Eric,
I haven't read the full paper yet, however, are you simply acting as a
proxy and redirecting based on the secret tag found in the header?
What is your expectation for session/second use? I would think you would
need to scale largely, however, I don't have a good understanding of how
large
+1 for Bro
http://www.bro.org
http://packetpushers.net/healthy-paranoia-show-11-bro-the-outer-limits-of-ids/
Sent from my iPad
On Jun 13, 2013, at 2:32 PM, Eric Wustrow ew...@umich.edu wrote:
Hi all,
I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 gbps
link, with
On Jun 14, 2013, at 2:32 AM, Eric Wustrow wrote:
I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 gbps
link, with new blocked flows being dropped within a millisecond or so of
being added.
What's the actual application for this mechanism?
ROFL... I ca n't even typeee... so funny... perl fast oh goosh...
El jun 13, 2013 7:46 PM, Christopher Morrow morrowc.li...@gmail.com
escribió:
On Thu, Jun 13, 2013 at 6:37 PM, Phil Fagan philfa...@gmail.com wrote:
fast Perl
haha :) that's cute.
Oddly enough, anticensorship. We use similar technology as the censors
(DPI, flow blocking), but use our system in a non-censoring country's ISP
to detect secret tags in connections from censored countries, and serve as
a proxy for them. Once we detect a flow with a secret tag passing through
the
I think we just discussed this over in the huawei list ;-)
This is pretty awesome!
On Fri, Jun 14, 2013 at 12:30 PM, Eric Wustrow ew...@umich.edu wrote:
Oddly enough, anticensorship. We use similar technology as the censors
(DPI, flow blocking), but use our system in a non-censoring
Hi all,
I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 gbps
link, with new blocked flows being dropped within a millisecond or so of
being
added. I've been looking into using OpenFlow on an HP Procurve, but I don't
know much in this area, so I'm looking for better
On Thu, Jun 13, 2013 at 3:32 PM, Eric Wustrow ew...@umich.edu wrote:
Hi all,
I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 gbps
link, with new blocked flows being dropped within a millisecond or so of
being
added. I've been looking into using OpenFlow on an HP
I didn't think the bus up to the FGPA was very beefy...wouldn't you need to
send flows up there off the data-plane for inspection?
On Thu, Jun 13, 2013 at 2:03 PM, Christopher Morrow morrowc.li...@gmail.com
wrote:
On Thu, Jun 13, 2013 at 3:32 PM, Eric Wustrow ew...@umich.edu wrote:
Hi all,
On Thu, Jun 13, 2013 at 4:47 PM, Phil Fagan philfa...@gmail.com wrote:
I didn't think the bus up to the FGPA was very beefy...wouldn't you need to
send flows up there off the data-plane for inspection?
not sure, but their docs talk about using the fpga for doing HFT... so
I presume it's got
Are you trying to block flows from becoming established, knowing what
you're looking for ahead of time, or are you looking to examine a
stream of flow establishments, and will snipe off some flows once
you've determined that they should be blocked?
If you know a 5-tuple (src/dst IP, IP protocol,
I really like the idea of a stripe of linux boxes doing the heavy lifting.
Any suggestions on platforms, card types, and chip types that might be
better purposed at processing this type of data?
I assume you could write some fast Perl to ingest and manage the tables?
What would the package of
I would assume something FreeBSD based might be best
On Thu, Jun 13, 2013 at 4:37 PM, Phil Fagan philfa...@gmail.com wrote:
I really like the idea of a stripe of linux boxes doing the heavy lifting.
Any suggestions on platforms, card types, and chip types that might be
better purposed at
On Thu, Jun 13, 2013 at 6:37 PM, Phil Fagan philfa...@gmail.com wrote:
fast Perl
haha :) that's cute.
Better still, http://dilbert.com/strips/comic/1996-09-07/
Jeff
On 6/13/2013 6:41 PM, Christopher Morrow wrote:
On Thu, Jun 13, 2013 at 6:37 PM, Phil Fagan philfa...@gmail.com wrote:
fast Perl
haha :) that's cute.
On Thu, Jun 13, 2013 at 3:38 PM, Phil Fagan philfa...@gmail.com wrote:
I would assume something FreeBSD based might be best
Meh... personal choice. I prefer Linux, mostly because I know it best
and most network application development is taking place there.
On Thu, Jun 13, 2013 at 4:37 PM,
Procera Networks -- http://proceranetworks.com
That will do what you want.
Thanks,
---
Patrick Bailey
On Jun 13, 2013, at 3:32 PM, Eric Wustrow ew...@umich.edu wrote:
Hi all,
I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 gbps
link, with new blocked flows being
Yeah, I only thought of perl cause I'm used to running through 'while true'
loops and someone showed me Perl was about 400x fastergood thing I'm
not running through 10gb/s worth of data :-D
Figured getting closer to hardware was the way to go.I'll have to check
out PF_RING.
On Thu,
Johnathan is correct about not using perl for this. There are some iptables
modules, but they're all out of date or incomplete (I mention this because
if you get around to making them work decent, I'll love you for it).
Otherwise, perl - IPC::Run - ipt isn't going to gain you anything. And
I'd be
19 matches
Mail list logo