind. Diese Dissertation präsentiert einen Ansatz, Android mit umfassenden Privatsphäreeinstellun- gen nachzurüsten. Dabei geht es konkret um Techniken, die ohne Modifikationen des Betriebssystems oder Zugriff auf Root-Rechte auf regulären Android-Geräten eingesetzt werden können. Der erste Teil dieser Arbeit etabliert Techniken zur Durchsetzung von Sicherheitsrichtlinien
    [Show full text]
  • Libioth (Slides)
    libioth The definitive API for the Internet of Threads Renzo Davoli – Michael Goldweber "niversit$ o% Bolo&na '(taly) – *avier "niver#it$ (Cin!innati, "SA) ,irt-alS.-are Micro/ernel DevRoo0 1 © 2021 Davoli-Goldweber libioth. CC-BY-SA 4.0 (nternet of Thread# (IoTh) service1.company.com → 2001:1:2::1 service2.company.com → 2001:1:2::2 host.company.com→11.12.13.14 processes service3.company.com → 2001:1:2::3 2 © 2021 Davoli-Goldweber libioth. CC-BY-SA 4.0 IoTh vs Iold What is an end-node o% the (nternet4 (t depends on what is identified b$ an (P addre##. ● (nternet o% 1hreads – (oTh – 7roce##e#8threads are a-tonomou# nodes of the (nternet ● (nternet o% 9e&ac$ Devi!es 'in brie% (-old in this presentation) – (nternet o% :ost# – Internet of ;etwork Controller#. – (nternet o% ;a0e#5a!e# 2 © 2021 Davoli-Goldweber libioth. CC-BY-SA 4.0 7,M – IoTh - </ernel 4 © 2021 Davoli-Goldweber libioth. CC-BY-SA 4.0 7,M – IoTh - </ernel ● icro/ernel, Internet o% Threads, Partial Virtual a!hines have the co00on goal to create independent code units i05lementing services ● 1hey are all against monolithic i05lementation# ● 1he challenge o% this talk is to !reate !ontacts, e>5loit paralleli#0#+ that allow to share res-lts, A7I, code. = © 2021 Davoli-Goldweber libioth. CC-BY-SA 4.0 Network Sta!/ ● API to application layer TCP-IP stack TCP UDP IPv4 IPv6 ICMP(v4,v6) ● API (NPI) to data-link – (e.g. libioth uses VDE: libvdeplug) ? © 2021 Davoli-Goldweber libioth. CC-BY-SA 4.0 IoTh & </ernel User process User process TCP-IP stack TCP UDP TCP/IP stack process IPv4 IPv6 ICMP(v4,v6) TCP-IP stack TCP UDP IPv4 IPv6 ICMP(v4,v6) Data-link network server Data-link network server @ © 2021 Davoli-Goldweber libioth.
    [Show full text]
  • 1 Introduction
    Technical report, IDE1202, February 2012 Enhancing Network Security in Linux Environment Master Thesis in Computer Network Engineering By Ali Mohammed, Sachin Sama and Majeed Mohammed School of Information Science, Computer and Electrical Engineering Halmstad University i Enhancing Network Security in Linux Environment Master Thesis in Computer Network Engineering School of Information Science, Computer and Electrical Engineering Halmstad University Box 823, S-301 18 Halmstad, Sweden February 2012 ii Preface First of all, we would like to express our sincere gratitude to our Supervisor Philip Heimer and Professor Tony Larsson for their supervision and assistance in the entire thesis work. We are also thankful to IDE department, Halmstad University for providing this opportunity to complete this thesis. Ali Mohammed Sachin Sama Majeed Mohammed iii iv Abstract Designing a secured network is the most important task in any enterprise or organization development. Securing a network mainly involves applying policies and procedures to protect different network devices from unauthorized access. Servers such as web servers, file servers, mail servers, etc., are the important devices in a network. Therefore, securing these servers is the first and foremost step followed in every security implementation mechanism. To implement this, it is very important to analyse and study the security mechanisms provided by the operating system. This makes it easier for security implementation in a network. This thesis work demonstrates the tasks needed to enhance the network security in Linux environment. The various security modules existing in Linux makes it different from other operating systems. The security measures which are mainly needed to enhance the system security are documented as a baseline for practical implementation.
    [Show full text]
  • How to XDP (With Snabb)
    How to XDP (with Snabb) Max Rottenkolber <[email protected]> Tuesday, 21 January 2020 Table of Contents Intro 1 Creating an XDP socket 2 Mapping the descriptor rings 4 Binding an XDP socket to an interface 7 Forwarding packets from a queue to an XDP socket 8 Creating a BPF map . 9 Assembling a BPF program . 9 Attaching a BPF program to an interface . 12 Packet I/O 14 Deallocating the XDP socket 18 Intro Networking in userspace is becoming mainstream. Recent Linux kernels ship with a feature called eXpress Data Path (XDP) that intends to con- solidate kernel-bypass packet processing applications with the kernel’s networking stack. XDP provides a new kind of network socket that al- lows userspace applications to do almost direct I/O with network device drivers while maintaining integration with the kernel’s native network stack. To Snabb XDP looks like just another network I/O device. In fact the XDP ABI/API is so similar to a typical hardware interfaces that it feels a bit like driving a NIC, and not by accident. I think it is fair to describe XDP as a generic interface to Linux network drivers that also 1 has a virtual backend it integrates with: the Linux network stack. In that sense, XDP can be seen as a more hardware centric sibling of AF_PACKET. I can think of two reasons why XDP might be interesting for Snabb users: • While the Snabb community prefers NICs with open hardware interface specifications there are a lot of networking devices out there that lack open specifications.
    [Show full text]
  • ENT-UG1060 User Guide Software API Programming
    ENT-UG1060 User Guide Software API Programming Microsemi Corporation (Nasdaq: MSCC) offers a comprehensive portfolio of semiconductor and system solutions for communications, defense & security, aerospace and industrial markets. Products include high-performance and radiation-hardened analog mixed-signal integrated circuits, FPGAs, SoCs and ASICs; power management products; timing and synchronization devices and precise time solutions, setting the world's standard for time; voice processing devices; RF solutions; discrete components; security technologies and scalable anti-tamper products; Ethernet solutions; Power-over-Ethernet ICs and midspans; as well as custom design capabilities and services. Microsemi is headquartered in Aliso Viejo, Calif, and has approximately 3,600 employees globally. Learn more at www.microsemi.com. Microsemi Corporate Headquarters Microsemi makes no warranty, representation, or guarantee regarding the information contained herein or One Enterprise, Aliso Viejo, the suitability of its products and services for any particular purpose, nor does Microsemi assume any CA 92656 USA liability whatsoever arising out of the application or use of any product or circuit. The products sold hereunder and any other products sold by Microsemi have been subject to limited testing and should not Within the USA: +1 (800) 713-4113 be used in conjunction with mission-critical equipment or applications. Any performance specifications are Outside the USA: +1 (949) 380-6100 believed to be reliable but are not verified, and Buyer must conduct and complete all performance and Sales: +1 (949) 380-6136 other testing of the products, alone and together with, or installed in, any end-products. Buyer shall not rely Fax: +1 (949) 215-4996 on any data and performance specifications or parameters provided by Microsemi.
    [Show full text]
  • Post Sockets - a Modern Systems Network API Mihail Yanev (2065983) April 23, 2018
    Post Sockets - A Modern Systems Network API Mihail Yanev (2065983) April 23, 2018 ABSTRACT In addition to providing native solutions for problems, es- The Berkeley Sockets API has been the de-facto standard tablishing optimal connection with a Remote point or struc- systems API for networking. However, designed more than tured data communication, we have identified that a com- three decades ago, it is not a good match for the networking mon issue with many of the previously provided networking applications today. We have identified three different sets of solutions has been leaving the products vulnerable to code problems in the Sockets API. In this paper, we present an injections and/or buffer overflow attacks. The root cause implementation of Post Sockets - a modern API, proposed by for such problems has mostly proved to be poor memory Trammell et al. that solves the identified limitations. This or resource management. For this reason, we have decided paper can be used for basis of evaluation of the maturity of to use the Rust programming language to implement the Post Sockets and if successful to promote its introduction as new API. Rust is a programming language, that provides a replacement API to Berkeley Sockets. data integrity and memory safety guarantees. It uses region based memory, freeing the programmer from the responsibil- ity of manually managing the heap resources. This in turn 1. INTRODUCTION eliminates the possibility of leaving the code vulnerable to Over the years, writing networked applications has be- resource management errors, as this is handled by the lan- come increasingly difficult.
    [Show full text]
  • Network Forensics: Following the Digital Trail in a Virtual Environment
    Network Forensics: Following the Digital Trail in a Virtual Environment Master of Science Thesis in the Programme: Networks & Distributed Systems KONSTANTINOS SAMALEKAS Chalmers University of Technology University of Gothenburg Department of Computer Science and Engineering Göteborg, Sweden, October 2010 The Author grants to Chalmers University of Technology and University of Gothenburg the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet. Network Forensics: Following the Digital Trail in a Virtual Environment KONSTANTINOS SAMALEKAS © KONSTANTINOS SAMALEKAS, October 2010. Examiner: ARNE LINDE Chalmers University of Technology University of Gothenburg Department of Computer Science and Engineering SE-412 96 Göteborg Sweden Telephone + 46 (0)31-772 1000 Department of Computer Science and Engineering Göteborg, Sweden, October 2010 ABSTRACT The objective of this project is to examine all important aspects of network forensics, and apply incident response methods and investigation tech- niques in practice. The subject is twofold and begins by introducing the reader to the major network forensic topics.
    [Show full text]
  • Introduction to RAW-Sockets Jens Heuschkel, Tobias Hofmann, Thorsten Hollstein, Joel Kuepper
    Introduction to RAW-sockets Jens Heuschkel, Tobias Hofmann, Thorsten Hollstein, Joel Kuepper 16.05.2017 Technical Report No. TUD-CS-2017-0111 Technische Universität Darmstadt Telecooperation Report No. TR-19, The Technical Reports Series of the TK Research Division, TU Darmstadt ISSN 1864-0516 http://www.tk.informatik.tu-darmstadt.de/de/publications/ Introduction to RAW-sockets by Heuschkel, Jens Hofmann, Tobias Hollstein, Thorsten Kuepper, Joel May 17, 2017 Abstract This document is intended to give an introduction into the programming with RAW-sockets and the related PACKET-sockets. RAW-sockets are an additional type of Internet socket available in addition to the well known DATAGRAM- and STREAM-sockets. They do allow the user to see and manipulate the information used for transmitting the data instead of hiding these details, like it is the case with the usually used STREAM- or DATAGRAM sockets. To give the reader an introduction into the subject we will first give an overview about the different APIs provided by Windows, Linux and Unix (FreeBSD, Mac OS X) and additional libraries that can be used OS-independent. In the next section we show general problems that have to be addressed by the programmer when working with RAW-sockets. We will then provide an introduction into the steps necessary to use the APIs or libraries, which functionality the different concepts provide to the programmer and what they provide to simplify using RAW and PACKET-sockets. This section includes examples of how to use the different functions provided by the APIs. Finally in the additional material we will give some complete examples that show the concepts and can be used as a basis to write own programs.
    [Show full text]
  • SUSE Linux Enterprise Server 11 SP4 System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 11 SP4
    SUSE Linux Enterprise Server 11 SP4 System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 11 SP4 Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see http://www.suse.com/company/legal/ . All other third party trademarks are the property of their respective owners. A trademark symbol (®, ™ etc.) denotes a SUSE or Novell trademark; an asterisk (*) denotes a third party trademark. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xi 1 Available Documentation xii 2 Feedback xiv 3 Documentation Conventions xv I BASICS 1 1 General Notes on System Tuning 2 1.1 Be Sure What Problem to Solve 2 1.2 Rule Out Common Problems 3 1.3 Finding the Bottleneck 3 1.4 Step-by-step Tuning 4 II SYSTEM MONITORING 5 2 System Monitoring Utilities 6 2.1 Multi-Purpose Tools 6 vmstat 7
    [Show full text]
  • Internet Security [1] VU 184.216
    Internet Security [1] VU 184.216 Engin Kirda [email protected] Christopher Kruegel [email protected] The Internet Host Host Internet Host Subnet Host Subnet Host Host Subnet PPP (phone) Internet Security 1 2 Direct IP delivery • If two hosts are in the same physical network the IP datagram is encapsulated and delivered directly Host 1 Host 2 Host 3 (192.168.0.2) (192.168.0.3) (192.168.0.5) Host 4 Host 5 Host 6 (192.168.0.81) (192.168.0.99) (192.168.0.7) Internet Security 1 3 Ethernet dest (48 bits) src (48 bits) type (16) data CRC (32) 0x0800 IP Datagram Internet Security 1 4 Ethernet • Widely used link layer protocol • Carrier Sense, Multiple Access, Collision Detection • Addresses: 48 bits (e.g. 00:38:af:23:34:0f), mostly – hardwired by the manufacturer • Type (2 bytes): specifies encapsulated protocol – IP, ARP, RARP • Data: – min. 46 bytes payload (padding may be needed), max 1500 bytes • CRC (4 bytes) Internet Security 1 5 Direct IP delivery Problem: • Ethernet uses 48 bit addresses • IP uses 32 bit addresses • we want to send an IP datagram • but we only can use the Link Layer to do this Internet Security 1 6 ARP ARP (Address Resolution Protocol) • Service at the link-level, RFC 826 • maps network-addresses to link-level addresses • Host A wants to know the hardware address associated with IP address of host B • A broadcasts ARP message on physical link – including its own mapping • B answers A with ARP answer message • Mappings are cached: arp -a shows mapping Internet Security 1 7 RARP RARP (Reverse Address Resolution
    [Show full text]
  • DESIGN of an AUTONOMOUS ANTI-DDOS NETWORK (A2D2) By
    DESIGN OF AN AUTONOMOUS ANTI-DDOS NETWORK (A2D2) by ANGELA CEARNS, B.A. University of Western Ontario, London, Ontario, Canada, 1995 A Thesis Submitted to the Faculty of Graduate School of the University of Colorado at Colorado Springs in Partial Fulfillment of the Requirements for the Degree of Master of Engineering Department of Computer Science 2002 ii Ó Copyright By Angela Cearns 2002 All Rights Reserved iii This thesis for the Master of Engineering degree by Angela Cearns has been approved for the Department of Computer Science by _______________________________________________________ Advisor: Dr. C. Edward Chow _______________________________________________________ Dr. Jugal K. Kalita _______________________________________________________ Dr. Charles M. Shub Date iv Design of an Autonomous Anti-DDoS Network (A2D2) by Angela Cearns (Master of Engineering, Software Engineering) Thesis directed by Associate Professor C. Edward Chow Department of Computer Science Abstract Recent threats of Distributed Denial of Service attacks (DDoS) are mainly directed at home and small to medium sized networks that lack the incentive, expertise, and financial means to defend themselves. Using the Evolutionary Software Life-Cycle model, this thesis designs an Autonomous Anti-DDoS Network (A2D2) that integrates and improves on existing DDoS mitigation technologies. A2D2 provides an affordable and manageable solution to small and medium networks, and enables small office and home office (SOHO) networks to take control of their own defense within their own network boundary. Test-bed results show that A2D2 is highly effective in ensuring Quality of Service (QoS) during bandwidth consumption DDoS attacks. The A2D2 test-bed has demonstrated significant intrusion tolerance against attacks of various types, including UDP, ICMP and TCP based DDoS attacks.
    [Show full text]