Global ETD Search

11	The Design and Implementation of Packet Filter over Link Layer NIC Driver Yu, Pu-Syuan 05 July 2005 (has links) In this age, the internet has becoming more and more popular recently. How to manage and organize the network effectively is a very important issue.Therefore, the technology of VPN was born. Through the VPN, we can manage and organize the local netork which spread everywhere effectively.But the tunneling technology which VPN used has a security problem. If we also change the VPN¡¦s port number, it will have a big dangerous security problem. In this paper, we will analyze some basic technology of VPN, and introduce how to modify the VPN. Let VPN have ability to pass through the firewall. This problem will make the people who managed whole network or firewall hard to control and manage it. Another, this paper will bring up the solution which can solve the security problem effectively. The key of network security problem is to use another protocol¡¦s port number. The solution in this paper will through solve this problem, so hacks can¡¦t modify the TCP port number such as HTTP Port 80 at will. Our solution is to implement a packet filter which is based on ethernet device driver.We use the RFC document which are defined by IETF to make the packet check rule. This packet filter can reject the illegal packet and make sure the network is safe. Linux PPTP VPN Packet filter Firewall Tunneling FreeBSD Ethernet device driver
12	Effekterna av brandväggsregler för FreeBSD PF & IPtables / The impact of firewall rule sets for FreeBSD PF & IPtables Polnäs, Andreas January 2018 (has links) Paketfiltrering är en av nyckelfunktionerna i de flesta av dagens brandväggar, vilket gör paketfiltrering till en viktig del av det dagliga arbetet för många systemadministratörer. Sedan uppkomsten av paketfiltrering har nätverkskomplexiteten ökat drastiskt, Många av dagens tjänster har behov av olika protokoll för att kommunicera. I kombination med detta måste brandväggen bearbeta en större mängd data än tidigare för att tillgodose dagens nätverkstopologier.Denna studie syftar till att undersöka om det finns någon skillnad i prestanda mellan två moderna iterationer av de populära UNIX-brandväggarna IPtables och FreeBSD PF. Detta sker genom att de två brandväggarna utsätts för olika antal regler, samtidigt som de genomströmmas av olika stora paketflöden.De båda brandväggarna kommer att jämföras baserat på tre attribut, CPU, genomströmning och latens. tre olika bandbredder testas. 100, 500 och 1000Mbit/s. Testet omfattar längre tester som upprepas flera gånger för att öka studiens giltighet. Testerna som utförs görs på ursprungliga operativsystemet för varje brandvägg. Linux Ubuntu 16 för IPtables och FreeBSD 11 för FreeBSD PF.Studien kom fram till att brandväggarnas prestanda är likvärdiga i genomströmning och latens vid lägre regelmängder. Vid högre regelmängder skiljer sig prestandan och PF är bättre anpassad för stora regeluppsättningar. IPtables anses vara den bättre brandväggen för låga regeluppsättningar på grund av dess låga CPU-användning. / Packetfiltering is one of the key features in most of today’s firewalls. With many packetfilters being used daily in a system administrator’s work. Over the years since founding of the packetfilter technology the complexity of the network has increased drastically, where many of today’s services relies on different protocols to communicate, combined with a much larger amount of data that the firewall must process to satisfy todays network topologies.This study aims to explore if there is any difference in performance between two modern iterations of popular UNIX firewalls, IPtables and FreeBSD PF. By submitting them to different number of rulesets while at the same testing them under a series of different packet flows through the firewall.Both firewalls will be compared based on three attributes, CPU, throughput and latency, and three different bandwidths will be tested. 100, 500 and 1000Mbits/s. The test include longer tests that is repeated multiple times to increase the validity of the study. The tests were performed on the native operating system of each firewall. Linux Ubuntu 16 for IPtables and FreeBSD 11 for FreeBSD PF.The study concluded that the performance of the firewalls is equal in throughput and latency at lower volumes. At higher amounts of rulesets, performance is different between the firewalls and PF is considered better for large rules, while IPtables are considered to be a better firewall for low rulesets due to its low CPU usage. Firewall FreeBSD PF IPtables Ubuntu 16 FreeBSD 11 Dual-homed network CPU Latency Throughput packetfilter rules firewall rules Brandvägg FreeBSD PF IPtables Ubuntu 16 FreeBSD 11 Dual-homed network CPU latens genomströmning brandväggsregler Computer and Information Sciences Data- och informationsvetenskap Natural Sciences Naturvetenskap
13	Fast retransmit inhibitions for TCP Hurtig, Per January 2006 (has links) The Transmission Control Protocol (TCP) has been the dominant transport protocol in the Internet for many years. One of the reasons to this is that TCP employs congestion control mechanisms which prevent the Internet from being overloaded. Although TCP's congestion control has evolved during almost twenty years, the area is still an active research area since the environments where TCP are employed keep on changing. One of the congestion control mechanisms that TCP uses is fast retransmit, which allows for fast retransmission of data that has been lost in the network. Although this mechanism provides the most effective way of retransmitting lost data, it can not always be employed by TCP due to restrictions in the TCP specification. The primary goal of this work was to investigate when fast retransmit inhibitions occur, and how much they affect the performance of a TCP flow. In order to achieve this goal a large series of practical experiments were conducted on a real TCP implementation. The result showed that fast retransmit inhibitions existed, in the end of TCP flows, and that the increase in total transmission time could be as much as 301% when a loss were introduced at a fast retransmit inhibited position in the flow. Even though this increase was large for all of the experiments, ranging from 16-301%, the average performance loss, due to an arbitrary placed loss, was not that severe. Because fast retransmit was inhibited in fewer positions of a TCP flow than it was employed, the average increase of the transmission time due to these inhibitions was relatively small, ranging from 0,3-20,4%. TCP Congestion Control Fast Retransmit Timeout Emulation FreeBSD Computer Sciences Datavetenskap (datalogi)
14	Prestandaskillnader mellan olika ZFS-implementationer Carlsson, Jacob, Lindell, Johnas January 2011 (has links) No description available. Linux OpenIndiana FreeBSD ZFS RAID-Z Prestandatest Computer Sciences Datavetenskap (datalogi)
15	Nástroj pro správu souborů v systému MacOS/X / Filemanager for MacOS/X Ševčík, Ondřej January 2007 (has links) This MSc Thesis presents history of Apple's operating system and developing application for Mac OS X. First part introduces long evolution of macintosh's OS since early beginings in 1976 focused on latest Mac OS X. Second part makes reader acquainted with elements of creating applications for Mac OS X using Cocoa framework and Objective-C language which is real objective superset of well known C language. Practical part is developing file manager. Programming patterns from file manager are used for explaining fundamentals of developing. This contains exact directions how to create first application step by step.
16	Logování průchozích dat v routerech / Logging of Transmitted Data in Routers Kislinger, Pavel January 2007 (has links) Transmitted data logging in routers is the main point of this semestral project. The suggestion of a system for data flows logging in routers and selection of suitable technology, that is used by implementation of the system within this thesis, is based on this analysis. In the thesis, a law responsibility of router administrator for transmitting data is analysed. In the next part, a general introduction to issue of data logging in computer networks including basic description of protocols and fundamentals of standard communication models is presented. Analysis of real enviroment is following. Suggestion and implementation of the system is described too. In the last part a reached results of this thesis are revealed.
17	Resource limiting and accounting facility for FreeBSD / Resource limiting and accounting facility for FreeBSD Tomori, Rudolf January 2013 (has links) This thesis analyses the implementation of the Linux cgroups subsystems responsible for limiting CPU time and disk I/O throughput. Apart from the Linux cgroups approach, an overview and short analysis of other possible approaches to the problem of limiting CPU time and disk I/O throughput is presented. Based on the analysis, the thesis proposes an extension to the resource limit- ing and accounting framework racct/rctl in the FreeBSD kernel. Our prototype implementation of this extension provides features that enable the administrators and privileged users to define disk I/O throughput limits and relative CPU time limits for a particular process, user or FreeBSD jail.
18	Exploitation from malicious PCI express peripherals Rothwell, Colin Lewis January 2018 (has links) The thesis of this dissertation is that, despite widespread belief in the security community, systems are still vulnerable to attacks from malicious peripherals delivered over the PCI Express (PCIe) protocol. Malicious peripherals can be plugged directly into internal PCIe slots, or connected via an external Thunderbolt connection. To prove this thesis, we designed and built a new PCIe attack platform. We discovered that a simple platform was insufficient to carry out complex attacks, so created the first PCIe attack platform that runs a full, conventional OS. To allows us to conduct attacks against higher-level OS functionality built on PCIe, we made the attack platform emulate in detail the behaviour of an Intel 82574L Network Interface Controller (NIC), by using a device model extracted from the QEMU emulator. We discovered a number of vulnerabilities in the PCIe protocol itself, and with the way that the defence mechanisms it provides are used by modern OSs. The principal defence mechanism provided is the Input/Output Memory Management Unit (IOMMU). The remaps the address space used by peripherals in 4KiB chunks, and can prevent access to areas of address space that a peripheral should not be able to access. We found that, contrary to belief in the security community, the IOMMUs in modern systems were not designed to protect against attacks from malicious peripherals, but to allow virtual machines direct access to real hardware. We discovered that use of the IOMMU is patchy even in modern operating systems. Windows effectively does not use the IOMMU at all; macOS opens windows that are shared by all devices; Linux and FreeBSD map windows into host memory separately for each device, but only if poorly documented boot flags are used. These OSs make no effort to ensure that only data that should be visible to the devices is in the mapped windows. We created novel attacks that subverted control flow and read private data against systems running macOS, Linux and FreeBSD with the highest level of relevant protection enabled. These represent the first use of the relevant exploits in each case. In the final part of this thesis, we evaluate the suitability of a number of proposed general purpose and specific mitigations against DMA attacks, and make a number of recommendations about future directions in IOMMU software and hardware.
19	Comparison of System Performance During DDoS Attacks in Modern Operating Systems Pettersson, Erik January 2017 (has links) Distributed Denial of Service attacks are an ever prevalent challenge for system administra-tors today to overcome. The attack, which is all about restricting legitimate users access to a service, such as a web-page. Can cost companies and governments millions of dollars if not properly managed. This study aims to explore if there is any difference in performance between some of the most modern iterations of popular server operating systems today. Those server operating systems are: Windows Server 2016, Ubuntu 16 and FreeBSD 11. And submitting them to one of the most popular DDoS attacks at the time of writing, a so called HTTP-Get request. The webservers used are some of the most widely used today, Apache and Microsoft IIS. Each server will be submitted to attacks, and compared between one another. Different de-fence methods will also be tested and examined. Tests include shorter tests that is repeated multiple times for data validity, and one longer test for every condition in order to control if the results are similar. During these tests, the operating systems will measure CPU/RAM utilization, and a control computer will measure Round Trip Time. Windows Server 2016 using IIS and FreeBSD 11 perform similarly resource wise, but Win-dows Server 2016 with IIS had a better Round Trip Time performance. Windows Server 2016 with Apache performs worst in all measurements, while Ubuntu 16 performs in the middle, but has the most stable performance. DDoS DDoS Prevention Windows Server 2016 Ubuntu 16 FreeBSD 11 HTTP-Get IP-Thresholding Load-Balancing Computer Sciences Datavetenskap (datalogi)
20	Návrh implementace a síťové bezpečnosti protokolu IPv6 v organizaci / Implementation and Security of IPv6 Protocol in the Company Hensl, Jaroslav January 2019 (has links) This Master's thesis is focused on the IPv6 protocol implementation in a business environment. The thesis theoretically describes parts of the protocol which are then used in a real environment with respect to maximal compatibility and security. The thesis deals with hardware components, router configuration on FreeBSD OS, and switch configuration with RouterOS. The thesis also proposes how to monitor the network.

Search results