SurRFE -Sub-rede de filtragens espec?ficas

Galv?o, Ricardo Kl?ber Martins

11 July 2006

Made available in DSpace on 2014-12-17T14:55:05Z (GMT). No. of bitstreams: 1 RicardoKMG.pdf: 620624 bytes, checksum: 2265857dd8185aa481f6e9891ee2c38f (MD5) Previous issue date: 2006-07-11 / The increasing of the number of attacks in the computer networks has been treated with the increment of the resources that are applied directly in the active routers equip-ments of these networks. In this context, the firewalls had been consolidated as essential elements in the input and output control process of packets in a network. With the advent of intrusion detectors systems (IDS), efforts have been done in the direction to incorporate packets filtering based in standards of traditional firewalls. This integration incorporates the IDS functions (as filtering based on signatures, until then a passive element) with the already existing functions in firewall. In opposite of the efficiency due this incorporation in the blockage of signature known attacks, the filtering in the application level provokes a natural retard in the analyzed packets, and it can reduce the machine performance to filter the others packets because of machine resources demand by this level of filtering. This work presents models of treatment for this problem based in the packets re-routing for analysis by a sub-network with specific filterings. The suggestion of implementa- tion of this model aims reducing the performance problem and opening a space for the consolidation of scenes where others not conventional filtering solutions (spam blockage, P2P traffic control/blockage, etc.) can be inserted in the filtering sub-network, without inplying in overload of the main firewall in a corporative network / O aumento do n?mero de ataques a redes de computadores tem sido combatido com o incremento dos recursos aplicados diretamente nos equipamentos ativos de roteamento destas redes. Nesse contexto, os firewalls consolidaram-se como elementos essenciais no processo de controle de entrada e sa?da de pacotes em uma rede. O surgimento dos sistemas detectores de intrus?o (IDS) levou a esfor?os no sentido de incorporar a filtragem de pacotes baseada em padr?es ao firewall tradicional, integrando as fun??es do IDS (como a filtragem baseada em assinaturas, at? ent?o um elemento passivo) ?s fun??es j? existentes no firewall. Em contrapartida ? efici?ncia obtida atrav?s desta incorpora??o no bloqueio de ataques com assinaturas conhecidas, a filtragem no n?vel de aplica??o, al?m de provocar um retardo natural nos pacotes analisados, pode comprometer o desempenho da m?quina na filtragem dos demais pacotes, pela natural demanda por recursos da m?quina para este n?vel de filtragem. Essa tese apresenta modelos de tratamento deste problema, baseados no re-roteamento dos pacotes para an?lise por uma sub-rede de filtragens espec?ficas. A sugest?o de implementa??o deste modelo visa, al?m de amenizar o problema de desempenho supra-citado, abrir espa?o para a consolida??o de cen?rios em que outras solu??es de filtragem n?o convencionais (como ferramentas de bloqueio de SPAM, controle/bloqueio de tr?fego P2P, e outras) possam ser inseridas na sub-rede de filtragem, sem implicar em sobrecarga do firewall principal da rede corporativa

Seguran?a

Sistemas de Detec??o de Intrus?es

Filtro de Pacotes

Re-roteamento

&#65279

Security

Firewalls

Intrusion Detection Systems

Packet Filter

Re-routing

CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA

Měření intenzity provozu během pevně daných intervalů v AP / Measurements of the intensity of traffic within a fixed interval of the AP

Kubík, Pavel

January 2011

The thesis analyzes the network traffic on a router with open source firmware. First is chosen a software platform, based on compatibility with available equipment. Then are assessed properties necessary for the development of custom applications. Support for various programming languages provided by the SDK, development environment and the available modules and libraries, for working with network interface. Based on these factors is then chose method to realize the program. He is implemented on the OpenWRT firmware in C / C + + using network library pcap. These funds are used to capture and analyze network traffic. Obtained data are processed using methods of technical analysis, namely on the basis of moving averages, Stochastic oscillator and Bollinger bands. Based on results of these methods are generated and verified estimates of traffic. They are based on linear extrapolation, simplified for fixed intervals. The validity of each method is verified on base of the estimated value. Method is verified if estimated value of the traffic volume is in the Bollinger band, which is given by the standard deviation. Each method is tested several times in real traffic with different input parameters. Then is evaluated the influence of parameters on the error rate of methods. Individual methods are compared and evaluated based on the behavior in different scenarios and based on the average relative error.