dhcp rework in bro 2 6
play

DHCP Rework in Bro 2.6 Seth Hall Corelight Why Tackled? Why - PowerPoint PPT Presentation

Jun 02, 2023 •474 likes •626 views

DHCP Rework in Bro 2.6 Seth Hall Corelight Why Tackled? Why Tackled? Log wasnt great. Purely based on DHCP ACK messages. No tie together between assigned IP address and MAC address. Load balancing issues Mix of broadcast

  1. DHCP Rework in Bro 2.6 Seth Hall Corelight

  2. Why Tackled?

  3. Why Tackled? • Log wasn’t great. • Purely based on DHCP ACK messages. • No tie together between assigned IP address and MAC address. • Load balancing issues • Mix of broadcast and unicast packets is a nightmare for load balancing.

  4. Design Approach 
 Novel BinPAC Structure Define a case with no values up front Refine and extend case (switch)

  5. Design Approach 
 Simplify Event Structure

  6. Design Approach 
 Centralize DHCP messages Worker Worker Worker Worker Worker Worker DHCP::aggregate_msgs Manager

  7. Design Approach 
 Log DHCP “Conversation” Client Server discover o ff er request One Log Entry! ack

  8. What’s in the log?

  9. Regrets & Mistakes • Blindly changed the DHCP event structure! • Thanks to Vlad Grigorescu for jumping in and writing a compatibility script for scripts that haven’t been updated. • @load protocols/dhcp/deprecated_events • No DHCPv6!

  10. Fun Stuff 
 IP Forwarding option (19)

  11. Fun Stuff 
 Client FQDN option (81)

  12. Fun Stuff 
 Client FQDN option (81) • BAHRxHxxxx.resource.ds.bah.com • PLxxxxxx-NB.corp.tangoe.com • sysxxxl.meachamapel.com • ussfmblxxxx.na.watson.com • L01OHxxxxxxxxxQ.cardinalhealth.net 


  13. Fun Stuff 
 Auto Proxy Config option (252)

  14. Thanks!

Recommend

REWORK REDUCTION on Industrial Projects. COAA Conference : Edmonton May 2006 Agenda Rework

REWORK REDUCTION on Industrial Projects. COAA Conference : Edmonton May 2006 Agenda Rework

COAAs Initiatives Toward REWORK REDUCTION on Industrial Projects. COAA Conference : Edmonton May 2006 Agenda Rework Reduction Project Rework Reduction Tool PRRT TM The Tool: Purpose, Features & Benefits, Overview

637 views • 30 slides
DHCP (RFC 2131) Deliver host-specific configuration parameters from DHCP server to host.

DHCP (RFC 2131) Deliver host-specific configuration parameters from DHCP server to host.

DHCP (RFC 2131) Deliver host-specific configuration parameters from DHCP server to host. Allocate network address to nodes: Automatic allocation: permanent assignment. Dynamic allocation: for a limited period of time. Manual

387 views • 9 slides
DHCP EAP Analysis or wheres my pony? Protocol overview

DHCP EAP Analysis or wheres my pony? Protocol overview

DHCP EAP Analysis or wheres my pony? Protocol overview EAP Encapsulated in DHCP Protocol DHCP protocol starts normally Relay (proxy)

881 views • 12 slides
Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC

Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC

Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC DHCP Open-Source First version released in 1997 Default DHCP software in many distributions Server/relay/client for IPv4 & IPv6

303 views • 13 slides
Borrow it, edit it, rework it ! Introduction Whats the mashup? Mashup is everywhere! The

Borrow it, edit it, rework it ! Introduction Whats the mashup? Mashup is everywhere! The

Borrow it, edit it, rework it ! Introduction Whats the mashup? Mashup is everywhere! The mashupers play with popular culture and It is creating a new audiovisual work by remixing, images that speak to everyone. going back, transforming

235 views • 8 slides
iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 6 14ws 1 Outline IPv4 Address Allocation NAT DHCP 2 Outline IPv4

543 views • 29 slides
... sclass1 sclass10 Net-linux Net-linux DHCP DHCP The lab has 10 dell systems. Each dell

... sclass1 sclass10 Net-linux Net-linux DHCP DHCP The lab has 10 dell systems. Each dell

Notes on Running Dsniff and the Lab Network Environment Cyber Security Lab 2/16/10 1 General Overview 1.1 Initial machine configuration Outside World DMZ Management 192.168.50.50 192.168.50.60 Dmz 192.168.50.0/24 FW1 Outside =

182 views • 4 slides
Laser Rework Capabilities Utilizing different laser wavelengths allow for selective removal

Laser Rework Capabilities Utilizing different laser wavelengths allow for selective removal

Laser Rework Capabilities Utilizing different laser wavelengths allow for selective removal of solder mask from metal surfaces leaving the metal surface intact and clean. Many other types of organic materials, dielectrics, and coatings

718 views • 12 slides
A SAVI Solution for DHCP Jun Bi, Jianping Wu, Guang Yao, Fred Baker draft ietf savi

A SAVI Solution for DHCP Jun Bi, Jianping Wu, Guang Yao, Fred Baker draft ietf savi

A SAVI Solution for DHCP Jun Bi, Jianping Wu, Guang Yao, Fred Baker draft ietf savi dhcp 01(02).txt IETF77, Anaheim Mar.23 2010 Outline Solution Basis Additional Features in 01(02) Version Next Step Solution Basis Basis

368 views • 26 slides
DHCP Relay Agent Assignment Notification Option IETF-64 Bernie Volz PD Route Injection

DHCP Relay Agent Assignment Notification Option IETF-64 Bernie Volz PD Route Injection

DHCP Relay Agent Assignment Notification Option IETF-64 Bernie Volz PD Route Injection Simple Cases 1. Delegating router is on same link as requesting router delegating router can manage the routing information 2. DHCP server

571 views • 7 slides
Weakening Aggregated Traffic of Weakening Aggregated Traffic of DHCP Discover Messages draft

Weakening Aggregated Traffic of Weakening Aggregated Traffic of DHCP Discover Messages draft

Weakening Aggregated Traffic of Weakening Aggregated Traffic of DHCP Discover Messages draft yang sunset4 weaken dhcp 00 draft yang sunset4 weaken dhcp 00 Tianle Yang, Lianyuan Li, Qiongfang Ma China Mobile China Mobile

535 views • 12 slides
Reusing Off-Spec Tortillas or The Secret of Turning Scrap Into Profit Rework Hpirk 09 15/2010

Reusing Off-Spec Tortillas or The Secret of Turning Scrap Into Profit Rework Hpirk 09 15/2010

Reusing Off-Spec Tortillas or The Secret of Turning Scrap Into Profit Rework Hpirk 09 15/2010 Show Me The Money Added Profit Based on Ingredient Cost: $ Cost of recoverable ingredients = average flour cost/lb 0.30 Available

135 views • 9 slides
iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 6 16ss 1 / 34 Motivation: IPv4 Address Scarcity source:

784 views • 54 slides
iLab NAT / DHCP Florian Wohlfart Minoo Rouhi lastname @in.tum.de Chair of Network Architectures

iLab NAT / DHCP Florian Wohlfart Minoo Rouhi lastname @in.tum.de Chair of Network Architectures

iLab NAT / DHCP Florian Wohlfart Minoo Rouhi lastname @in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 6 17ws 1 / 39 Outline Meta IPv4 Address Scarcity NAT IPv6

957 views • 59 slides
Naming DNS & DHCP Naming IP addresses allow global connectivity But theyre pretty

Naming DNS & DHCP Naming IP addresses allow global connectivity But theyre pretty

This time Digging into Networking Protocols Naming DNS & DHCP Naming IP addresses allow global connectivity But theyre pretty useless for humans! Cant be expected to pick their own IP address Cant be expected to

1.05k views • 80 slides
How Dynamic is the ISPs Address Space? Towards Internet-Wide DHCP Churn Estimation Giovane C. M.

How Dynamic is the ISPs Address Space? Towards Internet-Wide DHCP Churn Estimation Giovane C. M.

How Dynamic is the ISPs Address Space? Towards Internet-Wide DHCP Churn Estimation Giovane C. M. Moura , Carlos Gan, Qasim Lone, Payam Poursaied, Hadi Asghari, and Michel van Eeten

92 views • 6 slides
BootP and DHCP Flexible and Scalable Host Configuration 2005/03/11 (C) Herbert Haas

BootP and DHCP Flexible and Scalable Host Configuration 2005/03/11 (C) Herbert Haas

BootP and DHCP Flexible and Scalable Host Configuration 2005/03/11 (C) Herbert Haas Shortcomings of RARP Reverse Address Resolution Protocol Only IP Address distribution No subnet mask Using hardware address for identification

443 views • 29 slides
Summary Chapter 4 q IP Addressing v Network prefixes and Subnets v IP datagram format q DHCP

Summary Chapter 4 q IP Addressing v Network prefixes and Subnets v IP datagram format q DHCP

Smith College, CSC 249 March 2, 2018 1 Summary Chapter 4 q IP Addressing v Network prefixes and Subnets v IP datagram format q DHCP dynamic addressing v Obtain: own IP address Subnet mask, DNS server & first-hop v router IP address q

205 views • 20 slides
Broadcast-Multicast Service Controller Discovery via DHCP-Option-Codes

Broadcast-Multicast Service Controller Discovery via DHCP-Option-Codes

Broadcast-Multicast Service Controller Discovery via DHCP-Option-Codes draft-chowdhury-dhc-bcmcv4-option-00.txt draft-chowdhury-dhc-bcmcv6-option-00.txt Kuntal Chowdhury, chowdury@nortelnetworks.com Parviz Yegani, pyegani@cisco.com Lila

310 views • 10 slides
RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address

RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address

RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address Auto Configuration Prof. Anja Feldmann, Philipp S. Tiesel, Thorben Krger, Apoorv Shukla IPv6 Scoped Address Architecture IPv6 addresses have

679 views • 19 slides
DHCP Relay agent Request from Multi Address Pool (draft-zi-dhc-agent-request-multi-pool-00.txt)

DHCP Relay agent Request from Multi Address Pool (draft-zi-dhc-agent-request-multi-pool-00.txt)

DHCP Relay agent Request from Multi Address Pool (draft-zi-dhc-agent-request-multi-pool-00.txt) IETF 64 Author: Zi Kang zikang@huwei.com Presentation: Li Guanfeng liguanfeng@huawei.com Motivation In some applications there is a need for

127 views • 12 slides
Flow Analysis in a Wireless Environment with short DHCP Leases Sanket Parikh John McHugh Dept.

Flow Analysis in a Wireless Environment with short DHCP Leases Sanket Parikh John McHugh Dept.

Flow Analysis in a Wireless Environment with short DHCP Leases Sanket Parikh John McHugh Dept. of Computer Science Dalhousie University FlowCon 2008 Project Objectives Analysis of Wireless Network Data from University of Dartmouth

428 views • 14 slides
DNS, DHCP, IP address management KILIAN KRAUSE krause@tik.uni-stuttgart.de SIG NOC #1 TIK/NKS,

DNS, DHCP, IP address management KILIAN KRAUSE krause@tik.uni-stuttgart.de SIG NOC #1 TIK/NKS,

Universitt Stuttgart Computing center DDI + IPAM @ Uni Stuttgart DNS, DHCP, IP address management KILIAN KRAUSE krause@tik.uni-stuttgart.de SIG NOC #1 TIK/NKS, 2015-04-08 page 1 Universitt Stuttgart Computing center AGENDA 1.

1.48k views • 22 slides
Stanford NetDB- An Open Source Network Management Application for DNS, DHCP, IP Address Spaces,

Stanford NetDB- An Open Source Network Management Application for DNS, DHCP, IP Address Spaces,

Stanford NetDB- An Open Source Network Management Application for DNS, DHCP, IP Address Spaces, etc. http://stanfordnetdb.stanford.edu Sunia Yang sunia@stanford.edu Rob Riepel riepel@stanford.edu Stanford University

534 views • 28 slides

More recommend