brocon 17 lightning talks blacklists revisited
play

BroCon 17 Lightning Talks Blacklists Revisited Aashish Sharma - PowerPoint PPT Presentation

Mar 08, 2024 •609 likes •1.32k views

BroCon 17 Lightning Talks Blacklists Revisited Aashish Sharma asharma@lbl.gov Blacklists Revisited Lightening Talk BroCon, 2017 Problem Problem: Blocking Bad Badness keeps increasing on the internet How to manage blocking and more so

  1. BroCon ’17 Lightning Talks

  2. Blacklists Revisited Aashish Sharma asharma@lbl.gov

  3. Blacklists Revisited Lightening Talk BroCon, 2017

  4. Problem

  11. Problem: Blocking Bad Badness keeps increasing on the internet

  12. How to manage blocking and more so unblocking

  13. So, Can we identify…...

  14. Are blocked IPs coming back ?

  15. How long do we block before unblock ?

  16. Can we keep state forever ( that we can identify badness quickly )

  17. Or, Are these one time visitors

  18. Can we find out how many local IPs did the blacklisted IPs touched ?

  19. How long the scan lasted ?

  20. When was the last connection ?

  21. Whats frequency of such connections ?

  22. Problem 2: We can read a million IPs using input-framework, but how to send those to 50 workers ?

  23. Million IPs * 50 workers = 50 million Events

  24. I want to be able to do this for 4 billion IPs

  25. Bloomfilter global Blacklist::m_w_add_bloom: event(val: opaque of bloomfilter);

  26. 1505245203.733616 1.2.3.4 8 128.3.x.y 0 icmp Blacklist::Drop [ip=1.2.3.4, source=blacklist.adhoc, comment=###### 2017-03-29: Multi-Causal Drop + COUNT=8, LOOKBACK=30 + Country_Analysis, COMMIT_COUNT=2488] Result: [block_until=<uninitialized>, watch_until=0.0, num_reblocked=0, current_interval=0, current_block_id=, location=<uninitialized>] 1.2.3.4 128.3.x.y 0 bro Notice::ACTION_LOG3600.000000 F

  27. Aug 3 00:47:07 177.139.195.165 Blacklist::ONGOING 1 1501724827.167408 1501745134.319078 00-05:38:27 00-00:21:33 69 70 blacklist.adhoc Aug 3 10:47:09 177.139.195.165 Blacklist::ONGOING 1 1501724827.167408 1501778367.997637 00-14:52:21 00-01:07:42 178 174 blacklist.adhoc Aug 3 20:47:09 177.139.195.165 Blacklist::ONGOING 2 1501724827.167408 1501816682.763774 01-01:30:56 00-00:29:06 240 240 blacklist.adhoc Aug 4 06:47:26 177.139.195.165 Blacklist::ONGOING 2 1501724827.167408 1501852922.704135 01-11:34:56 00-00:25:24 327 320 blacklist.adhoc Aug 4 16:47:28 177.139.195.165 Blacklist::ONGOING 2 1501724827.167408 1501888432.024195 01-21:26:45 00-00:33:36 390 369 blacklist.adhoc Aug 5 02:47:28 177.139.195.165 Blacklist::ONGOING 3 1501724827.167408 1501924862.984854 02-07:33:56 00-00:26:26 488 454 blacklist.adhoc Aug 5 12:47:29 177.139.195.165 Blacklist::ONGOING 3 1501724827.167408 1501961086.496166 02-17:37:39 00-00:22:43 584 548 blacklist.adhoc Aug 5 22:47:29 177.139.195.165 Blacklist::ONGOING 4 1501724827.167408 1501996956.381444 03-03:35:29 00-00:24:53 661 628 blacklist.adhoc Aug 6 08:47:45 177.139.195.165 Blacklist::ONGOING 4 1501724827.167408 1502032986.136781 03-13:35:59 00-00:24:39 778 737 blacklist.adhoc Aug 6 18:48:39 177.139.195.165 Blacklist::ONGOING 5 1501724827.167408 1502069303.080677 03-23:41:16 00-00:20:16 870 820 blacklist.adhoc Aug 7 04:48:39 177.139.195.165 Blacklist::ONGOING 5 1501724827.167408 1502105037.713573 04-09:36:51 00-00:24:42 955 906 blacklist.adhoc Aug 7 14:48:39 177.139.195.165 Blacklist::ONGOING 5 1501724827.167408 1502139365.973362 04-19:08:59 00-00:52:33 996 954 blacklist.adhoc Aug 8 00:48:39 177.139.195.165 Blacklist::ONGOING 6 1501724827.167408 1502177084.343250 05-05:37:37 00-00:23:55 1068 1023 blacklist.adhoc Aug 8 10:48:57 177.139.195.165 Blacklist::ONGOING 6 1501724827.167408 1502212184.928205 05-15:22:38 00-00:39:12 1144 1118 blacklist.adhoc

Recommend

Virtual Lightning Talk Overview and Steps I. Virtual Lightning Talks Technical Requirements a.

Virtual Lightning Talk Overview and Steps I. Virtual Lightning Talks Technical Requirements a.

Virtual Lightning Talk Overview and Steps I. Virtual Lightning Talks Technical Requirements a. The Virtual Lightning talks should not be more than 6 minutes in length. i. Additional time uses up valuable memory and will be downgraded during

282 views • 3 slides
L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L

L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L

STRUCK BY LIZ LIGHTNING PRODUCTIONS PRESENTS: L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L orado versus F L orida By: Elizabeth Liz Lightning Prasse Why lightning? Personal survivor

423 views • 23 slides
CSSE463: Image Recognition Day 18 Upcoming schedule: Lightning talks shortly Midterm

CSSE463: Image Recognition Day 18 Upcoming schedule: Lightning talks shortly Midterm

CSSE463: Image Recognition Day 18 Upcoming schedule: Lightning talks shortly Midterm exam Monday Sunset detector due Wednesday Multilayer feedforward neural nets Many perceptrons Organized into layers x 1 y 1 Input

199 views • 8 slides
Lightning Talks FIRST Conference 2011 Jacomo Piccolini Director of Outreach

Lightning Talks FIRST Conference 2011 Jacomo Piccolini Director of Outreach

Lightning Talks FIRST Conference 2011 Jacomo Piccolini Director of Outreach http://www.dragonresearchgroup.org/ Dragon Research Group is a volunteer research organization dedicated to further understanding of online criminality and to

287 views • 6 slides
ANZSMS27 STUDENT POSTER PRESENTATION Lightning Talks Session 5:00 pm 5:30 pm Thursday 31

ANZSMS27 STUDENT POSTER PRESENTATION Lightning Talks Session 5:00 pm 5:30 pm Thursday 31

ANZSMS27 STUDENT POSTER PRESENTATION Lightning Talks Session 5:00 pm 5:30 pm Thursday 31 January 2019 Student Prize Sponsor Accurate Mass Scientific (AMS) # Name Organisation Abstract Supercharged top-down H/D exchange mass University Of

529 views • 3 slides
Final project lightning talks In your collaboration teams: Two people with first names

Final project lightning talks In your collaboration teams: Two people with first names

Welcome back to [occ]! Informed But Unempowered Welcome back to [occ]! 2014-12-03 Final project lightning talks In your collaboration teams: Welcome back to [occ]! Two people with first names earliest in the alphabet will present today.

611 views • 39 slides
BLAG: Improving the Accuracy of Blacklists Sivaram Ramanathan 1 , Jelena Mirkovic 1 and Minlan Yu

BLAG: Improving the Accuracy of Blacklists Sivaram Ramanathan 1 , Jelena Mirkovic 1 and Minlan Yu

BLAG: Improving the Accuracy of Blacklists Sivaram Ramanathan 1 , Jelena Mirkovic 1 and Minlan Yu 2 1 University of Southern California/Information Sciences Institute 2 Harvard University IP Blacklists IP Blacklists contain a list of known

1.18k views • 81 slides
Lightning Talks June 2, 2020 Session I 2:15 - 2:20 Caleb Springer, Penn State 2:20 - 2:25 Jacob

Lightning Talks June 2, 2020 Session I 2:15 - 2:20 Caleb Springer, Penn State 2:20 - 2:25 Jacob

Lightning Talks June 2, 2020 Session I 2:15 - 2:20 Caleb Springer, Penn State 2:20 - 2:25 Jacob Mayle, University of Illinois at Chicago 2:25 - 2:30 Pip Goodman, University of Bristol 2:30 - 2:35 Jeroen Hanselman, Universitt Ulm 2:35 -2:40

767 views • 54 slides
NILM 2016 Lightning Talks Running order 1. Occupancy-aided Energy Disaggregation 2. Analyzing

NILM 2016 Lightning Talks Running order 1. Occupancy-aided Energy Disaggregation 2. Analyzing

NILM 2016 Lightning Talks Running order 1. Occupancy-aided Energy Disaggregation 2. Analyzing 100 Billion Measurements: A NILM Architecture for Production Environments 3. An Accurate Method of Energy Use Prediction for Systems with Known

179 views • 14 slides
CSSE463: Image Recognition Day 17 Today: Bayesian classifiers Tomorrow: Lightning talks

CSSE463: Image Recognition Day 17 Today: Bayesian classifiers Tomorrow: Lightning talks

CSSE463: Image Recognition Day 17 Today: Bayesian classifiers Tomorrow: Lightning talks and exam questions Weds night: Lab 4 due Thursday: Exam Bring your calculator. Questions? Exam Thursday Closed book, notes, computer

154 views • 14 slides
Final project lightning talks In your collaboration teams: People who havent presented

Final project lightning talks In your collaboration teams: People who havent presented

Welcome back to [occ]! (last day) Online Communities &amp; Crowds Welcome back to [occ]! (last day) 2014-12-06 Final project lightning talks In your collaboration teams: Welcome back to [occ]! (last day) People who havent presented

599 views • 22 slides
Recording Local Storage Confjguration FOSDEM Lightning Talks 1 st February 2020 Alasdair

Recording Local Storage Confjguration FOSDEM Lightning Talks 1 st February 2020 Alasdair

FOSDEM 2020 Recording Local Storage Confjguration FOSDEM Lightning Talks 1 st February 2020 Alasdair Kergon agk@redhat.com 1 V0000000 FOSDEM 2020 Common Problems My system has a problem with its storage devices. It's triggered

337 views • 17 slides
= + Heptapod FOSDEM 2020, Sunday lightning talks Georges Racinet Octobus, https://octobus.net

= + Heptapod FOSDEM 2020, Sunday lightning talks Georges Racinet Octobus, https://octobus.net

= + Heptapod FOSDEM 2020, Sunday lightning talks Georges Racinet Octobus, https://octobus.net Project site: https://heptapod.net Slides: https://fosdem.org/2020/schedule/event/heptapod_mercurial/ GitLab A well-known, fully integrated forge

696 views • 42 slides
WiredTiger Lightning Talk by: Alex Degtiar adegtiar@cmu.edu What is WiredTiger? NoSQL Storage

WiredTiger Lightning Talk by: Alex Degtiar adegtiar@cmu.edu What is WiredTiger? NoSQL Storage

WiredTiger Lightning Talk by: Alex Degtiar adegtiar@cmu.edu What is WiredTiger? NoSQL Storage Engine Underlying storage primitive of DBMS Local KVS e.g. Espresso and Tao Different from many of the talks given here Data

492 views • 9 slides
Characteriza*on of Blacklists and Tainted Network Traffic Jing Zhang

Characteriza*on of Blacklists and Tainted Network Traffic Jing Zhang

Characteriza*on of Blacklists and Tainted Network Traffic Jing Zhang 1 , Ari Chivukula 1 , Michael Bailey 1 , Manish Karir 2 , and Mingyan Liu 1 1 University of Michigan 2 Cyber Security Division, Department of

497 views • 24 slides
LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning

LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning

LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning presentation at our 2019 Annual Meeting. Please read ALL of these instructions carefully. PRESENTATION TIMING AND NUMBER OF SLIDES You have 1 minute to make

386 views • 3 slides
Almost over... Feedback Website schedule for talk feedback Booklet (infodesk) feedback@

Almost over... Feedback Website schedule for talk feedback Booklet (infodesk) feedback@

Almost over... Feedback Website schedule for talk feedback Booklet (infodesk) feedback@ fosdem.org Some stats 5 keynotes 38 lightning talks 36 talks in 9 main tracks 42 devrooms 618 events in total Infra stats T

677 views • 21 slides
LIGHTNING PRESENTATION GUIDELINES Thank you for giving a lightning presentation at our 2018 Annual

LIGHTNING PRESENTATION GUIDELINES Thank you for giving a lightning presentation at our 2018 Annual

LIGHTNING PRESENTATION GUIDELINES Thank you for giving a lightning presentation at our 2018 Annual Meeting. Please read ALL of these instructions carefully. PRESENTATION TIMING AND NUMBER OF SLIDES You have 1 minute to make a pitch that attracts

691 views • 3 slides
DANNA Neuromorphic Application Kit Demo James S. Plank Professor 2017 NICE Lightning Talk

DANNA Neuromorphic Application Kit Demo James S. Plank Professor 2017 NICE Lightning Talk

DANNA Neuromorphic Application Kit Demo James S. Plank Professor 2017 NICE Lightning Talk This is really an amalgamation of 2 talks l A Vertical Application Programming and Development Framework for Spike-Based Neuromorphic Computing Devices

507 views • 17 slides
Manipulation of Stable Matchings the Depths Summary using Minimal Blacklists Yannai A.

Manipulation of Stable Matchings the Depths Summary using Minimal Blacklists Yannai A.

Background A Poll Results Overview A Peek Into Manipulation of Stable Matchings the Depths Summary using Minimal Blacklists Yannai A. Gonczarowski The Hebrew University of Jerusalem Microsoft Research July 29, 2014 Proc. of the 15 th ACM

1.42k views • 129 slides
Tax Havens ns Blacklists klists and similar lar regimes es in Iberoameric oamerica Chairman:

Tax Havens ns Blacklists klists and similar lar regimes es in Iberoameric oamerica Chairman:

Tax Havens ns Blacklists klists and similar lar regimes es in Iberoameric oamerica Chairman: Prof. Dr. Martin Wenz General Reporter: Andrs Bez Blacklisting Aim Protection of national tax base and tax revenue against Distortions

439 views • 14 slides
What companies unabridged keyword blacklists say about Chinese censorship of realtime chat

What companies unabridged keyword blacklists say about Chinese censorship of realtime chat

What companies unabridged keyword blacklists say about Chinese censorship of realtime chat Jeffrey Knockel, Dissertation Defense, December 2017 Committee Jedidiah Crandall (chair) Ronald Deibert Stephanie Forrest Jared Saia 1989

635 views • 45 slides
LEAP . Welcomes you to your Lightning Decision Jam Prepared by LEAP Lightning Decision Jam or

LEAP . Welcomes you to your Lightning Decision Jam Prepared by LEAP Lightning Decision Jam or

Insert your client logo LEAP . Welcomes you to your Lightning Decision Jam Prepared by LEAP Lightning Decision Jam or LDJ Prepared by LEAP LDJ is a Creative Problem-Solving Loop Prepared by LEAP Lightning Decision Jam Values Prepared

465 views • 30 slides
Sisterhood Polygamy, Blacklists, and Mismatched in the Gale-Shapley Matching Algorithm Quotas

Sisterhood Polygamy, Blacklists, and Mismatched in the Gale-Shapley Matching Algorithm Quotas

Background Monogamous Case Sisterhood Polygamy, Blacklists, and Mismatched in the Gale-Shapley Matching Algorithm Quotas Yannai A. Gonczarowski Einstein Institute of Mathematics and Center for the Study of Rationality The Hebrew

709 views • 54 slides

More recommend