DOCSLIB.ORG

Performance Analysis on Dynamic VLAN and Openflow

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Performance Analysis on Dynamic VLAN and Openflow Master Thesis Electrical Engineering October 2015 Performance Analysis on Dynamic VLAN and OpenFlow Reddy Kamal Teja Gurramkonda Department of Communication Systems Blekinge Institute of Technology SE-371 79 Karlskrona Sweden This thesis is submitted to the Faculty of Computing at Blekinge Institute of Technology in partial fullment of the requirements for the degree of Master of Science in Electrical Engineering. The thesis is equivalent to 20 weeks of full time studies. Contact Information: Author(s): Reddy Kamal Teja Gurramkonda. E-mail: [email protected], [email protected] University advisor(s): Dr. Patrik Arlos School of Computing University examiner(s): Dr. Kurt Tutschku Department of Communication Systems School of Computing Blekinge Institute of Technology Internet : www.bth.se/com SE-371 79 Karlskrona Phone : +46 455 38 50 00 Sweden Fax : +46 455 38 50 57 Abstract In the current innovative network, to cope with the increased require- ments of customers, there is a rapid increase in the development of dierent protocols and applications. With such increase in networking technology, the security constraints are becoming more and more severe, reducing the accessibility to the actual network for implementing new protocols. This scenario forced for an urgent need of a technology, which can help the re- searchers to implement their developed protocols in the network without inuencing the production trac. This need resulted in a concept called network isolation. This is achieved by VLAN or SDN technologies. In this study, we investigate the performance of VLAN and an API of SDN in the context of establishing dynamic link, in switching setup. For such a link creation, dynamic VLAN (dVLAN) is used in the former case and OpenFLow protocol is used in the later scenario. The main focus in this study is to compare the dynamic behavior of both the protocols in layer-2 context by measuring network level performance metrics of each protocol. Some of the features like, vendor independency and software independency is taken into account while measuring the performance metrics. In order to evaluate the performance, an experimental testbed is implemented. The network level performance metric called protocol setup time is measured. It is the time taken by each protocol to setup an active link between two end-hosts. A two-tire network architecture is implemented with the mentioned features. From the analytical and statistical results obtained, OpenFlow re- sulted in performing relatively better when compared to dynamic VLANs. By carefully examining the protocol setup time of OpenFlow against dVLAN, OpenFlow took less time when compared to dVLAN resulting in faster exe- cution in enabling connectivity. On the other hand, the analytical study on the two protocols reects the simplicity exhibited by dVLAN over Open- Flow. Keywords: Dynamic VLAN, Network Isolation, OpenFlow, SDN. i Acknowledgments I would like to thank the supremacy, God, for blessing me with the knowl- edge of understanding and exceptional hope for which I am greatful to. Nextly, I would thank my parents for encouraging me in performing the tasks of duty. I especially have deep scence of gratitude towards my friends who helped me and gave hope of light. I particularly owe my debt of gratitude to Dr.Patrik Arlos senior lecture, DIKO, for his vision and foresight which inspired me in coping with challenging tasks. I have surely learnt many lots of things by working under him and especially increased my self thinking capabilities and problem detection thinking. Reddy Kamal Teja Gurramkonda ii Contents Abstracti Acknowledgments ii Table of Contents iii List of Figuresv List of Tables vi Acronyms vii 1 Introduction2 1.1 Motivation............................... 3 1.2 Scope of Thesis............................ 4 1.3 Problem Statement.......................... 4 1.4 Aims and objectives ......................... 4 1.5 Research Questions.......................... 5 1.6 Research Method........................... 5 2 Background8 2.1 VLAN Virtual Local Area Networks................ 8 2.1.1 Port-Based VLAN ...................... 9 2.1.2 MAC Address Based VLAN................. 10 2.1.3 Protocol-Based VLAN.................... 10 2.1.4 GVRP............................. 11 2.2 The New Network Architecture ................... 13 2.2.1 Need for Software-Dened Networking ........... 13 2.2.2 Restrictions in Current Network............... 14 2.3 OpenFlow............................... 15 2.3.1 OpenFlow Switch components................ 15 2.3.2 Operational steps of OpenFlow ............... 16 2.3.3 Classes of OpenFlow Communication............ 17 2.3.4 NOX An OpenFlow Controller .............. 19 2.4 Related Works............................. 19 iii 3 Methodology 22 3.1 Experiment Setup........................... 22 3.1.1 Dynamic Virtual LAN (dVLAN) Implementation . 22 3.1.2 OpenFlow Implementation.................. 26 3.2 Performance Metric Measurement.................. 29 3.2.1 Dynamic VLAN Setup Time Measurement......... 30 3.2.2 OpenFlow Setup Time Measurement............ 32 4 Experiment Results and Analysis 36 4.1 Dynamic VLAN Assessment..................... 36 4.2 OpenFlow Assessment ........................ 37 4.3 Theoretical Model........................... 38 4.3.1 Dynamic VLAN........................ 38 4.3.2 OpenFlow Protocol...................... 39 5 Conclusions 41 References 44 Appendix 47 iv List of Figures 2.1 Ethernet frame with VLAN tag................... 8 2.2 VLAN Architcture .......................... 9 2.3 GARP Architecture [11] ....................... 12 2.4 GARP Architecture [11] ....................... 13 2.5 Flow Table .............................. 15 2.6 10-Tuple................................ 16 2.7 Procedural steps carried out by OpenFlow [7][12] ......... 17 2.8 Pipeline Processing [7][10] ...................... 18 3.1 Dynamic VLAN Experiment setup ................. 24 3.2 GVRP exchange between switches.................. 25 3.3 GVRP exchange in LAN....................... 25 3.4 OpenFlow Architecture........................ 27 3.5 Mode of OpenFlow - Virtualization mode.............. 28 3.6 Mode of OpenFlow - Aggregation mode............... 28 3.7 OF Switch - controller communication ............... 29 3.8 Capture Description ......................... 30 3.9 Sequence diagram of dVLAN .................... 31 3.10 Time line diagram of dVLAN .................... 32 3.11 Sequence diagram of OpenFlow................... 33 3.12 Time line diagram of OpenFlow................... 34 4.1 dVLAN Setup Time (iterations plot) ................ 37 4.2 OpenFlow Setup Time (iterations plot)............... 38 1 Trace of dVLAN ........................... 50 2 Trace of OpenFlow.......................... 51 v List of Tables 3.1 Hardware Specications - Switch .................. 23 3.2 Hardware Specications - Host.................... 23 4.1 Protocol Setup Time for dVLAN .................. 36 4.2 Protocol Setup Time for OpenFlow................. 37 vi Acronyms CLI Command Line Inerface DOS Denial of Service dVLAN Dynamic Virtual LAN GARP Generic Attribute Resolution Protocol GVRP GARP VLAN Registration Protocol ICMP Internet Control Message protocol ID Identification IP Internet Protocol IT Information Technology LTS Long Term Support MAC Medium Access Control NIC Network Interface Card ONF Open Network Foundation QoS Quality of Service SDN Software Defined Networking STP Spanning Tree Protocol TCAM Ternary Content-Addressable Memory TLS Transport Level Security VID VLAN Identifier/Identity VLAN Virtual Local Area Network VMPS VLAN Member Policy Server vii Chapter 1: INTRODUCTION Chapter 1 Introduction In today's world, innovation of enterprise network is increasing day by day. Enterprise networks are often large networks that incorporate dierent vari- eties of protocols and applications. These networks are installed with enormous equipment and protocols, increasing the security constrains creating a challeng- ing environment for the researchers in network innovation. The current possible methods are fragile making the enterprise expensive and error-prone. The cur- rent methods are indeed manual conguration setups done by trained operators to achieve adequate security [1][2][3]. A research group called Yankee reported that, on an average the total network downtime was around 62% which was only due to human error and 80% of IT budget was spent only on maintenance and operations [4]. This situation made the researchers impossible to have real envi- ronment experiments to test new protocols. This situation forced for the need of network isolation, i.e., to have the availability to use the same network but without inuencing the production traf- c. Network isolation can be provided by VLAN Virtual local Area Network. VLANs are layer-2 entities that bring dierent hosts at dierent localities into a single network which are software administrated. These VLANs are indepen- dent of physical connectivity i.e., hosts at dierent physical locations are brought together, resulting in more exible network administration, management and re- conguration [5][6][7]. The next stage of VLANs is Dynamic VLANs [8]. This concept is derived, as the manual conguration of these VLANs is very com- plex in the current innovative enterprise network architecture. The conguring of desired VLANs is performed on one network device (switch mostly the ad- ministrator switch) and the rest of the network is made to learn the VLANs from that switch resulting in dynamic creation of those advertised VLANs
Load more

Recommended publications
  • Amazon Guardduty Security Review
    Amazon GuardDuty Security Review Prepared by: Andrew McKenna, Principal Consultant Dimitris Kamenopoulos, Information Security Officer Keith Lee, Senior Penetration Tester Foregenix Inc. | 75 State St., 1st Floor, Boston, MA, 02109 | USA | +1 (877) 418 4774 AWS Security Services 1 Executive Summary Cloud Technologies are largely subject to the same attack vectors seen in more traditional on-premise deployments, and therefore when it comes to cyber security, they require the same level of attention. However, Cloud Technologies like Amazon Web Services (AWS) also introduce new opportunities for more effective defence, and the correct understanding of this is critical for a successful cyber security strategy. Cloud providers can sometimes struggle to provide a granular level of access to internal security events and other interesting system behavior indicators, but when these are available, cyber security vendors can consume them and use them to generate appropriate security responses. AWS provides a dedicated service for this task, Amazon GuardDuty. Foregenix has been engaged by AWS to perform an independent cyber security assessment of GuardDuty and produce an opinion in relation to how the service compares with other recognised industry solutions in relation to three specific areas: 1. Ability to detect suspected intrusions and alert personnel to suspicious activity 2. Ability to support PCI DSS compliance requirements 3. Ability to deploy and activate without expert skills The Testing Environment Foregenix configured a lab environment to perform testing using extensive and complex attack playbooks. The lab environment simulated a real world deployment composed of a web server, a bastion box and an internal server used for centralised event logging.
    [Show full text]
  • A Survey of Ethernet LAN Security Timo Kiravuo, Mikko S¨Arel¨A, and Jukka Manner
    IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 15, NO. 3, THIRD QUARTER 2013 1477 A Survey of Ethernet LAN Security Timo Kiravuo, Mikko S¨arel¨a, and Jukka Manner Abstract—Ethernet is the survivor of the LAN wars. It is switched, full-duplex, collision free Ethernet is considered the hard to find an IP packet that has not passed over an Ethernet standard low cost LAN solution for workstations and laptops, segment. One important reason for this is Ethernet’s simplicity and 10 Gbps is commonly available for servers and high and ease of configuration. However, Ethernet has always been known to be an insecure technology. Recent successful malware throughput hosts. attacks and the move towards cloud computing in data centers Ethernet segments are also being expanded, both in distance demand that attention be paid to the security aspects of Ethernet. and capacity, using various techniques [4]. Network operators In this paper, we present known Ethernet related threats and are starting to design edge to edge Ethernets, using the layer 2 discuss existing solutions from business, hacker, and academic communities. Major issues, like insecurities related to Address Ethernet internally to replace higher layer activities like IP Resolution Protocol and to self-configurability, are discussed. The routing and addressing, leaving them to be considered only solutions fall roughly into three categories: accepting Ethernet’s at the edges of the network. The motivation for having larger insecurity and circling it with firewalls; creating a logical Ethernet segments is to handle traffic at a layer lower than the separation between the switches and end hosts; and centralized IP layer.
    [Show full text]
  • Testován´I Propustnosti
    Masarykova univerzita }w¡¢£¤¥¦§¨ Fakulta informatiky !"#$%&'()+,-./012345<yA| Testov´an´ıpropustnosti IDS Diplomova´ prace´ Jakub Dobrovoln´y Brno, 2011 Prohl´aˇsen´ı Prohlaˇsuji,ˇzetato pr´aceje m´ymp˚uvodn´ımautorsk´ymd´ılem,kter´ejsem vypracoval samostatnˇe.Vˇsechny zdroje, prameny a literaturu, kter´ejsem pˇrivypracov´an´ıpouˇz´ıval nebo z nich ˇcerpal,v pr´aciˇr´adnˇecituji s uveden´ım ´upln´ehoodkazu na pˇr´ısluˇsn´yzdroj. Jakub Dobrovoln´y Podˇekov´an´ı R´adbych zde podˇekoval sv´emu vedouc´ımu pr´aceRNDr. V´aclavu Lorencovi a konzultantovi Mari´anovi Krˇcm´arikovi za vstˇr´ıcn´ypˇr´ıstup,rady a pˇripom´ınky pˇriˇreˇsen´ım´ediplomov´epr´acea pˇredevˇs´ımza ˇcas,kter´ymi vˇenovali. D´ale bych velmi r´adpodˇekoval sv´erodinˇeza podporu a motivaci v nejtˇeˇzˇs´ıch chv´ıl´ıch a tak´esv´ympˇr´atel˚um.Dˇekuji. Shrnut´ı Pˇriprodeji nebo koupi nˇejak´ehov´yrobkuje d˚uleˇzit´eo nˇemzn´atco nejv´ıce ´udaj˚u.Tato pr´acese zab´yv´ametodikou pro testov´an´ısyst´em˚una detekci s´ıt'ov´ych pr˚unik˚u,kter´alze pouˇz´ıtna jak´emkoliv syst´emu, bez ohledu na jeho v´yrobce. Jsou probr´any r˚uzn´en´astroje vhodn´ek proveden´ınavrhovan´ych test˚ua na z´avˇerje nˇekolik test˚uprovedeno na v´yrobkuKernun a dosaˇzen´e v´ysledkyshrnuty. Kl´ıˇcov´aslova propustnost, Intrusion Detection System, IDS, syst´emna detekci s´ıt'ov´ych ´utok˚u,Kernun, tcpprep, tcpreplay, tcprewrite, wireshark Obsah 1 Uvod´ 10 1.1 Ofici´aln´ızad´an´ıpr´ace . 11 2 Syst´emy na detekci s´ıt'ov´ych pr˚unik˚u 12 2.1 Co jsou ID(P)S .
    [Show full text]
  • Entwicklung Eines Programmierbaren User-Space-Switches
    Technische Universität Ilmenau Fakultät für Elektrotechnik und Informationstechnik Bachelorarbeit Entwicklung eines programmierbaren User-Space-Switches vorgelegt von: Carsten Andrich eingereicht am: 15. 05. 2014 geboren am: Studiengang: Elektrotechnik und Informationstechnik Studienrichtung: Informations- und Kommunikationstechnik Anfertigung im Fachgebiet: Kommunikationsnetze Fakultät für Elektrotechnik und Informationstechnik Verantwortlicher Professor: Prof. Dr. rer. nat. Jochen Seitz Wissenschaftlicher Betreuer: M.Sc. Markus Hager Kurzfassung Unsere moderne Informationsgesellschaft ist auf leistungsfähige Netzwerktechnologien angewiesen. Dazu zählt auch Ethernet, das heute nahezu exklusiv für kabelgebundene lokale Netzwerke eingesetzt wird. Da die Anforderungen an solche Netze exponenti- ell wachsen, wird der Ethernet-Standard kontinuierlich weiterentwickelt, wobei neben einer Steigerung der Übertragungsgeschwindigkeit auch Protokolle für die Umsetzung von Dienstgütegarantien im Mittelpunkt der Forschung stehen. Zur Unterstützung der Entwicklung neuer Protokolle stellen sowohl computergestützte Simulationen als auch Testnetzwerke probate Erprobungsmittel dar, wobei für Letztere programmierba- re Switches benötigt werden. Ein solcher Switch wird in dieser Arbeit als Anwendung im Linux User-Space entwickelt. Aufgrund von Unzulänglichkeiten bezüglich der Programmierbarkeit bestehender Software-Switches wird eine Neuimplementation in Angriff genommen. Im Fokus liegt dabei eine effiziente und skalierende Umsetzung der Ethernet-Frameweiterleitung
    [Show full text]
  • 3.4 Útok Na DHCP
    VYSOKÉ UČENÍ TECHNICKÉ V BRNĚ BRNO UNIVERSITY OF TECHNOLOGY FAKULTA ELEKTROTECHNIKY A KOMUNIKAČNÍCH TECHNOLOGIÍ ÚSTAV TELEKOMUNIKACÍ FACULTY OF ELECTRICAL ENGINEERING AND COMMUNICATION DEPARTMENT OF TELECOMMUNICATIONS BEZPEČNOSTNÍ RIZIKA PŘEPÍNAČŮ SWITCHES SECURITY RISKS BAKALÁŘSKÁ PRÁCE BACHELOR'S THESIS AUTOR PRÁCE PETER HALAŠKA AUTHOR VEDOUCÍ PRÁCE Ing. JIŘÍ SOBEK SUPERVISOR BRNO 2014 VYSOKÉ UČENÍ TECHNICKÉ V BRNĚ Fakulta elektrotechniky a komunikačních technologií Ústav telekomunikací Bakalářská práce bakalářský studijní obor Teleinformatika Student: Peter Halaška ID: 146825 Ročník: 3 Akademický rok: 2013/2014 NÁZEV TÉMATU: Bezpečnostní rizika přepínačů POKYNY PRO VYPRACOVÁNÍ: Prostudujte a následně zpracujte problematiku zabezpečení přepínačů pracujících na druhé vrstvě OSI/ISO modelu. Zmapujte jednotlivé útoky na přepínače a proveďte jejich zhodnocení. Na základě těchto poznatků proveďte vybrané útoky na přepínače a výsledky vhodně prezentujte. DOPORUČENÁ LITERATURA: [1] NORTHCUTT, S., ZELTSER, L. Bezpečnost počítačových sítí. Computer Press, 2006. ISBN 80-251-0697-7. DOSTÁLEK, L. Velký průvodce protokoly TCP/IP: Bezpečnost. 1.vyd. Praha: Computer Press, 2001, 565 s. ISBN 80-722-6513-X. [2] HUCABY, D. CCNP SWITCH 642-813 official certification guide. Indianapolis: Cisco Press, c2010, xxvii, 459 s. ISBN 978-1-58720-243-8. Termín zadání: 10.2.2014 Termín odevzdání: 4.6.2014 Vedoucí práce: Ing. Jiří Sobek Konzultanti bakalářské práce: doc. Ing. Jiří Mišurec, CSc. Předseda oborové rady UPOZORNĚNÍ: Autor bakalářské práce nesmí při vytváření bakalářské práce porušit autorská práva třetích osob, zejména nesmí zasahovat nedovoleným způsobem do cizích autorských práv osobnostních a musí si být plně vědom následků porušení ustanovení § 11 a následujících autorského zákona č. 121/2000 Sb., včetně možných trestněprávních důsledků vyplývajících z ustanovení části druhé, hlavy VI.
    [Show full text]
  • Generátor Kybernetických Útoků
    Rok / Year: Svazek / Volume: Číslo / Number: Jazyk / Language 2017 19 2 CZ Generátor kybernetických útoků Generator of Cyber Attacks Jakub Frolka, Peter Halaška, Jan Hajný, David Smékal [email protected], [email protected], [email protected], [email protected] Fakulta elektrotechniky a komunikačních technologií VUT v Brně DOI: - Abstract: The article deals with the security of computer networks based on TCP / IP protocol suite, in particular, testing the resistance to DDoS attacks and tools for generating malicious traffic. In the article the selected tools Hping3, Mausezahn and Trafgen are analyzed. For these tools the results of comparative measurements are presented. Based on the results of the experimental tests, the main contribution of this paper is design and implementation of the new tool for generation of DDoS attacks and its subsequent performance testing for individual attacks. The tool also has a unique web interface for its easier usage. VOL.19, NO.2, APRIL 2017 Rok / Year: Svazek / Volume: Číslo / Number: Jazyk / Language 2017 19 2 CZ Generátor kybernetických útoků Generator of Cyber Attacks Jakub Frolka, Peter Halaška, Jan Hajný, David Smékal [email protected], [email protected], [email protected], [email protected] Fakulta elektrotechniky a komunikačních technologií VUT v Brně DOI: - Abstract: The article deals with the security of computer networks based on TCP / IP protocol suite, in particular, testing the resistance to DDoS attacks and tools for generating malicious traffic. In the article the selected tools Hping3, Mausezahn and Trafgen are analyzed. For these tools the results of comparative measurements are presented.
    [Show full text]
  • An Evaluation of Software-Based Traffic Generators Using Docker
    DEGREE PROJECT IN COMPUTER SCIENCE AND ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2018 An Evaluation of Software-Based Traffic Generators using Docker SAI MAN WONG KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE An Evaluation of Software-Based Traffic Generators using Docker SAI MAN WONG Master’s Thesis in Computer Science at School of Computer Science and Communication, KTH Supervisor: Alexander Kozlov Examiner: Joakim Gustafson Abstract The Information and Communication Technology (ICT) in- dustry and network researchers use traffic generator tools to a large extent to test their systems. The industry uses reliable and rigid hardware-based platform tools for high- performance network testing. The research community com- monly uses software-based tools in, for example, experi- ments because of economic and flexibility aspects. As a result, it is possible to run these tools on different sys- tems and hardware. In this thesis, we examine the soft- ware traffic generators Iperf, Mausezahn, Ostinato in a closed loop physical and virtual environment to evaluate the applicability of the tools and find sources of inaccuracy for a given traffic profile. For each network tool, we mea- sure the throughput from 64- to 4096-byte in packet sizes. Also, we encapsulate each tool with container technology using Docker to reach a more reproducible and portable re- search. Our results show that the CPU primarily limits the throughput for small packet sizes, and saturates the 1000 Mbps link for larger packet sizes. Finally, we suggest using these tools for simpler and automated network tests. Referat En utvärdering utav mjukvarubaserade trafikgeneratorer med Docker IT-branschen och nätverksforskare använder sig av trafik- generatorer till stor del för att testa sina system.
    [Show full text]
  • Investigating Methods for Measuring Network Convergence Times
    Mälardalen University School of Innovation Design and Engineering Västerås, Sweden Thesis for the Degree of Master of Science in Computer Science with Specialization in Embedded Systems 30.0 credits INVESTIGATING METHODS FOR MEASURING NETWORK CONVERGENCE TIMES Jakob Danielsson [email protected] Tobias Andersson [email protected] Examiner: Thomas Nolte Mälardalen University, Västerås, Sweden Supervisor: Mohammad Ashjaei Mälardalen University, Västerås, Sweden Company supervisor: Thomas Sörensen, Westermo, Västerås, Vallby Institutet June 10, 2016 Mälardalen University Master Thesis Table of Contents 1 Introduction 5 1.1 Motivation........................................6 1.2 Thesis outline.......................................6 2 Background 7 2.1 The OSI model......................................7 2.2 Convergence time in layer 2...............................7 2.2.1 FRNT - Fast Reconfiguration of Network Topology..............8 2.2.2 FRNT Ring Coupling..............................8 2.2.3 Multi-Link Dual Homing............................8 2.2.4 Rapid spanning tree protocol - RSTP and STP................8 2.3 Convergence time in layer 3...............................9 2.3.1 RIP - Routing Information Protocol......................9 2.3.2 OSPF - Open Shortest Path First.......................9 2.3.3 VRRP - Virtual router redundancy protocol..................9 2.4 Convergence measurement tools............................. 10 2.5 The Linux operating system............................... 10 3 Related Work 11 4 Problem Formulation
    [Show full text]
  • Ddos Attacks and Their Alleviation Using Iptables
    DDoS attacks and their alleviation using iptables Thesis submitted in partial fulfillment of the requirements for the award of degree of Master of Engineering in Software Engineering Submitted By Ravinder Dahiya (Roll No. 801031025) Under the supervision of: Dr. Maninder Singh Associate Professor CSED COMPUTER SCIENCE AND ENGINEERING DEPARTMENT THAPAR UNIVERSITY PATIALA – 147004 June 2012 Acknowledgement Many people have shared their time and expertise to help me improvise and accomplish my goal. I would like to sincerely thank my guide, Dr. Maninder Singh, for his constant and felicitous support and guidance. His instant responses to my countless inquiries have been invaluable and motivational. It was a great opportunity to work under his supervision. Dr. Maninder Singh, Head, CSED, introduced me to the concept of DoS/DDoS attacks and inspired me to choose the current research focus. I would like to thank him for his moral support and research environment he had facilitated for this work. I wish to thank my family and my friend Mohit Raj for their immense support and encouragement throughout this time without which it would not have been possible to complete this work. Last but not the least I would like to thank God who have always been with me in my good and bad times. Ravinder Dahiya ME SE 801031025 ii Abstract Denial-of-Service (DoS) is a network security attack vector that poses a serious challenge to trustworthiness of services deployed on the servers. The aim of DoS attacks is to make services unavailable to legitimate users by flooding the victim with legitimate-like requests and current network architectures allow easy-to- launch, hard-to-stop DoS attacks.
    [Show full text]
  • Generátor Kybernetických Útoků Generator of Cyber Attacks
    VYSOKÉ UČENÍ TECHNICKÉ V BRNĚ BRNO UNIVERSITY OF TECHNOLOGY FAKULTA ELEKTROTECHNIKY A KOMUNIKAČNÍCH TECHNOLOGIÍ FACULTY OF ELECTRICAL ENGINEERING AND COMMUNICATION ÚSTAV TELEKOMUNIKACÍ DEPARTMENT OF TELECOMMUNICATIONS GENERÁTOR KYBERNETICKÝCH ÚTOKŮ GENERATOR OF CYBER ATTACKS DIPLOMOVÁ PRÁCE MASTER'S THESIS AUTOR PRÁCE Bc. Peter Halaška AUTHOR VEDOUCÍ PRÁCE Ing. Jan Hajný, Ph.D. SUPERVISOR BRNO 2016 Diplomová práce magisterský navazující studijní obor Telekomunikační a informační technika Ústav telekomunikací Student: Bc. Peter Halaška ID: 146825 Ročník: 2 Akademický rok: 2015/16 NÁZEV TÉMATU: Generátor kybernetických útoků POKYNY PRO VYPRACOVÁNÍ: Práce je zaměřena na bezpečnost sítí TCP/IP, především na oblast zátěžových testů a generování škodlivého provozu pro testování zranitelností. Výstupem práce bude softwarový generátor záplavových útoků v jazyce C, postavený na vlastní knihovně optimalizované pro vysoký výkon pps (packets per second). Budou realizovány útoky SYNflood, UDPflood, RSTflood, ICMPflood, ARPflood a nejméně 2 útoky na aplikační vrstvě. Bude navrženo a realizováno ovládací rozhraní. Systém bude optimalizován pro použití v 10 GbE prostředí. DOPORUČENÁ LITERATURA: [1] NEMETH, Evi, Garth SNYDER a Trent R HEIN. Linux: kompletní příručka administrátora : 2. aktulizované vydání. Vyd. 1. Brno: Computer Press, 2008, 984 s. Administrace (Computer Press). ISBN 978-80-251-2410-9. [2] An investigation into the detection and mitigation of denial of service (DoS) attacks: critical information infrastructure protection. New Delhi: Springer, 2011, xv, 345 s. ISBN 978-81-322-0276-9. Termín zadání: 1.2.2016 Termín odevzdání: 25.5.2016 Vedoucí práce: Ing. Jan Hajný, Ph.D. Konzultant diplomové práce: doc. Ing. Jiří Mišurec, CSc., předseda oborové rady UPOZORNĚNÍ: Autor diplomové práce nesmí při vytváření diplomové práce porušit autorská práva třetích osob, zejména nesmí zasahovat nedovoleným způsobem do cizích autorských práv osobnostních a musí si být plně vědom následků porušení ustanovení § 11 a následujících autorského zákona č.
    [Show full text]
  • Lightweight Autonomic Network Architecture
    Institut für Technische Informatik und Kommunikationsnetze Lightweight Autonomic Network Architecture Daniel Borkmann Master's Thesis MA-2011-01 January 2012 Advisors, ETH Zurich: Ariane Keller, Dr. Wolfgang Muhlbauer¨ Supervisor, ETH Zurich: Prof. Dr. Bernhard Plattner Supervisor, HTWK Leipzig: Prof. Dr.-Ing. Dietmar Reimann ETH Zurich Computer Engineering and Networks Laboratory Communication Systems Group Abstract During the last decades the Internet architecture matured and gained more and more popularity. Networking devices of all kind ranging from high-end servers to personal computers, tablet devices, mobile phones or even embedded sensor networks make use of it. The Internet became ubiquitous for us. Even though we witness such a diversity of devices, the progress of having an efficient inter- connection between all of them only advances in small steps. No matter if we consider a server, a mobile phone or a resource-constrained temperature sensor on an embedded device from this large spectrum, with high probability, all of them have the same, one-size-fits-all TCP/IP protocol stack, although there are more appropriate communication mechanisms than that. Recent research tries to challenge this stagnation by introducing dynamic adap- tion into computing systems. For instance, the EPiCS project aims at making devices more self-aware, so that they can dynamically adapt to their current needs. Imagine such a temperature sensor that only has a very minimal protocol stack, hence it has only protocols active, it is actually using in order to save re- sources. If such a sensor detects that it is loosing too much battery power, it could automatically switch to a less reliable but less power-intense protocol.
    [Show full text]