nerd network emergency responder detector
play

NERD: Network Emergency Responder & Detector - PowerPoint PPT Presentation

Jan 20, 2023 •110 likes •309 views

NERD: Network Emergency Responder & Detector Wim.Biemolt@surfnet.nl 2 nd FloCon, Pittsburgh, September, 2005. High-quality I nternet for higher education and research SURFnet5 netw ork Operational Since September 2001

  1. NERD: Network Emergency Responder & Detector Wim.Biemolt@surfnet.nl 2 nd FloCon, Pittsburgh, September, 2005. High-quality I nternet for higher education and research

  2. SURFnet5 netw ork • Operational – Since September 2001 • Cisco 12416 routers • Backbone: 10Gbps • Connections: 1Gbps • Dual stack (6PE) • Incident detection – SURFnet & TNO: 2002 • Decommissioning – End of December 2005 High-quality I nternet for higher education and research

  3. I ncident response tools • SURFstat – mrtg/ rrdtool • Research – syslog – Netflow • promising at the required speeds (> 10 Gbps) • sampled ( ip flow-sampling-mode packet-interval 100 ) – Full data analysis requires high-end equipment • Prototype – cflowd (caida) • no longer supported – gnuplot, mysql, php – Not open-source High-quality I nternet for higher education and research

  4. Prototype High-quality I nternet for higher education and research

  5. Alarm High-quality I nternet for higher education and research

  6. Analyse High-quality I nternet for higher education and research

  7. Hardw are • Dell PowerEdge 1650 – 04-2002, RedHat 7 – 1x 1.4GHz, 1GB, 3x 36GB • Dell PowerEdge 2650 – 12-2003, FreeBSD 4.11 – 2x 3GHz, 4GB, 5x 146GB • Dell PowerEdge 2850 http://www.switch.ch/tf-tant/floma/sw/samplicator/ – 10-2004, FreeBSD 5.4 – 2x 3.4GHz, 6GB, 6x 146GB • Dell PowerEdge 2850 – 06-2005, FreeBSD 6.0 – 2x 3.6GHz, 4GB, 6x 300GB • SunFire V240 – 12-2004, Solaris 10 – 2x 1.5GHz, 4GB, 4x 146GB High-quality I nternet for higher education and research

  8. Som e specs of the new NERD • nerdd, analysis – boost libraries, MySQL database, php, plplot • Netflow versions – V5 (tested) – V9 (IPFIX) • Platforms tested – FreeBSD – Linux • Apache Open Source Licence v2.0 High-quality I nternet for higher education and research

  9. Softw are Architecture • Collector – Simple UDP receiver Config Stats Cron • Pre-processor – Source specific functions • Data kept in memory – Real-time analysis Collector Pre process -simple receive - filter • Data stored on disk - sanity check – Post analysis - buffering data collector Data Data Pre-process data source data source or data specific - router - netflow High-quality I nternet for higher education and research

  10. Real-tim e and post analysis • Real time analysis – Rules can be used for ‘real-time’ analysis • A rule is a combination of filters, clusters and a threshold for some metric (e.g. number of flows) – Example of a rule • Filter “port= 445”, cluster “dst IP”, threshold= 1000 flows/ min – Results in an alarm if a host receives more then 1000 flows/ min on TCP port 445 – Output formatting: alarm in database – Every x minutes the rules (1… n) are executed • Post analysis – Executed at user request – Rules without threshold – Output formatting: flow-tools like text file, graphical output High-quality I nternet for higher education and research

  11. Functionality – Filters & Clusters • Sample of Netflow data src prt dst prt 10.0.0.1 2000 10.0.0.2 23 10.0.0.3 1000 10.0.0.2 22 10.0.0.6 2000 10.0.0.2 22 10.0.0.1 1000 10.0.0.3 23 10.0.0.1 1000 10.0.0.3 23 • Example: filter “src port= 2000” src prt dst prt 10.0.0.1 2000 10.0.0.2 23 10.0.0.6 2000 10.0.0.2 22 • Example: filter, cluster “dst port” & count flows prt # of flows 22 1 23 1 High-quality I nternet for higher education and research

  12. Real-tim e analysis - configuration High-quality I nternet for higher education and research

  13. Alarm s High-quality I nternet for higher education and research

  14. Analysis – I Pv4 High-quality I nternet for higher education and research

  15. Analysis – I Pv6 High-quality I nternet for higher education and research

  16. SURFnet6 High-quality I nternet for higher education and research

  17. Current Research and Developm ent • Geant2 JRA2 – NERD is one of the monitoring toolsets • LOBSTER project – Integration • Student – Analysis and visualisation of worm behaviour • Ph.D. from Vrije Universiteit (VU) – Interaction of Netflow and Full Packet inspection • From application to framework – Other data sources, combining different data – Other data output High-quality I nternet for higher education and research

  18. Questions • More information and download of NERD – www.nerdd.org High-quality I nternet for higher education and research

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

RECOMMENDATIONS EMERGENCY RESPONDER SUBGROUP Created in January 2019 Comprised of personnel

RECOMMENDATIONS EMERGENCY RESPONDER SUBGROUP Created in January 2019 Comprised of personnel

CAV EMERGENCY RESPONDER SUBGROUP RECOMMENDATIONS EMERGENCY RESPONDER SUBGROUP Created in January 2019 Comprised of personnel representing operational specialties such as Police, Fire/Rescue/EMS, and Highway Safety Service Patrols

323 views • 6 slides
www NAPSR org www NAPSR org www.NAPSR.org www.NAPSR.org Washington D.C. Washington D.C.

www NAPSR org www NAPSR org www.NAPSR.org www.NAPSR.org Washington D.C. Washington D.C.

www NAPSR org www NAPSR org www.NAPSR.org www.NAPSR.org Washington D.C. Washington D.C. December 9, 2011 December 9, 2011 EMERGENCY RESPONDER EMERGENCY RESPONDER EMERGENCY RESPONDER EMERGENCY RESPONDER FORUM FORUM State Pipeline Safety

526 views • 25 slides
The First Responder Test-Bed The First Responder Test-Bed Vision to Reality Presentation to ITS

The First Responder Test-Bed The First Responder Test-Bed Vision to Reality Presentation to ITS

The First Responder Test-Bed The First Responder Test-Bed Vision to Reality Presentation to ITS May 28, 2013 Barry Gander, Chair, NVA EVP, CATA 613-340-0701 bgander@cata.ca Networked Not Connected Surround the car occupant

397 views • 16 slides
GDN Global Detector Network and GAN MVL- Global Accelerator Network Multipurpose Virtual

GDN Global Detector Network and GAN MVL- Global Accelerator Network Multipurpose Virtual

GDN Global Detector Network and GAN MVL- Global Accelerator Network Multipurpose Virtual Laboratory architecture overview, existing operation and outlook of a global accelerator and detector network Sven Karstensen, DESY 1 contents

443 views • 25 slides
Total Trained: 475,968 TIM Responder Struck-By Fatalities SURVIVAL ALERT UPDATE 15

Total Trained: 475,968 TIM Responder Struck-By Fatalities SURVIVAL ALERT UPDATE 15

National TIM Responder Training Program Implementation Progress - As of May 18, 2020 Train-the-Trainer Sessions 465 sessions with 12,742 participants 23% of participants have provided training In-Person Responder Training 16,991

385 views • 11 slides
Responder Struck-By Fatalities SURVIVAL ALERT UPDATE Total of 44 Responder Struck-By

Responder Struck-By Fatalities SURVIVAL ALERT UPDATE Total of 44 Responder Struck-By

Responder Struck-By Fatalities SURVIVAL ALERT UPDATE Total of 44 Responder Struck-By fatalities in 2019. Already 7 fatalities have occurred since January 1 st : 2 - Firefighters/EMS Personnel 2 - Law Enforcement Officers 3 - Towing

252 views • 11 slides
An eye on emergency Eye Emergency App 2.0 Emergency Care Institute Leadership Forum 25 th

An eye on emergency Eye Emergency App 2.0 Emergency Care Institute Leadership Forum 25 th

An eye on emergency Eye Emergency App 2.0 Emergency Care Institute Leadership Forum 25 th August 2017 Sarah Jane Waller, Ophthalmology Network Manager Agency for Clinical Innovation @eyes_surg_aci @nswaci True or False? Pirates used

607 views • 12 slides
What is a Nerd? A historical and journalistic examination of the cultural psychology of outcast

What is a Nerd? A historical and journalistic examination of the cultural psychology of outcast

What is a Nerd? A historical and journalistic examination of the cultural psychology of outcast groups in contemporary North America by literary analysis and comparative case study Definition 1: Nerd http:/

343 views • 17 slides
QEMU AS A USB MTP RESPONDER Bandan Das <bsd@redhat.com> KVM Forum 2016 1 . 1 MULTIPLE

QEMU AS A USB MTP RESPONDER Bandan Das <bsd@redhat.com> KVM Forum 2016 1 . 1 MULTIPLE

QEMU AS A USB MTP RESPONDER Bandan Das <bsd@redhat.com> KVM Forum 2016 1 . 1 MULTIPLE WAYS TO SHARE FOLDERS, SUCH AS: Network based - NFS/Samba/SSHFS Device based Virtio - 9pfs, virtio-serial usb-mtp 2 . 1 ADVANTAGES/DISADVANTAGES

412 views • 20 slides
in Emergencies Veronica Bryant, Emergency Preparedness and Outbreak Coordinator Possible roles of

in Emergencies Veronica Bryant, Emergency Preparedness and Outbreak Coordinator Possible roles of

Environmental Health Role in Emergencies Veronica Bryant, Emergency Preparedness and Outbreak Coordinator Possible roles of EHS during disaster Food Safety Potable Water Wastewater Shelters Vector Control Responder Safety

291 views • 11 slides
EMERGING TOPICS IN SPORTS EMERGENCY CARE John Boulay B.Sc.,CAT(C), EMT-PCP, D.O.(Q) Certified

EMERGING TOPICS IN SPORTS EMERGENCY CARE John Boulay B.Sc.,CAT(C), EMT-PCP, D.O.(Q) Certified

26/12/2012 2013 Eastern Athletic Trainers Association Meeting and Clinical Symposium EMERGING TOPICS IN SPORTS EMERGENCY CARE John Boulay B.Sc.,CAT(C), EMT-PCP, D.O.(Q) Certified Athletic Therapist, Paramedic, Osteopath First Responder,

960 views • 77 slides
Emergency Plan Writing Houses of Worship and Faith Communities Safety Moment Safety Message

Emergency Plan Writing Houses of Worship and Faith Communities Safety Moment Safety Message

Emergency Plan Writing Houses of Worship and Faith Communities Safety Moment Safety Message Emergency Exits Evacuation Call 911 Role First Aid / CPR Role First Responder Contact Role Location of AEDs Location of

757 views • 56 slides
First Responder Curriculum Development Project: Mental Health & Resiliency-Building Neil

First Responder Curriculum Development Project: Mental Health & Resiliency-Building Neil

First Responder Curriculum Development Project: Mental Health & Resiliency-Building Neil Mackenzie ( RD ), CDIP Manager & Alexis Erickson ( MSW, RSW ), Mental Health Specialist October 17 th , 2019 Agenda First Responder Mental Health

477 views • 26 slides
Alabama First Responder Wireless Commission Alabama 9-1-1 Board 11/13/2014 Executive Order 34

Alabama First Responder Wireless Commission Alabama 9-1-1 Board 11/13/2014 Executive Order 34

Alabama First Responder Wireless Commission Alabama 9-1-1 Board 11/13/2014 Executive Order 34 Before Executive Order 34, no one body was tasked to work towards a resolution to the states first responder communication problems.

558 views • 24 slides
Emergency Services Network Outage Presented by: Katie Smoak PROPRIETARY AND CONFIDENTIAL AGENDA

Emergency Services Network Outage Presented by: Katie Smoak PROPRIETARY AND CONFIDENTIAL AGENDA

Emergency Services Network Outage Presented by: Katie Smoak PROPRIETARY AND CONFIDENTIAL AGENDA 1 Outage Root Cause Analysis 2 Emergency Services Call Impact 3 Risk Mitigation Efforts 4 Q&A EMERGENCY SERVICES MATTER Alaska

450 views • 10 slides
Strategic Plan for Detector R&D at Fermilab Petra Merkel Fermilab Detector R&D

Strategic Plan for Detector R&D at Fermilab Petra Merkel Fermilab Detector R&D

Strategic Plan for Detector R&D at Fermilab Petra Merkel Fermilab Detector R&D Coordinator September 27 th 2019 Detector R&D Organization at Fermilab Detector Advisory Group : ~15 experts of different detector technologies

908 views • 32 slides
Ultimate Presentation Formula for Nerds Justin James Justin James Who Am I? Who Am I? Let

Ultimate Presentation Formula for Nerds Justin James Justin James Who Am I? Who Am I? Let

Ultimate Presentation Formula for Nerds Justin James Justin James Who Am I? Who Am I? Let Your Nerd Be Heard What is Public Speaking? What is a skill? Knowing Is Half the Battle Formula Formula Know Thy Purpose More Than Just 1s and

786 views • 55 slides
QUICKFLIX (QFX) INVESTOR BRIEFING October 2012 Disclaimer This presentation contains references

QUICKFLIX (QFX) INVESTOR BRIEFING October 2012 Disclaimer This presentation contains references

QUICKFLIX (QFX) INVESTOR BRIEFING October 2012 Disclaimer This presentation contains references to certain plans of the Company which may or may not be achieved. The performance and operations of the Company may be influenced by a number of

385 views • 27 slides
Keeping the Food System Reliable: A Series of Listening Sessions for Leaders Session Three | May

Keeping the Food System Reliable: A Series of Listening Sessions for Leaders Session Three | May

Keeping the Food System Reliable: A Series of Listening Sessions for Leaders Session Three | May 28, 2020 1 How to engage using Zoom Video Video is disabled by default. View Controls to switch between active speaker view &

394 views • 15 slides
Warren County Tourism Department Smith Trend Hotel Demand All The Rooms Short-Term Rental

Warren County Tourism Department Smith Trend Hotel Demand All The Rooms Short-Term Rental

Warren County Tourism Department Smith Trend Hotel Demand All The Rooms Short-Term Rental Demand Website Analytics Facebook Analytics Instagram Analytics 2019 Media Report Workshop Presentation 2018 Demand 1,020,841

403 views • 27 slides
Nanticoke Environmental Remediation Division (N.E.R.D.) Presented by: Andrew Boyd, Brad Koontz,

Nanticoke Environmental Remediation Division (N.E.R.D.) Presented by: Andrew Boyd, Brad Koontz,

Nanticoke Environmental Remediation Division (N.E.R.D.) Presented by: Andrew Boyd, Brad Koontz, Steven Lobo II Overview Mission Statement History and Characteristics Population Land Use Water Use Environmental

396 views • 16 slides
Why dont lobsters share? And also, some technical inquiries into and info about oceanography.

Why dont lobsters share? And also, some technical inquiries into and info about oceanography.

Why dont lobsters share? And also, some technical inquiries into and info about oceanography. NC Science Olympiad Coaches Clinic Dynamic Planet/Oceanography (B & C) Saturday, October 5, 2019 Breaking the Ice Q: How does melting sea ice

551 views • 27 slides
T EAC HERS C O L L EG E WRIT ING WO RKSHO P Pre se nta tio n to the Bo a rd o f E duc a

T EAC HERS C O L L EG E WRIT ING WO RKSHO P Pre se nta tio n to the Bo a rd o f E duc a

T EAC HERS C O L L EG E WRIT ING WO RKSHO P Pre se nta tio n to the Bo a rd o f E duc a tio n F e b rua ry 9, 2016 Sta c e y Sc hwa rtz, Da nie lle T e rra ve c c hia , a nd Alliso n Wa sse rma n Distric t L ite ra c y Co a c he s

360 views • 16 slides
Project Presentations EE595 Capstone Design Presentations Thursday, Dec 15 EMS-E250

Project Presentations EE595 Capstone Design Presentations Thursday, Dec 15 EMS-E250

EE595 Capstone Design Project Presentations EE595 Capstone Design Presentations Thursday, Dec 15 EMS-E250 Presentations Team 6: 8:00 9:50AM urHOME Modular Home Control System Joshua Cabaniss, Nishit Patel, Usman Querishi, Justing

675 views • 31 slides

More recommend