Implementation of data-collection tools using NetFlow for statistical analysis at the ISP level

University essay from Akademin för innovation, design och teknik

Author: Daniel Karlström; [2012]

Keywords: pmacct; statistical analysis; bgp; peer; peering; routing; route; quagga; virtual router; virtual; router; linux; graph; graphing; mrtg; database; mysql; script; scripting; python; bash; libpcap; mdh; data collection; data; collection; collecting; ISP; internet service provider; DoS; DDoS; attack; pmacct; statistisk analys; bgp; peer; peering; peera; routing; route; quagga; virtuell router; virtuell; router; linux; graf; grafa; mrtg; databas; mysql; script; scripting; python; bash; libpcap; mdh; datainsamling; insamling; data; ISP; internetleverantör; DoS; DDoS; attack;

Abstract: Defending against Dos- and DDoS attacks is difficult to accomplish; finding and filtering out illegitimate traffic from the legitimate flow is near impossible. Taking steps to mitigate or even block the traffic can only be done once the IP addresses of the attackers are known. This is achievable by monitoring the flows to- and from the target and identifying the attacker's IP addresses, allowing the company or their ISP to block the addresses itself by blackholing them (also known as a null route). Using the IP accounting and monitoring tool “pmacct”, this thesis aims to investigate whether or not the pmacct suite is suited for larger installations when tracking and mitigating DDoS-attacks, such at an Internet Service Provider (ISP). Potential problems are the amount of traffic that need to be analyzed and the computational power required to do it. This thesis also provide information about the pmacct suite at large. The conclusions are positive, indicating it does scale up to handle larger installations when given careful consideration and planning.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)