build your own sie
play

Build Your Own SIE Oct 22, 2012 Baltimore, MD Eric Ziegast - PowerPoint PPT Presentation

Jul 10, 2023 •131 likes •372 views

Build Your Own SIE Oct 22, 2012 Baltimore, MD Eric Ziegast <info@sie.isc.org> Monday, October 22, 2012 Agenda Limited Scope (internal only - no policy stuff) Hardware Infrastructure concepts nmsgtool Q&A

  1. Build Your Own SIE Oct 22, 2012 Baltimore, MD Eric Ziegast <info@sie.isc.org> Monday, October 22, 2012

  2. Agenda • Limited Scope  (internal only - no policy stuff) • Hardware • Infrastructure concepts • nmsgtool • Q&A Monday, October 22, 2012

  3. Hardware • SIE Switch  Many will fail over to broadcast traffic  Some that work • D-Link DGS-3026 (early, had issues) • Extreme Networks x450a-24t (production • Cisco 3750X (in beta) • Servers  2 or more 2.0GHz amd64 cores  lots of ram  Intel server-grade GigE NICs 3 Monday, October 22, 2012

  4. ISC SIE Infrastructure - Sensors - Sensor upload relays - Inter-node relays - Participants Monday, October 22, 2012

  5. Functionality / roles • SIE switch  partition VLANs  broadcast data  trunk to other switches • Sensor  collect data (ethernet tap, stream input)  upload: • dump to file regularly, rsync, ssh • broadcast directly to channel • relay over network to another nmsgtool 5 Monday, October 22, 2012

  6. Functionality / roles • Inter-node relay  Listen to VLAN and rebroadcast to another nmsgtool on remote side (lossy)  Dump to file, rsync to other side, replay (no loss, but might delay or clog) • Participants  Listen to data off the wire or broadcast  Dump to file for batch processing, or multi- threaded programmng to process in real time  Relay into server or off server to remote processing 6 Monday, October 22, 2012

  7. Functionality / roles • Participants (properties)  Loosely coupled multi-processor 7 Monday, October 22, 2012

  8. VLANs (Cisco) interface GigabitEthernet1/0/48 description SPLIT2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 7,14,25,26,80,81,201-204,206-209 switchport mode trunk interface GigabitEthernet1/0/7 desciption mc7.sie switchport trunk encapsulation dot1q switchport trunk allowed vlan 7,14,25,80 switchport mode trunk interface GigabitEthernet1/0/8 description mc8.sie switchport trunk encapsulation dot1q switchport trunk allowed vlan 7,14,25,80,202-204,206-208 switchport mode trunk Monday, October 22, 2012

  9. VLANs (Extreme) create vlan "sie-ch7" configure vlan sie-ch7 tag 7 ...etc... create vlan "sie-ch209" configure vlan sie-ch209 tag 209 configure ports 7 display-string mc7.sie configure ports 8 display-string mc8.sie configure ports 48 display-string SPLIT2 configure vlan sie-ch7 add ports 7-8, 48 tagged configure vlan sie-ch14 add ports 7-8, 48 tagged configure vlan sie-ch25 add ports 7-8, 48 tagged configure vlan sie-ch26 add ports 48 tagged configure vlan sie-ch80 add ports 7-8, 48 tagged configure vlan sie-ch81 add ports 48 tagged configure vlan sie-ch201 add ports 48 tagged configure vlan sie-ch202 add ports 7, 48 tagged ...etc... configure vlan sie-ch208 add ports 7, 48 tagged configure vlan sie-ch209 add ports 48 tagged Monday, October 22, 2012

  10. VLANs (servers) Linux: ip link add link eth1 name eth1.209 type vlan id 209 ip link set up eth1 mtu 9000 vconfig add eth1 209 ip addr add 10.0.209.18/24 dev eth1.209 eth1.7 inet addr:10.255.1.18 Bcast:0.0.0.0 Mask:255.255.255.0 eth1.14 inet addr:10.0.14.18 Bcast:0.0.0.0 Mask:255.255.255.0 ...etc... eth1.209 inet addr:10.0.209.18 Bcast:0.0.0.0 Mask:255.255.255.0 BSD: ifconfig create vlan 209 vlandev em1 vlan7: inet 10.255.1.18 netmask 0xffffff00 broadcast 10.255.1.255 � vlan: 7 parent interface: em1 vlan14: inet 10.0.14.18 netmask 0xffffff00 broadcast 10.0.14.255 � vlan: 14 parent interface: em1 vlan209: inet 10.0.209.18 netmask 0xffffff00 broadcast 10.0.209.255 � vlan: 209 parent interface: em1 Study our auto-config script: http://rsfcode.isc.org/git/sie-update/tree/sie-update Monday, October 22, 2012

  11. nmsgtool • NMSG  read/write from UDP • unicast (remote copy) • broadcast (SIE switch)  read/write from 0mq ( Unix or TCP sockets )  read/write from files in NMSG binary  print presentation output  read presentation output 11 Monday, October 22, 2012

  12. nmsgtool Receiving messages off the switch: [-C channel] or --readchan read nmsg data from socket(s) [-l so] or --readsock read nmsg data from socket (addr/port) See: (/usr/local)/etc/nmsgtool.chalias -C ch25 == -l 10.0.25.255/8430 -l 10.0.25.255/9430 [-c count] or --count stop or reopen after count payloads output Example: nmsgtool -C ch202 -o - -c 5 12 Monday, October 22, 2012

  13. nmsgtool Capturing data: [-i if[+][,snap]] or --readif read pcap data from interface ('+' = promisc) [-p file] or --readpcap read pcap data from file [-b filter] or --bpf filter pcap inputs with this bpf [-V vendor] or --vendor vendor [-T msgtype] or --msgtype message type Darknet relay example: nmsgtool -V ISC -T pkt -i sie.14+ -m 1280 \ -s ${REMOTE_SERVER_IP}/50140 -z 13 Monday, October 22, 2012

  14. nmsgtool SIE DNS sensor: NMSG_KICKER=/usr/local/lib/sie/sie-kicker ch202 DNSQR_CAPTURE_RD=0 DNSQR_RES_ADDRS=149.20.XX.YY, 2001:4f8:ZZ:XX::YY ARGV_NMSGTOOL= -i rl0 -V ISC -T dnsqr -z -t 60 -w /var/spool/sie/new/ch202/XX.isc.org /usr/local/bin/nmsgtool -D -P /var/run/sie_dns_sensor.pid Take a look at scripts included with sie-dns-sensor on rsfcode.isc.org or these: ftp://ftp.isc.org/isc/nmsg/misc/sie-scripts/ 14 Monday, October 22, 2012

  15. nmsgtool Cheating to create messages from text input: [-f file] or --readpres read pres format data from file [-V vendor] or --vendor vendor [-T msgtype] or --msgtype message type Event injection example (old ch21): #!/bin/sh REASON=$1 NMSGTOOL="nmsgtool -V sie -T reputation -f - \ --setsource $NMSG_ID -s 10.0.21.255/8430" while read ip do $NMSGTOOL <<EOF type: ADDRESS address: $ip tag: aa419_ddos_add value: $REASON EOF done 15 Monday, October 22, 2012

  16. nmsgtool Writing them to files: [-w file] or --writenmsg write nmsg data to file [-z] or --zlibout compress nmsg output [-c count] or --count stop or reopen after count payloads output [-t secs] or --interval stop or reopen after secs have elapsed [-k cmd] or --kicker make -c, -t continuous; run cmd on new files Writes files every 15 minutes and processes: nmsgtool -C ch113 -w /data/ch204 -z -t 900 -k convert2csv.sh The convert2csv.sh script gets $1 set as file argument 16 Monday, October 22, 2012

  17. nmsgtool Rebroadcasting them: [-s so[,r[,f]]] or --writesock write nmsg data to socket (addr/port) [-m mtu] or --mtu MTU for datagram socket outputs [--mirror] mirror payloads across data outputs [--unbuffered] don't buffer writes to outputs Take a file and spit it out to a channel: nmsgtool -r FILE -s 10.0.113.255/8430,10000,1000 --unbuffered Stripe it across multiple USP ports: nmsgtool -r FILE --unbuffered \ -s 10.0.113.255/8430,10000,1000 \ -s 10.0.113.255/8431,10000,1000 Mirror it to another port: nmsgtool -r FILE --unbuffered --mirror \ -s 10.0.113.255/8430,10000,1000 \ -s 127.0.0.1/8430 17 Monday, October 22, 2012

  18. nmsgtool Misc: [--getsource sonum] only process payloads with this source value [--getoperator opname] only process payloads with this operator value [--getgroup grname] only process payloads with this group value [--setsource sonum] set payload source to this value [--setoperator opname] set payload operator to this value [--setgroup grname] set payload group to this value 18 Monday, October 22, 2012

  19. Relay uploader Used to run chroot sshd+rsync or sftp server on FreeBSD. Maintained custom script to take an upload and queue uploaded FILEs for “nmsgtool -r FILE -s IP/PORT” playback. Now: http://rsfcode.isc.org/git/isc-sleigh/ isc-sleigh: Debian-based minimal privilege rsync/ssh file service ----------------------------------------------------------------- sleigh is a utility for automatically setting up a multi-user minimal privilege rsync-over-ssh file submission service on Debian-based systems. The sleigh Debian package ships a dedicated sshd_config file and runit service directory. Authentication is public key based, with public keys stored outside of chroot user home directories in the directory /etc/sleigh/authorized_keys.d. Individual users and "queues" (per-user writeable upload directories) are configured with the "sleigh" command line utility. sleigh makes use of the Debian libnss-extrausers package in order to avoid modifying the main /etc/passwd and /etc/group databases, and also depends on the isc-rsync-static and isc-rsync-server-wrapper packages, which are available from http://rsfcode.isc.org/. 19 Monday, October 22, 2012

  20. ISC SIE Properties (cont.) - Loosely Coupled Multi Processor - Open sourced data - making intermediate products available 20 Monday, October 22, 2012

  21. Build Your Own Internally - Get a switch - We use Extreme Networks x450a-24t - Testing Cisco 3750X - Configure VLANs - Find data - nmsgtool sensors JSON, XML, sie-dns-sensor - darknet arp vrf onto switch - sinkhole httpk null web server - netflow nfdump + nfreplay to roadcast address 21 Monday, October 22, 2012

Recommend

self build housing Ted Stevens NaSBA Chair What is Self/Custom Build? Who does it/what is

self build housing Ted Stevens NaSBA Chair What is Self/Custom Build? Who does it/what is

New ways of delivering self build housing Ted Stevens NaSBA Chair What is Self/Custom Build? Who does it/what is changing? The New Self Build Policy Why Support Self Build? The Self Build Revolution so Far Some Case Studies What is Self

960 views • 56 slides
Build-Finance or Design-Build-Finance Transportation Projects Types of P3s Design-Build (DB)

Build-Finance or Design-Build-Finance Transportation Projects Types of P3s Design-Build (DB)

Build-Finance or Design-Build-Finance Transportation Projects Types of P3s Design-Build (DB) D B Asset Management Contract R M Design-Build-Finance (DBF) F Design-Build-Operate-Maintain (DBOM) Increasing Private Sector Role

218 views • 19 slides
Build Build Build Build System building The process of compiling and linking software

Build Build Build Build System building The process of compiling and linking software

Build Build Build Build System building The process of compiling and linking software components into an executable system Different systems are built from different combinations of components Invariably supported by automated

557 views • 20 slides
Build it, Break it, Fix it Build-it Lecture Prof. Eric Bodden Build It, Break It, Fix It SS

Build it, Break it, Fix it Build-it Lecture Prof. Eric Bodden Build It, Break It, Fix It SS

Build it, Break it, Fix it Build-it Lecture Prof. Eric Bodden Build It, Break It, Fix It SS 17 Today Introduction n Theoretical Part: How to Build Secure Software n Brief Problem Overview n Setup HowTo for Phase I n 2 Prof. Eric

610 views • 50 slides
Heapsort Build-Max-Heap Next we build a full heap from an unsorted sequence Build-Max-Heap(A)

Heapsort Build-Max-Heap Next we build a full heap from an unsorted sequence Build-Max-Heap(A)

Heapsort Build-Max-Heap Next we build a full heap from an unsorted sequence Build-Max-Heap(A) for i = floor( A.length/2 ) to 1 Max-Heapify(A, i) Build-Max-Heap Red part is already Heapified Build-Max-Heap Correctness: Base: Each alone

429 views • 23 slides
Best Practices and lessons learned about the Design Build process 2 3 Includes the

Best Practices and lessons learned about the Design Build process 2 3 Includes the

Design Build versus the traditional Design Bid Build process The benefits of using the Design Build process Maximizing DBE Program participation under the Design Build process Required special provisions and DBE goal setting

460 views • 35 slides
BUILD BUILD BUILD Nigerias Infrastructure Space Opportunities &amp; Challenges PRESENTATION

BUILD BUILD BUILD Nigerias Infrastructure Space Opportunities &amp; Challenges PRESENTATION

BUILD BUILD BUILD Nigerias Infrastructure Space Opportunities &amp; Challenges PRESENTATION BY THE INFRASTRUCTURE CONCESSION REGULATORY COMMISSION AT THE 1ST ISTANBUL PPP WEEK, 2015. ISTANBUL, TURKEY Engr. Chidi Izuwah Ag. DIRECTOR

774 views • 46 slides
Can we build a complete set of tools ? RT Can we build a complete set of tools ? RT Spectra,

Can we build a complete set of tools ? RT Can we build a complete set of tools ? RT Spectra,

Can we build a complete set of tools ? RT Can we build a complete set of tools ? RT Spectra, Images Channel maps Interfero: nIR + mm (CASA) SEDs Herschel, ALMA, PIONIER/Gravity, JWST, SPICA ALMA, SPHERE/GPI Can we build a

756 views • 28 slides
Media actions to increase the visibility of BUILD UP and its Partners Gilles VAILLE BUILD UP

Media actions to increase the visibility of BUILD UP and its Partners Gilles VAILLE BUILD UP

Media actions to increase the visibility of BUILD UP and its Partners Gilles VAILLE BUILD UP Users and Stakeholders Committee Brussels, 25 June 2010 BUILD UP Public Relations Desk Table of contents Webvertising actions Promotional

403 views • 16 slides
Build Engineering Build Engineering Evolution in Managing OS Pete Garcin , Senior Product

Build Engineering Build Engineering Evolution in Managing OS Pete Garcin , Senior Product

Build Engineering Build Engineering Evolution in Managing OS Pete Garcin , Senior Product Manager, ActiveState Shaun Lowry , Build Engineering Lead, ActiveState Build Engineering and its Role in Managing Open Source Build Engineering

688 views • 36 slides
You build it, you run it Matthias Rampke, SoundCloud You build it, you run it Operating

You build it, you run it Matthias Rampke, SoundCloud You build it, you run it Operating

You build it, you run it Matthias Rampke, SoundCloud You build it, you run it Operating SoundCloud's microservice architecture GOTO Berlin 2016 Intro: me Who I am and where I work Engineer in Production Engineering (platform, monitoring,

583 views • 32 slides
We cant always build the fvture for our youth, but we can build our youth for the fvture.

We cant always build the fvture for our youth, but we can build our youth for the fvture.

We cant always build the fvture for our youth, but we can build our youth for the fvture. - Franklin D. Roosevelt Student Interest in AT/PT TOP 10 CAREER CHOICET FOR GENERATION Z As a society, we must take the question of, What

483 views • 35 slides
Design-Build Presentation Objectives- Why Design-Build? What is the rush? What is the

Design-Build Presentation Objectives- Why Design-Build? What is the rush? What is the

22420 US 550-US160 Connection South Design-Build Presentation Objectives- Why Design-Build? What is the rush? What is the Difference How does that affect How I contribute My insurance Methods of Project Delivery CDOTs

321 views • 20 slides
WE BUILD &amp; WEB APP We build elegant and functional solutions We deliver apps essentials at

WE BUILD &amp; WEB APP We build elegant and functional solutions We deliver apps essentials at

WE BUILD &amp; WEB APP We build elegant and functional solutions We deliver apps essentials at your fjnger using Ruby on Rails, node.js, Angular JS and tips. Functional, fmawless and easy to use. more. SEO APP We build elegant and

410 views • 10 slides
Build a Geant4 application Geant4 tutorial Application build process 1) Properly organize your

Build a Geant4 application Geant4 tutorial Application build process 1) Properly organize your

JUNO GEANT4 SCHOOL Beijing ( ) 15-19 May 2017 Build a Geant4 application Geant4 tutorial Application build process 1) Properly organize your code into directories 2) Prepare a CMakeLists.txt file 3) Create a build directory and run

384 views • 10 slides
ABF as a Development Framework with ARM-powered Build Nodes by the example of OpenMandriva

ABF as a Development Framework with ARM-powered Build Nodes by the example of OpenMandriva

ABF as a Development Framework with ARM-powered Build Nodes by the example of OpenMandriva 2014.0 / Cooker armv7hl Alexander Khryukin (OpenMandriva) ABF - Automated Build Farm Main purposes: Build packages and ISO images for various

172 views • 13 slides
Validate Configuration against Build Artifacts: An Essential Step for your Build Process by

Validate Configuration against Build Artifacts: An Essential Step for your Build Process by

Validate Configuration against Build Artifacts: An Essential Step for your Build Process by Harold Fortuin, Ph.D. Principal Software Engineer Fortuitous Consulting Services, Inc. JavaEE projects rely on (XML) config files which reference

609 views • 28 slides
WELCOME BUILD APPS &amp; EXTEND DREAM IT THEN BUILD IT ON DOMO Trevor Tingey Chris Jones

WELCOME BUILD APPS &amp; EXTEND DREAM IT THEN BUILD IT ON DOMO Trevor Tingey Chris Jones

WELCOME BUILD APPS &amp; EXTEND DREAM IT THEN BUILD IT ON DOMO Trevor Tingey Chris Jones Director of Engineering Co-founder, Chief Solutions Guru Domo, App Platform Data JoNZ 3 DREAM IT, THEN BUILD IT ON DOMO. St Store 4 A FOCUS ON

854 views • 38 slides
Industrialisation of applications build in embedded environment How to build AGL (Automotive

Industrialisation of applications build in embedded environment How to build AGL (Automotive

Industrialisation of applications build in embedded environment How to build AGL (Automotive Grade Linux) applications with Jenkins pipeline and X(cross) Development System (XDS)? AMM Feb/2018 Frederic Marec Embedded Engineer

508 views • 25 slides
DESIGN BID BUILD CSD HDR Contractor Sub Sub Sub DESIGN-BID-BUILD Most common approach in

DESIGN BID BUILD CSD HDR Contractor Sub Sub Sub DESIGN-BID-BUILD Most common approach in

DESIGN BID BUILD CSD HDR Contractor Sub Sub Sub DESIGN-BID-BUILD Most common approach in the US Entirely sequential Can be single-prime or multi-prime District holds all contracts Cost is the only criteria for selection

286 views • 16 slides
CPSC 102 Build Tools Z A IN R IZ V I What Are Build Tools? Automate the compiling of

CPSC 102 Build Tools Z A IN R IZ V I What Are Build Tools? Automate the compiling of

CPSC 102 Build Tools Z A IN R IZ V I What Are Build Tools? Automate the compiling of executable applications from source code. Why is this important? Compilation Order Computer Scientists are lazy 1 2 3 4 Specify the order in

481 views • 8 slides
Java build system by Zoltn Jakab zoltan.jakab@ericsson.com Contents Build a Java program

Java build system by Zoltn Jakab zoltan.jakab@ericsson.com Contents Build a Java program

Java build system by Zoltn Jakab zoltan.jakab@ericsson.com Contents Build a Java program Ant Concept Language elements Reuse and extension Other Java build tools Hello world package demo; public class HelloWorld {

798 views • 50 slides
Opportunities offered by the BUILD UP interactive web portal Timothe Nol BUILD UP Users and

Opportunities offered by the BUILD UP interactive web portal Timothe Nol BUILD UP Users and

Opportunities offered by the BUILD UP interactive web portal Timothe Nol BUILD UP Users and Stakeholders Committee Brussels, 15 December 2009 Project Officer EACI Unit 2 Energy Efficiency Goals Improve the energy performance of

338 views • 6 slides
Where we're at: Syntax analysis of VSL Things needed to Submit homework (pdfs and

Where we're at: Syntax analysis of VSL Things needed to Submit homework (pdfs and

Where we're at: Syntax analysis of VSL Things needed to Submit homework (pdfs and tarballs) Build programs (make, cc) Build scanners (Lex/flex) Build parsers (Yacc/bison) Build symbol tables (hashtables/libghthash)

588 views • 25 slides

More recommend