traffic control mechanisms
play

Traffic Control Mechanisms Filtering Source address filtering - PowerPoint PPT Presentation

Nov 18, 2022 •243 likes •366 views

Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering Rate limits Protection against traffic analysis Padding Routing control Lecture 9 Page 1 CS 236 Online Source Address Filtering

  1. Traffic Control Mechanisms • Filtering – Source address filtering – Other forms of filtering • Rate limits • Protection against traffic analysis – Padding – Routing control Lecture 9 Page 1 CS 236 Online

  2. Source Address Filtering • Filtering out some packets because of their source address value – Usually because you believe their source address is spoofed • Often called ingress filtering – Or egress filtering . . . Lecture 9 Page 2 CS 236 Online

  3. Source Address Filtering for Address Assurance • Router “knows” what network it sits in front of – In particular, knows IP addresses of machines there • Filter outgoing packets with source addresses not in that range • Prevents your users from spoofing other nodes’ addresses – But not from spoofing each other’s Lecture 9 Page 3 CS 236 Online

  4. Source Address Filtering Example 95.113.27.12 56.29.138.2 My network shouldn’t be creating packets with this source address So drop the packet 128.171.192.* Lecture 9 Page 4 CS 236 Online

  5. Source Address Filtering in the Other Direction • Often called egress filtering – Or ingress filtering . . . • Occurs as packets leave the Internet and enter a border router – On way to that router’s network • What addresses shouldn’t be coming into your local network? Lecture 9 Page 5 CS 236 Online

  6. Filtering Incoming Packets 128.171.192.5 128.171.192.7 Packets with this source address should be going out, not coming in So drop the packet 128.171.192.* Lecture 9 Page 6 CS 236 Online

  7. Other Forms of Filtering • One can filter on things other than source address – Such as worm signatures, unknown protocol identifiers, etc. • Also, there are unallocated IP addresses in IPv4 space – Can filter for packets going to or coming from those addresses • Some source addresses for local use only – Internet routers can drop packets to/from them Lecture 9 Page 7 CS 236 Online

  8. Realistic Limits on Filtering • Little filtering possible in Internet core – Packets being handled too fast – Backbone providers don’t want to filter – Damage great if you screw it up • Filtering near edges has its own limits – In what’s possible – In what’s affordable – In what the router owners will do Lecture 9 Page 8 CS 236 Online

  9. Rate Limits • Many routers can place limits on the traffic they send to a destination • Ensuring that the destination isn’t overloaded – Popular for denial of service defenses • Limits can be defined somewhat flexibly • But often not enough flexibility to let the good traffic through and stop the bad Lecture 9 Page 9 CS 236 Online

  10. Padding • Sometimes you don’t want intruders to know what your traffic characteristics are • Padding adds extra traffic to hide the real stuff • Fake traffic must look like real traffic – Usually means encrypt it all • Must be done carefully, or clever attackers can tell the good stuff from the noise Lecture 9 Page 10 CS 236 Online

  11. Routing Control • Use ability to control message routing to conceal the traffic in the network • Used in onion routing to hide who is sending traffic to whom – For anonymization purposes • Routing control also used in some network defense – To hide real location of a machine – E.g., SOS DDoS defense system Lecture 9 Page 11 CS 236 Online

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Why Why flow flow control? control? sender

1 Why Why flow flow control? control? sender

Lecture 7. Lecture 7. TCP mechanisms for: TCP mechanisms for: data transfer control / flow control error control congestion control Graphical examples (applet java) of several algorithms at:

589 views • 13 slides
Transbay Transit Center TG05.4R Traffic Control Package TG05.4R Traffic Control Request for

Transbay Transit Center TG05.4R Traffic Control Package TG05.4R Traffic Control Request for

Transbay Transit Center TG05.4R Traffic Control Package TG05.4R Traffic Control Request for Proposal (RFP) Package Overview Negotiated General Traffic Control & Engineering Services for Overall Project Traffic Control &

393 views • 15 slides
PDE Backstepping Control Traffic Congestion Control: of Congested Traffic A PDE Backstepping

PDE Backstepping Control Traffic Congestion Control: of Congested Traffic A PDE Backstepping

PDE Backstepping Control Traffic Congestion Control: of Congested Traffic A PDE Backstepping Perspective Miroslav Krstic (with Huan Yu) Mud pump From Mud Pit Harder: PT Oil Drilling Mud-assisted drilling u c helps take cuttings away +

935 views • 46 slides
Affects of Queuing Mechanisms on RTP Traffic Comparative Analysis of Jitter, End-to- End Delay

Affects of Queuing Mechanisms on RTP Traffic Comparative Analysis of Jitter, End-to- End Delay

Aim and Objectives Introduction Simulations and Results Conclusion References Affects of Queuing Mechanisms on RTP Traffic Comparative Analysis of Jitter, End-to- End Delay and Packet Loss Gregory Epiphaniou 1 Carsten Maple 1 Paul Sant 1

541 views • 20 slides
Formal Verification of the FTTRS Mechanisms for the Consistent Update of the Traffic Schedule

Formal Verification of the FTTRS Mechanisms for the Consistent Update of the Traffic Schedule

Formal Verification of the FTTRS Mechanisms for the Consistent Update of the Traffic Schedule Daniel Bujosa , Sergi Arguimbau, Patricia Arguimbau, Julin Proenza, Manuel Barranco Critical Adaptive Distributed Embedded Systems ( ADESs ) are able

317 views • 27 slides
Panta Rhei More Quality of Traffic by centralized or decentralized Control ?! Heraclitus All

Panta Rhei More Quality of Traffic by centralized or decentralized Control ?! Heraclitus All

Panta Rhei More Quality of Traffic by centralized or decentralized Control ?! Heraclitus All things are in (540 480 B.C.) constant flux Prof. Dr.-Ing. Dr. h. c. E. Schnieder Overview Traffic System view Control arrangements and

805 views • 42 slides
An Investigation Into Teredo and 6to4 Transition Mechanisms: Traffic Analysis M. Elich, P.

An Investigation Into Teredo and 6to4 Transition Mechanisms: Traffic Analysis M. Elich, P.

An Investigation Into Teredo and 6to4 Transition Mechanisms: Traffic Analysis M. Elich, P. Velan, T. Jirsk, P. eleda {elich|jirsik|celeda}@mail.muni.cz, petr.velan@cesnet.cz The 7th IEEE Workshop on Network Measurements, Sydney, October

397 views • 21 slides
Control Structures in C Overview 1)Logic & Logical Operators 2)Selection Mechanisms if

Control Structures in C Overview 1)Logic & Logical Operators 2)Selection Mechanisms if

Control Structures in C Overview 1)Logic & Logical Operators 2)Selection Mechanisms if elseif else switch 3)Loop Mechanisms 1 Logic and Selection In English (Natural Language) we can make statements such as: If it snows I stay

688 views • 37 slides
Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following authentication, we need to decide what the subject can access 1 Read F 1 OK 2 Bob Write to F Alice 2 F NO ! 3 Execute G G 3 OK

596 views • 56 slides
Towards Fair and Efficient Traffic Flow Coordination Mechanisms for 2+1 Roadways M. Aschermann 1

Towards Fair and Efficient Traffic Flow Coordination Mechanisms for 2+1 Roadways M. Aschermann 1

Towards Fair and Efficient Traffic Flow Coordination Mechanisms for 2+1 Roadways M. Aschermann 1 B. Friedrich 2 uller 1 J. P. M 1 Technische Universit at Clausthal 2 Technische Universit at Braunschweig EWGT 2017, Budapest, 4-6.

477 views • 27 slides
Integrating Vehicle Control with Traffic Management Murat Arcak UC Berkeley Cross-Layer

Integrating Vehicle Control with Traffic Management Murat Arcak UC Berkeley Cross-Layer

CNTS Workshop, July 8, 2019 Integrating Vehicle Control with Traffic Management Murat Arcak UC Berkeley Cross-Layer Traffic Control Goal: Making full use of existing infrastructure by coordinating network-level, road link-level and

889 views • 13 slides
Mechanisms in Procedures Mechanisms in Procedures CS 105 Tour of the Black Holes of

Mechanisms in Procedures Mechanisms in Procedures CS 105 Tour of the Black Holes of

Mechanisms in Procedures Mechanisms in Procedures CS 105 Tour of the Black Holes of Computing P() { Passing control To beginning of procedure code y

399 views • 13 slides
TRAFFIC CONTROL AND ROUTING IN A CONNECTED VEHICLE ENVIRONMENT MICHAEL ZHANG CIVIL AND

TRAFFIC CONTROL AND ROUTING IN A CONNECTED VEHICLE ENVIRONMENT MICHAEL ZHANG CIVIL AND

TRAFFIC CONTROL AND ROUTING IN A CONNECTED VEHICLE ENVIRONMENT MICHAEL ZHANG CIVIL AND ENVIRONMENTAL ENGINEERING UNIVERSITY OF CALIFORNIA DAVIS Workshop on Control for Networked Transportation Systems (CNTS) American Control Conference July

669 views • 20 slides
Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control

Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control

Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control Systems Maxime Trca, Julian Garbiso, Dominique Barth October 15, 2020 Outline I - Reinforcement Learning Applied to Traffic Signal Control II -

189 views • 16 slides
Control Mechanisms for Packet Audio in the Internet

Control Mechanisms for Packet Audio in the Internet

Control Mechanisms for Packet Audio in the Internet zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA France zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA Jean-Chrysostome Bolot And& Vega-Garcia INRIA B. P. 93 The current Internet

305 views • 8 slides
Train-led traffic control as a chance for regional railways Dipl.-Ing. Otfried Knoll KNOLL

Train-led traffic control as a chance for regional railways Dipl.-Ing. Otfried Knoll KNOLL

Train-led traffic control as a chance for regional railways Dipl.-Ing. Otfried Knoll KNOLL TRAFFIC & TOURISTIC SOLUTIONS St. Plten, Austria 5.11.2012 IRIC 2012 1 Operations led by a traffic controller Introductory remarks Train

406 views • 37 slides
Generic Router Assist Presenter: Tony Speakman Co-authors: Brad Cain Ken Calvert Christos

Generic Router Assist Presenter: Tony Speakman Co-authors: Brad Cain Ken Calvert Christos

51st IETF 6 August 2001 Generic Router Assist Presenter: Tony Speakman Co-authors: Brad Cain Ken Calvert Christos Papadopoulos Don Towsley Swapna Yelamanchi 51st IETF 6 August 2001 Page 1 Outline Model of Operation Filter

245 views • 13 slides
CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking,

CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking,

CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking, and programmable routers [PD] chapter 3.4 Xiaowei Yang xwy@cs.duke.edu Overview Switching hardware Software defined networking

1.07k views • 70 slides
Auto-Parallelizing Stateful Distributed Streaming Applica9ons Sco$

Auto-Parallelizing Stateful Distributed Streaming Applica9ons Sco$

Auto-Parallelizing Stateful Distributed Streaming Applica9ons Sco$ Schneider * , Mar9n Hirzel * , Bugra Gedik + and Kun-Lung Wu * * IBM Research

433 views • 22 slides
Computer Graphics Texture Filtering Philipp Slusallek Reconstruction Filter Simple texture

Computer Graphics Texture Filtering Philipp Slusallek Reconstruction Filter Simple texture

Computer Graphics Texture Filtering Philipp Slusallek Reconstruction Filter Simple texture mapping in a ray-tracer Ray hits surface, e.g. a triangle Each triangle vertex also has an arbitrary texture coordinate Map this vertex

842 views • 30 slides
Chapter 4: Manipulating Routing Updates CCNP-RS ROUTE Ali Aydemir Chapter 4 Objectives

Chapter 4: Manipulating Routing Updates CCNP-RS ROUTE Ali Aydemir Chapter 4 Objectives

Chapter 4: Manipulating Routing Updates CCNP-RS ROUTE Ali Aydemir Chapter 4 Objectives Describe network performance issues and ways to control routing updates and traffic. Describe the purpose of and considerations for using

1.49k views • 105 slides
Revisiting Bloom Filters Payload attribution via Hierarchiecal Bloom Filters Kulesh

Revisiting Bloom Filters Payload attribution via Hierarchiecal Bloom Filters Kulesh

Revisiting Bloom Filters Payload attribution via Hierarchiecal Bloom Filters Kulesh Shanmugasundaram, Herve Bronnimann, Nasir Memon 600.624 - Advanced Network Security version 3 Overview Questions Collaborative Intrusion Detection

1.29k views • 58 slides
Firewall-On-Demand Service Andreas Polyrakis, GRNET 15-16 February 2012, 5 th TF-NOC meeting,

Firewall-On-Demand Service Andreas Polyrakis, GRNET 15-16 February 2012, 5 th TF-NOC meeting,

GRNET Firewall-On-Demand Service Andreas Polyrakis, GRNET 15-16 February 2012, 5 th TF-NOC meeting, Dubrovnik, Croatia Contents 2 Firewall-On-Demand Motivation & Technology background Implementation Future plans &

470 views • 26 slides
Agenda Topology Discovery Background Limitations using mrinfo-rec A new probing tool:

Agenda Topology Discovery Background Limitations using mrinfo-rec A new probing tool:

MERLIN Measure the Router Level of the INternet Pascal Mrindol, Benoit Donnet, Jean-Jacques Pansiot, Matthew Luckie, Young Hyun Kaiserslautern - June 2011 Next Generation Internet 2011 Agenda Topology Discovery Background Limitations

414 views • 9 slides

More recommend