brocon 17 lightning talks blacklists revisited
play

BroCon 17 Lightning Talks Blacklists Revisited Aashish Sharma - PowerPoint PPT Presentation

Mar 08, 2024 •609 likes •1.32k views

BroCon 17 Lightning Talks Blacklists Revisited Aashish Sharma asharma@lbl.gov Blacklists Revisited Lightening Talk BroCon, 2017 Problem Problem: Blocking Bad Badness keeps increasing on the internet How to manage blocking and more so

  1. BroCon ’17 Lightning Talks

  2. Blacklists Revisited Aashish Sharma asharma@lbl.gov

  3. Blacklists Revisited Lightening Talk BroCon, 2017

  4. Problem

  11. Problem: Blocking Bad Badness keeps increasing on the internet

  12. How to manage blocking and more so unblocking

  13. So, Can we identify…...

  14. Are blocked IPs coming back ?

  15. How long do we block before unblock ?

  16. Can we keep state forever ( that we can identify badness quickly )

  17. Or, Are these one time visitors

  18. Can we find out how many local IPs did the blacklisted IPs touched ?

  19. How long the scan lasted ?

  20. When was the last connection ?

  21. Whats frequency of such connections ?

  22. Problem 2: We can read a million IPs using input-framework, but how to send those to 50 workers ?

  23. Million IPs * 50 workers = 50 million Events

  24. I want to be able to do this for 4 billion IPs

  25. Bloomfilter global Blacklist::m_w_add_bloom: event(val: opaque of bloomfilter);

  26. 1505245203.733616 1.2.3.4 8 128.3.x.y 0 icmp Blacklist::Drop [ip=1.2.3.4, source=blacklist.adhoc, comment=###### 2017-03-29: Multi-Causal Drop + COUNT=8, LOOKBACK=30 + Country_Analysis, COMMIT_COUNT=2488] Result: [block_until=<uninitialized>, watch_until=0.0, num_reblocked=0, current_interval=0, current_block_id=, location=<uninitialized>] 1.2.3.4 128.3.x.y 0 bro Notice::ACTION_LOG3600.000000 F

  27. Aug 3 00:47:07 177.139.195.165 Blacklist::ONGOING 1 1501724827.167408 1501745134.319078 00-05:38:27 00-00:21:33 69 70 blacklist.adhoc Aug 3 10:47:09 177.139.195.165 Blacklist::ONGOING 1 1501724827.167408 1501778367.997637 00-14:52:21 00-01:07:42 178 174 blacklist.adhoc Aug 3 20:47:09 177.139.195.165 Blacklist::ONGOING 2 1501724827.167408 1501816682.763774 01-01:30:56 00-00:29:06 240 240 blacklist.adhoc Aug 4 06:47:26 177.139.195.165 Blacklist::ONGOING 2 1501724827.167408 1501852922.704135 01-11:34:56 00-00:25:24 327 320 blacklist.adhoc Aug 4 16:47:28 177.139.195.165 Blacklist::ONGOING 2 1501724827.167408 1501888432.024195 01-21:26:45 00-00:33:36 390 369 blacklist.adhoc Aug 5 02:47:28 177.139.195.165 Blacklist::ONGOING 3 1501724827.167408 1501924862.984854 02-07:33:56 00-00:26:26 488 454 blacklist.adhoc Aug 5 12:47:29 177.139.195.165 Blacklist::ONGOING 3 1501724827.167408 1501961086.496166 02-17:37:39 00-00:22:43 584 548 blacklist.adhoc Aug 5 22:47:29 177.139.195.165 Blacklist::ONGOING 4 1501724827.167408 1501996956.381444 03-03:35:29 00-00:24:53 661 628 blacklist.adhoc Aug 6 08:47:45 177.139.195.165 Blacklist::ONGOING 4 1501724827.167408 1502032986.136781 03-13:35:59 00-00:24:39 778 737 blacklist.adhoc Aug 6 18:48:39 177.139.195.165 Blacklist::ONGOING 5 1501724827.167408 1502069303.080677 03-23:41:16 00-00:20:16 870 820 blacklist.adhoc Aug 7 04:48:39 177.139.195.165 Blacklist::ONGOING 5 1501724827.167408 1502105037.713573 04-09:36:51 00-00:24:42 955 906 blacklist.adhoc Aug 7 14:48:39 177.139.195.165 Blacklist::ONGOING 5 1501724827.167408 1502139365.973362 04-19:08:59 00-00:52:33 996 954 blacklist.adhoc Aug 8 00:48:39 177.139.195.165 Blacklist::ONGOING 6 1501724827.167408 1502177084.343250 05-05:37:37 00-00:23:55 1068 1023 blacklist.adhoc Aug 8 10:48:57 177.139.195.165 Blacklist::ONGOING 6 1501724827.167408 1502212184.928205 05-15:22:38 00-00:39:12 1144 1118 blacklist.adhoc

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Virtual Lightning Talk Overview and Steps I. Virtual Lightning Talks Technical Requirements a.

Virtual Lightning Talk Overview and Steps I. Virtual Lightning Talks Technical Requirements a.

Virtual Lightning Talk Overview and Steps I. Virtual Lightning Talks Technical Requirements a. The Virtual Lightning talks should not be more than 6 minutes in length. i. Additional time uses up valuable memory and will be downgraded during

282 views • 3 slides
L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L

L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L

STRUCK BY LIZ LIGHTNING PRODUCTIONS PRESENTS: L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L orado versus F L orida By: Elizabeth Liz Lightning Prasse Why lightning? Personal survivor

423 views • 23 slides
CSSE463: Image Recognition Day 18 Upcoming schedule: Lightning talks shortly Midterm

CSSE463: Image Recognition Day 18 Upcoming schedule: Lightning talks shortly Midterm

CSSE463: Image Recognition Day 18 Upcoming schedule: Lightning talks shortly Midterm exam Monday Sunset detector due Wednesday Multilayer feedforward neural nets Many perceptrons Organized into layers x 1 y 1 Input

199 views • 8 slides
Lightning Talks FIRST Conference 2011 Jacomo Piccolini Director of Outreach

Lightning Talks FIRST Conference 2011 Jacomo Piccolini Director of Outreach

Lightning Talks FIRST Conference 2011 Jacomo Piccolini Director of Outreach http://www.dragonresearchgroup.org/ Dragon Research Group is a volunteer research organization dedicated to further understanding of online criminality and to

287 views • 6 slides
ANZSMS27 STUDENT POSTER PRESENTATION Lightning Talks Session 5:00 pm 5:30 pm Thursday 31

ANZSMS27 STUDENT POSTER PRESENTATION Lightning Talks Session 5:00 pm 5:30 pm Thursday 31

ANZSMS27 STUDENT POSTER PRESENTATION Lightning Talks Session 5:00 pm 5:30 pm Thursday 31 January 2019 Student Prize Sponsor Accurate Mass Scientific (AMS) # Name Organisation Abstract Supercharged top-down H/D exchange mass University Of

529 views • 3 slides
Final project lightning talks In your collaboration teams: Two people with first names

Final project lightning talks In your collaboration teams: Two people with first names

Welcome back to [occ]! Informed But Unempowered Welcome back to [occ]! 2014-12-03 Final project lightning talks In your collaboration teams: Welcome back to [occ]! Two people with first names earliest in the alphabet will present today.

611 views • 39 slides
BLAG: Improving the Accuracy of Blacklists Sivaram Ramanathan 1 , Jelena Mirkovic 1 and Minlan Yu

BLAG: Improving the Accuracy of Blacklists Sivaram Ramanathan 1 , Jelena Mirkovic 1 and Minlan Yu

BLAG: Improving the Accuracy of Blacklists Sivaram Ramanathan 1 , Jelena Mirkovic 1 and Minlan Yu 2 1 University of Southern California/Information Sciences Institute 2 Harvard University IP Blacklists IP Blacklists contain a list of known

1.18k views • 81 slides
Lightning Talks June 2, 2020 Session I 2:15 - 2:20 Caleb Springer, Penn State 2:20 - 2:25 Jacob

Lightning Talks June 2, 2020 Session I 2:15 - 2:20 Caleb Springer, Penn State 2:20 - 2:25 Jacob

Lightning Talks June 2, 2020 Session I 2:15 - 2:20 Caleb Springer, Penn State 2:20 - 2:25 Jacob Mayle, University of Illinois at Chicago 2:25 - 2:30 Pip Goodman, University of Bristol 2:30 - 2:35 Jeroen Hanselman, Universitt Ulm 2:35 -2:40

767 views • 54 slides
NILM 2016 Lightning Talks Running order 1. Occupancy-aided Energy Disaggregation 2. Analyzing

NILM 2016 Lightning Talks Running order 1. Occupancy-aided Energy Disaggregation 2. Analyzing

NILM 2016 Lightning Talks Running order 1. Occupancy-aided Energy Disaggregation 2. Analyzing 100 Billion Measurements: A NILM Architecture for Production Environments 3. An Accurate Method of Energy Use Prediction for Systems with Known

179 views • 14 slides
CSSE463: Image Recognition Day 17 Today: Bayesian classifiers Tomorrow: Lightning talks

CSSE463: Image Recognition Day 17 Today: Bayesian classifiers Tomorrow: Lightning talks

CSSE463: Image Recognition Day 17 Today: Bayesian classifiers Tomorrow: Lightning talks and exam questions Weds night: Lab 4 due Thursday: Exam Bring your calculator. Questions? Exam Thursday Closed book, notes, computer

154 views • 14 slides
Final project lightning talks In your collaboration teams: People who havent presented

Final project lightning talks In your collaboration teams: People who havent presented

Welcome back to [occ]! (last day) Online Communities &amp; Crowds Welcome back to [occ]! (last day) 2014-12-06 Final project lightning talks In your collaboration teams: Welcome back to [occ]! (last day) People who havent presented

599 views • 22 slides
Recording Local Storage Confjguration FOSDEM Lightning Talks 1 st February 2020 Alasdair

Recording Local Storage Confjguration FOSDEM Lightning Talks 1 st February 2020 Alasdair

FOSDEM 2020 Recording Local Storage Confjguration FOSDEM Lightning Talks 1 st February 2020 Alasdair Kergon agk@redhat.com 1 V0000000 FOSDEM 2020 Common Problems My system has a problem with its storage devices. It's triggered

337 views • 17 slides
= + Heptapod FOSDEM 2020, Sunday lightning talks Georges Racinet Octobus, https://octobus.net

= + Heptapod FOSDEM 2020, Sunday lightning talks Georges Racinet Octobus, https://octobus.net

= + Heptapod FOSDEM 2020, Sunday lightning talks Georges Racinet Octobus, https://octobus.net Project site: https://heptapod.net Slides: https://fosdem.org/2020/schedule/event/heptapod_mercurial/ GitLab A well-known, fully integrated forge

696 views • 42 slides
WiredTiger Lightning Talk by: Alex Degtiar adegtiar@cmu.edu What is WiredTiger? NoSQL Storage

WiredTiger Lightning Talk by: Alex Degtiar adegtiar@cmu.edu What is WiredTiger? NoSQL Storage

WiredTiger Lightning Talk by: Alex Degtiar adegtiar@cmu.edu What is WiredTiger? NoSQL Storage Engine Underlying storage primitive of DBMS Local KVS e.g. Espresso and Tao Different from many of the talks given here Data

492 views • 9 slides
Characteriza*on of Blacklists and Tainted Network Traffic Jing Zhang

Characteriza*on of Blacklists and Tainted Network Traffic Jing Zhang

Characteriza*on of Blacklists and Tainted Network Traffic Jing Zhang 1 , Ari Chivukula 1 , Michael Bailey 1 , Manish Karir 2 , and Mingyan Liu 1 1 University of Michigan 2 Cyber Security Division, Department of

497 views • 24 slides
LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning

LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning

LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning presentation at our 2019 Annual Meeting. Please read ALL of these instructions carefully. PRESENTATION TIMING AND NUMBER OF SLIDES You have 1 minute to make

386 views • 3 slides
Turkit: Human Computation Algorithms on Mechanical Turk Greg Little, Lydia B. Chilton, Max

Turkit: Human Computation Algorithms on Mechanical Turk Greg Little, Lydia B. Chilton, Max

Turkit: Human Computation Algorithms on Mechanical Turk Greg Little, Lydia B. Chilton, Max Goldman, Robert C. Miller Human computation Algorithms Tasks that build on each other. Human computation Algorithms Tasks that build on each other.

318 views • 17 slides
AI Autopilot Final Year Project: Automation and intelligent optimisation in high performance

AI Autopilot Final Year Project: Automation and intelligent optimisation in high performance

AI Autopilot Final Year Project: Automation and intelligent optimisation in high performance sailing boats The Data Analysis Bureau Project Introduction Machine Learning approaches to the Helmsman problem Controlling the rudder input

444 views • 17 slides
COMPSCI 326 Web Programming Week 09: ER Diagram Sketches Agenda 4:00 4:35 ER Diagram

COMPSCI 326 Web Programming Week 09: ER Diagram Sketches Agenda 4:00 4:35 ER Diagram

COMPSCI 326 Web Programming Week 09: ER Diagram Sketches Agenda 4:00 4:35 ER Diagram Sketches 4:35 5:10 Team Lightning Data Talks 2 minute presentation on: 1. 1-2 sentences overviewing your startups application 2. 1-2

632 views • 22 slides
Timing is Crucial for Matching Platforms o Matching markets are dyn dynamic (= new agents

Timing is Crucial for Matching Platforms o Matching markets are dyn dynamic (= new agents

Timing is Crucial for Matching Platforms o Matching markets are dyn dynamic (= new agents enter or abandon the market) Car-pooling platforms Longer initial wait times enabled the app to make more efficient matches 1 1 See Korolko et

223 views • 4 slides
Experiments with TurKit Crowdsourcing and Human Computation Instructor: Chris Callison-Burch

Experiments with TurKit Crowdsourcing and Human Computation Instructor: Chris Callison-Burch

Experiments with TurKit Crowdsourcing and Human Computation Instructor: Chris Callison-Burch Website: crowdsourcing-class.org TurKit in action Adorable baby with deep blue eyes, wearing light blue and white elephant pajamas and a floppy

731 views • 50 slides
Lighting and Shading Lighting and Shading Properties of Light Properties of Light Light Sources

Lighting and Shading Lighting and Shading Properties of Light Properties of Light Light Sources

Lighting and Shading Lighting and Shading Properties of Light Properties of Light Light Sources Light Sources Phong Illumination Model Phong Illumination Model Normal Vectors Normal Vectors [Angel, Ch. 6.1-6.4] [Angel, Ch. 6.1-6.4]

434 views • 24 slides
Lecture 8 - Electricity &amp; magnetism I Classical Physics - Continued Announcements

Lecture 8 - Electricity &amp; magnetism I Classical Physics - Continued Announcements

Lecture 8 - Electricity &amp; magnetism I Classical Physics - Continued Announcements Electricity &amp; Magnetism Today: v Start Electricity and Magnetism w a L s March (Ch 6) m b o u l o C Homework 3 due ~ No magnetic

227 views • 4 slides
Treatment and Incarceration MARY KATE MOHLMAN, PHD, MS HEALTH SERVICES RESEARCHER DEPARTMENT OF

Treatment and Incarceration MARY KATE MOHLMAN, PHD, MS HEALTH SERVICES RESEARCHER DEPARTMENT OF

Opioid Use Disorder: Treatment and Incarceration MARY KATE MOHLMAN, PHD, MS HEALTH SERVICES RESEARCHER DEPARTMENT OF VERMONT HEALTH ACCESS Expenditures and Inpatient Hospitalizations, Per Member Per Year 0.4 Utilization 0.35 0.3 0.25

295 views • 4 slides

More recommend