DoS protection for a Pragmatic Multiservice Network Based on Programmable Networks

Proceedings of First International IFIP TC6 Conference, AN 2006, Paris, France, September 27-29, 2006.We propose a scenario of a multiservice network, based on pragmatic ideas of programmable networks. Active routers are capable of processing both active and legacy packets. This scenario is vulnerable to a Denial of Service attack, which consists in inserting false legacy packets into active routers. We propose a mechanism for detecting the injection of fake legacy packets into active routers. This mechanism consists in exchanging accounting information on the traffic between neighboring active routers. The exchange of accounting information must be carried out in a secure way using secure active packets. The proposed mechanism is sensitive to the loss of packets. To deal with this problem some improvements in the mechanism has been proposed. An important issue is the procedure for discharging packets when an attack has been detected. We propose an easy and efficient mechanism that would be improved in future work.Publicad

Towards an incremental deployment of ERN protocols: a proposal for an E2E-ERN hybrid protocol

We propose an architecture based on a hybrid E2E-ERN approach to allow incremental deployment of ERN (Explicit Rate Notification) protocols in heterogeneous networks. The proposed IP-ERN architecture combines E2E (End-to-End)and ERN protocols and uses the minimum between both congestion windows to perform. Without introducing complex operation, the resulting E2E-ERN protocol provides inter and intra protocol fairness and benefits from all ERN protocol advantages when possible. We detail the principle of this novel IP-ERN architecture and show that this architecture is highly adaptive to the network dynamic and is compliant with IPv4, IPv6 as well as IP-in-IP tunneling solutions

NetServ Framework Design and Implementation 1.0

Eyeball ISPs today are under-utilizing an important asset: edge routers. We present NetServ, a programmable node architecture aimed at turning edge routers into distributed service hosting platforms. This allows ISPs to allocate router resources to content publishers and application service pro\-vi\-ders motivated to deploy content and services at the network edge. This model provides important benefits over currently available solutions like CDN. Content and services can be brought closer to end users by dynamically installing and removing custom modules as needed throughout the network. Unlike previous programmable router proposals which focused on customizing features of a router, NetServ focuses on deploying content and services. All our design decisions reflect this change in focus. We set three main design goals: a wide-area deployment, a multi-user execution environment, and a clear economic benefit. We built a prototype using Linux, NSIS signaling, and the Java OSGi framework. We also implemented four prototype applications: ActiveCDN provides publisher-specific content distribution and processing; KeepAlive Responder and Media Relay reduce the infrastructure needs of telephony providers; and Overload Control makes it possible to deploy more flexible algorithms to handle excessive traffic

PF_IPOPTION: A Kernel Extension for IP Option Packet Processing

Existing UNIX kernels cannot easily deliver IP packets containing IP options to applications. To address this problem, we have defined and implemented a new protocol family called PFIPOPTION or the FreeBSD kernel. We have verified the implementation with some of the commonly used IP options. Measurements in kernel and user space showed that BSD socket I/O is the performance bottleneck

Multicast Simulation in OMNeT++

Tato bakalářská práce se zabývá možnostmi simulace multicastu v simulátoru OMNeT++. Popisuje základní principy multicastového přenosu dat a podrobně se věnuje protokolu IGMP ve všech jeho verzích. Praktickou částí práce je návrh a implementace rozšiřujícího modulu protokolu IGMP do simulátoru OMNeT++.This bachelor thesis deals with the possibilities of multicast simulation in OMNeT++ simulator. It describes basic principles of the multicast data transfer and closely focuses on the IGMP protocol in all of its versions. The applied part of this thesis consists of a design and implementation of an IGMP extension module for the OMNeT++ simulator.

Grano-GT: A granular ground truth collection tool for encrypted browser-based Internet traffic

© 2020 Modern network traffic classification puts much attention toward producing a granular classification of the traffic, such as at the application service level. However, the classification process is often impaired by the lack of granular network traffic ground truth. Granular network traffic ground truth is critical to provide a benchmark for a fair evaluation of modern network traffic classification. Nevertheless, in modern network traffic classification, existing ground truth tools only managed to build the ground truth at the application name level at most. Application name level granularity is quickly becoming insufficient to address the current needs of network traffic classification and therefore; this paper presents the design, development and experimental evaluation of Grano-GT, a tool to build a reliable and highly granular network traffic ground truth for encrypted browser-based traffic at the application name and service levels. Grano-GT builds on four main engines which are packet capture, browser, application and service isolator engines. These engines work together to intercept the application requests and combine them with the support of temporal features and cascading filters to produce reliable and highly granular ground truth. Preliminary experimental results show that Grano-GT can classify the Internet traffic into respective application names with high reliability. Grano-GT achieved an average accuracy of more than 95% when validated using nDPI at the application name level. The remaining 5% loss of accuracy was primarily due to the unavailability of signatures in nDPI. In addition, Grano-GT managed to classify application service traffic with significant reliability and validated using the Kolmogorov-Smirnov test

Desarrollo de un cliente DVB-IP con perfil Live Media Broadcast (LMB)

En este proyecto se ha desarrollado un software cliente en lenguaje de programación C, capaz de visualizar canales DVB-IP (Digital Video Broadcast sobre redes IP). DVB-IP es un estándar desarrollado por DVB para el envío de audio, video y otros datos a través de redes IP. La aplicación desarrollada cumple el perfil denominado LMB (Live Media Broadcast) definido en el mismo. Este perfil indica los pasos necesarios para la visualización de contenido "Live Media" Se han desarrollado las funcionalidades definidas en el estándar para la selección de punto de entrada (Entry Point), selección del proveedor de servicios deseado, obtención del listado de canales disponibles en el proveedor de servicios y finalmente la visualización de dichos canales mediante la aplicación VLC. Finalmente se ha implementado un escenario completo, compuesto en uno de sus extremos por un servidor DVB-IP, en el otro extremo el cliente desarrollado y entre ambos un router multicast intermedio, pudiendo realizar las pruebas y verificar el correcto funcionamiento de la solución desarrollada. El software desarrollado podría ser integrado en un equipo con capacidad para interpretar el lenguaje C y realizar las funciones necesarias para la recepción de canales "Live Media", con cualquier proveedor de servicios que emita contenido DVB-IP