[123823] in North American Network Operators' Group
Re: OBESEUS - A new type of DDOS protector
daemon@ATHENA.MIT.EDU (Guillaume FORTAINE)
Tue Mar 16 15:57:17 2010
Date: Tue, 16 Mar 2010 20:56:31 +0100
From: Guillaume FORTAINE <gfortaine@live.com>
To: nanog@nanog.org
In-Reply-To: <30B768FE-2D3E-4B69-84AA-8717B767C374@arbor.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Dear Mister Dobbins,
Thank you for your reply.
> Flow telemetry has demonstrated its extraordinary utility to network operators worldwide over the last decade, and continued advances such as Cisco's Flexible NetFlow and the IETF IPFIX/PSAMP effort signify that this is the broad consensus of the operational community.
>
What about Argus ? [1]
http://qosient.com/argus/
> Layer-7 attacks against various types of services/apps can achieve significant amplification effects and disproportionate impact, are increasing in frequency and impact, and therefore must be addressed by any operationally viable solution in this space.
>
https://www.dpacket.org/
> I believe that an effective and operationally useful open-source solution for basic DDoS detection/classification/traceback/mitigation can be implemented using existing widely-used and -understood tools/techniques as described here:
>
> <http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html>
>
Me and my partners are working on a Flow Based Security Awareness
Framework for High-Speed Networks.
http://docs.google.com/viewer?url=http://www.vabo.cz/spi/2009/presentations/03/02-celeda_rehak_CAMNEP_no_video.pdf
For a demo :
http://demo.cognitivesecurity.cz/
I look forward to your answer,
Best Regards,
Guillaume FORTAINE
[1]
https://tools.netsa.cert.org/wiki/download/attachments/10027010/Bullard_IntroductionToArgus.pdf?version=1&modificationDate=1263221338000
