nerd network emergency responder detector
play

NERD: Network Emergency Responder & Detector - PowerPoint PPT Presentation

Jan 20, 2023 •110 likes •309 views

NERD: Network Emergency Responder & Detector Wim.Biemolt@surfnet.nl 2 nd FloCon, Pittsburgh, September, 2005. High-quality I nternet for higher education and research SURFnet5 netw ork Operational Since September 2001

  1. NERD: Network Emergency Responder & Detector Wim.Biemolt@surfnet.nl 2 nd FloCon, Pittsburgh, September, 2005. High-quality I nternet for higher education and research

  2. SURFnet5 netw ork • Operational – Since September 2001 • Cisco 12416 routers • Backbone: 10Gbps • Connections: 1Gbps • Dual stack (6PE) • Incident detection – SURFnet & TNO: 2002 • Decommissioning – End of December 2005 High-quality I nternet for higher education and research

  3. I ncident response tools • SURFstat – mrtg/ rrdtool • Research – syslog – Netflow • promising at the required speeds (> 10 Gbps) • sampled ( ip flow-sampling-mode packet-interval 100 ) – Full data analysis requires high-end equipment • Prototype – cflowd (caida) • no longer supported – gnuplot, mysql, php – Not open-source High-quality I nternet for higher education and research

  4. Prototype High-quality I nternet for higher education and research

  5. Alarm High-quality I nternet for higher education and research

  6. Analyse High-quality I nternet for higher education and research

  7. Hardw are • Dell PowerEdge 1650 – 04-2002, RedHat 7 – 1x 1.4GHz, 1GB, 3x 36GB • Dell PowerEdge 2650 – 12-2003, FreeBSD 4.11 – 2x 3GHz, 4GB, 5x 146GB • Dell PowerEdge 2850 http://www.switch.ch/tf-tant/floma/sw/samplicator/ – 10-2004, FreeBSD 5.4 – 2x 3.4GHz, 6GB, 6x 146GB • Dell PowerEdge 2850 – 06-2005, FreeBSD 6.0 – 2x 3.6GHz, 4GB, 6x 300GB • SunFire V240 – 12-2004, Solaris 10 – 2x 1.5GHz, 4GB, 4x 146GB High-quality I nternet for higher education and research

  8. Som e specs of the new NERD • nerdd, analysis – boost libraries, MySQL database, php, plplot • Netflow versions – V5 (tested) – V9 (IPFIX) • Platforms tested – FreeBSD – Linux • Apache Open Source Licence v2.0 High-quality I nternet for higher education and research

  9. Softw are Architecture • Collector – Simple UDP receiver Config Stats Cron • Pre-processor – Source specific functions • Data kept in memory – Real-time analysis Collector Pre process -simple receive - filter • Data stored on disk - sanity check – Post analysis - buffering data collector Data Data Pre-process data source data source or data specific - router - netflow High-quality I nternet for higher education and research

  10. Real-tim e and post analysis • Real time analysis – Rules can be used for ‘real-time’ analysis • A rule is a combination of filters, clusters and a threshold for some metric (e.g. number of flows) – Example of a rule • Filter “port= 445”, cluster “dst IP”, threshold= 1000 flows/ min – Results in an alarm if a host receives more then 1000 flows/ min on TCP port 445 – Output formatting: alarm in database – Every x minutes the rules (1… n) are executed • Post analysis – Executed at user request – Rules without threshold – Output formatting: flow-tools like text file, graphical output High-quality I nternet for higher education and research

  11. Functionality – Filters & Clusters • Sample of Netflow data src prt dst prt 10.0.0.1 2000 10.0.0.2 23 10.0.0.3 1000 10.0.0.2 22 10.0.0.6 2000 10.0.0.2 22 10.0.0.1 1000 10.0.0.3 23 10.0.0.1 1000 10.0.0.3 23 • Example: filter “src port= 2000” src prt dst prt 10.0.0.1 2000 10.0.0.2 23 10.0.0.6 2000 10.0.0.2 22 • Example: filter, cluster “dst port” & count flows prt # of flows 22 1 23 1 High-quality I nternet for higher education and research

  12. Real-tim e analysis - configuration High-quality I nternet for higher education and research

  13. Alarm s High-quality I nternet for higher education and research

  14. Analysis – I Pv4 High-quality I nternet for higher education and research

  15. Analysis – I Pv6 High-quality I nternet for higher education and research

  16. SURFnet6 High-quality I nternet for higher education and research

  17. Current Research and Developm ent • Geant2 JRA2 – NERD is one of the monitoring toolsets • LOBSTER project – Integration • Student – Analysis and visualisation of worm behaviour • Ph.D. from Vrije Universiteit (VU) – Interaction of Netflow and Full Packet inspection • From application to framework – Other data sources, combining different data – Other data output High-quality I nternet for higher education and research

  18. Questions • More information and download of NERD – www.nerdd.org High-quality I nternet for higher education and research

Recommend

RECOMMENDATIONS EMERGENCY RESPONDER SUBGROUP Created in January 2019 Comprised of personnel

RECOMMENDATIONS EMERGENCY RESPONDER SUBGROUP Created in January 2019 Comprised of personnel

CAV EMERGENCY RESPONDER SUBGROUP RECOMMENDATIONS EMERGENCY RESPONDER SUBGROUP Created in January 2019 Comprised of personnel representing operational specialties such as Police, Fire/Rescue/EMS, and Highway Safety Service Patrols

323 views • 6 slides
www NAPSR org www NAPSR org www.NAPSR.org www.NAPSR.org Washington D.C. Washington D.C.

www NAPSR org www NAPSR org www.NAPSR.org www.NAPSR.org Washington D.C. Washington D.C.

www NAPSR org www NAPSR org www.NAPSR.org www.NAPSR.org Washington D.C. Washington D.C. December 9, 2011 December 9, 2011 EMERGENCY RESPONDER EMERGENCY RESPONDER EMERGENCY RESPONDER EMERGENCY RESPONDER FORUM FORUM State Pipeline Safety

526 views • 25 slides
The First Responder Test-Bed The First Responder Test-Bed Vision to Reality Presentation to ITS

The First Responder Test-Bed The First Responder Test-Bed Vision to Reality Presentation to ITS

The First Responder Test-Bed The First Responder Test-Bed Vision to Reality Presentation to ITS May 28, 2013 Barry Gander, Chair, NVA EVP, CATA 613-340-0701 bgander@cata.ca Networked Not Connected Surround the car occupant

397 views • 16 slides
GDN Global Detector Network and GAN MVL- Global Accelerator Network Multipurpose Virtual

GDN Global Detector Network and GAN MVL- Global Accelerator Network Multipurpose Virtual

GDN Global Detector Network and GAN MVL- Global Accelerator Network Multipurpose Virtual Laboratory architecture overview, existing operation and outlook of a global accelerator and detector network Sven Karstensen, DESY 1 contents

443 views • 25 slides
Total Trained: 475,968 TIM Responder Struck-By Fatalities SURVIVAL ALERT UPDATE 15

Total Trained: 475,968 TIM Responder Struck-By Fatalities SURVIVAL ALERT UPDATE 15

National TIM Responder Training Program Implementation Progress - As of May 18, 2020 Train-the-Trainer Sessions 465 sessions with 12,742 participants 23% of participants have provided training In-Person Responder Training 16,991

385 views • 11 slides
Responder Struck-By Fatalities SURVIVAL ALERT UPDATE Total of 44 Responder Struck-By

Responder Struck-By Fatalities SURVIVAL ALERT UPDATE Total of 44 Responder Struck-By

Responder Struck-By Fatalities SURVIVAL ALERT UPDATE Total of 44 Responder Struck-By fatalities in 2019. Already 7 fatalities have occurred since January 1 st : 2 - Firefighters/EMS Personnel 2 - Law Enforcement Officers 3 - Towing

252 views • 11 slides
An eye on emergency Eye Emergency App 2.0 Emergency Care Institute Leadership Forum 25 th

An eye on emergency Eye Emergency App 2.0 Emergency Care Institute Leadership Forum 25 th

An eye on emergency Eye Emergency App 2.0 Emergency Care Institute Leadership Forum 25 th August 2017 Sarah Jane Waller, Ophthalmology Network Manager Agency for Clinical Innovation @eyes_surg_aci @nswaci True or False? Pirates used

607 views • 12 slides
What is a Nerd? A historical and journalistic examination of the cultural psychology of outcast

What is a Nerd? A historical and journalistic examination of the cultural psychology of outcast

What is a Nerd? A historical and journalistic examination of the cultural psychology of outcast groups in contemporary North America by literary analysis and comparative case study Definition 1: Nerd http:/

343 views • 17 slides
QEMU AS A USB MTP RESPONDER Bandan Das <bsd@redhat.com> KVM Forum 2016 1 . 1 MULTIPLE

QEMU AS A USB MTP RESPONDER Bandan Das <bsd@redhat.com> KVM Forum 2016 1 . 1 MULTIPLE

QEMU AS A USB MTP RESPONDER Bandan Das <bsd@redhat.com> KVM Forum 2016 1 . 1 MULTIPLE WAYS TO SHARE FOLDERS, SUCH AS: Network based - NFS/Samba/SSHFS Device based Virtio - 9pfs, virtio-serial usb-mtp 2 . 1 ADVANTAGES/DISADVANTAGES

412 views • 20 slides
in Emergencies Veronica Bryant, Emergency Preparedness and Outbreak Coordinator Possible roles of

in Emergencies Veronica Bryant, Emergency Preparedness and Outbreak Coordinator Possible roles of

Environmental Health Role in Emergencies Veronica Bryant, Emergency Preparedness and Outbreak Coordinator Possible roles of EHS during disaster Food Safety Potable Water Wastewater Shelters Vector Control Responder Safety

291 views • 11 slides
EMERGING TOPICS IN SPORTS EMERGENCY CARE John Boulay B.Sc.,CAT(C), EMT-PCP, D.O.(Q) Certified

EMERGING TOPICS IN SPORTS EMERGENCY CARE John Boulay B.Sc.,CAT(C), EMT-PCP, D.O.(Q) Certified

26/12/2012 2013 Eastern Athletic Trainers Association Meeting and Clinical Symposium EMERGING TOPICS IN SPORTS EMERGENCY CARE John Boulay B.Sc.,CAT(C), EMT-PCP, D.O.(Q) Certified Athletic Therapist, Paramedic, Osteopath First Responder,

960 views • 77 slides
Emergency Plan Writing Houses of Worship and Faith Communities Safety Moment Safety Message

Emergency Plan Writing Houses of Worship and Faith Communities Safety Moment Safety Message

Emergency Plan Writing Houses of Worship and Faith Communities Safety Moment Safety Message Emergency Exits Evacuation Call 911 Role First Aid / CPR Role First Responder Contact Role Location of AEDs Location of

757 views • 56 slides
First Responder Curriculum Development Project: Mental Health & Resiliency-Building Neil

First Responder Curriculum Development Project: Mental Health & Resiliency-Building Neil

First Responder Curriculum Development Project: Mental Health & Resiliency-Building Neil Mackenzie ( RD ), CDIP Manager & Alexis Erickson ( MSW, RSW ), Mental Health Specialist October 17 th , 2019 Agenda First Responder Mental Health

477 views • 26 slides
Alabama First Responder Wireless Commission Alabama 9-1-1 Board 11/13/2014 Executive Order 34

Alabama First Responder Wireless Commission Alabama 9-1-1 Board 11/13/2014 Executive Order 34

Alabama First Responder Wireless Commission Alabama 9-1-1 Board 11/13/2014 Executive Order 34 Before Executive Order 34, no one body was tasked to work towards a resolution to the states first responder communication problems.

558 views • 24 slides
Emergency Services Network Outage Presented by: Katie Smoak PROPRIETARY AND CONFIDENTIAL AGENDA

Emergency Services Network Outage Presented by: Katie Smoak PROPRIETARY AND CONFIDENTIAL AGENDA

Emergency Services Network Outage Presented by: Katie Smoak PROPRIETARY AND CONFIDENTIAL AGENDA 1 Outage Root Cause Analysis 2 Emergency Services Call Impact 3 Risk Mitigation Efforts 4 Q&A EMERGENCY SERVICES MATTER Alaska

450 views • 10 slides
Strategic Plan for Detector R&D at Fermilab Petra Merkel Fermilab Detector R&D

Strategic Plan for Detector R&D at Fermilab Petra Merkel Fermilab Detector R&D

Strategic Plan for Detector R&D at Fermilab Petra Merkel Fermilab Detector R&D Coordinator September 27 th 2019 Detector R&D Organization at Fermilab Detector Advisory Group : ~15 experts of different detector technologies

908 views • 32 slides
1 National TIM Responder Training Program Implementation Progress - As of December 17, 2019

1 National TIM Responder Training Program Implementation Progress - As of December 17, 2019

1 National TIM Responder Training Program Implementation Progress - As of December 17, 2019 Train-the-Trainer Sessions 455 sessions with 12,542 participants 23% of participants have provided training In-Person Responder Training

328 views • 9 slides
Watch out behind you! Responder Safety on the Roadway WWW.ResponderSafety.com On the

Watch out behind you! Responder Safety on the Roadway WWW.ResponderSafety.com On the

Watch out behind you! Responder Safety on the Roadway WWW.ResponderSafety.com On the Highway Weve Got Your Back Original Incident Ladder 2 and Squad 2 arrive at 1923 hrs. Squad 2 positioned behind initial crash (Car #1)

315 views • 31 slides
IOAD 2019 Glueckert Funeral Home Overdose Responder Training Program OPIOID OVERDOSE

IOAD 2019 Glueckert Funeral Home Overdose Responder Training Program OPIOID OVERDOSE

IOAD 2019 Glueckert Funeral Home Overdose Responder Training Program OPIOID OVERDOSE PREVENTION & REVERSAL Overdose Responder Training Program 192 The number of Americans who will die today from a drug overdose. ( 70,080 + in 2017 -

841 views • 39 slides
Co-Responder Model Mental Health Training Data collection and analysis Community

Co-Responder Model Mental Health Training Data collection and analysis Community

Co-Responder Model Mental Health Training Data collection and analysis Community collaboration Co-Responder Video Mental Health Training Video Reduce the number of people with mental illness in jail Reduce the length of

336 views • 22 slides
The Outline: Be How to Be a were baptized (41b) Baptized First Responder to Be

The Outline: Be How to Be a were baptized (41b) Baptized First Responder to Be

Believe Those who received his word (41a) The Outline: Be How to Be a were baptized (41b) Baptized First Responder to Be and there were added that day about three Added thousand souls. (41c) the Gospel Be

639 views • 31 slides
The Outline: Be How to Be a were baptized (41b) Baptized First Responder to Be

The Outline: Be How to Be a were baptized (41b) Baptized First Responder to Be

Believe Those who received his word (41a) The Outline: Be How to Be a were baptized (41b) Baptized First Responder to Be and there were added that day about three Added thousand souls. (41c) the Gospel Be

740 views • 29 slides
The Outline: Be How to Be a were baptized (41b) Baptized First Responder to Be

The Outline: Be How to Be a were baptized (41b) Baptized First Responder to Be

Believe Those who received his word (41a) The Outline: Be How to Be a were baptized (41b) Baptized First Responder to Be and there were added that day about three Added thousand souls. (41c) the Gospel Be

662 views • 34 slides
Stability of the IMS Radionuclide Detector Network and Lessons Learned for Exotic

Stability of the IMS Radionuclide Detector Network and Lessons Learned for Exotic

Stability of the IMS Radionuclide Detector Network and Lessons Learned for Exotic Physics Searches Robert Lee, PhD, Maj, USAF Physics Department, USAF Academy Colorado Springs, CO Dan Animal Javorsek, PhD, Maj, USAF Air Force

419 views • 19 slides

More recommend