netflow use cases
play

NetFlow use cases ICmyNet / NetVizura Milo Zekovi, - PowerPoint PPT Presentation

Oct 02, 2023 •353 likes •629 views

NetFlow use cases ICmyNet / NetVizura Milo Zekovi, milos.zekovic@soneco.rs ICmyNet Chief Customer Officer Soneco d.o.o. Serbia Agenda ICmyNet / NetVizura overview Use cases / case studies Statistics per exporter/interfaces Traffic

  1. NetFlow use cases ICmyNet / NetVizura Miloš Zeković, milos.zekovic@soneco.rs ICmyNet Chief Customer Officer Soneco d.o.o. Serbia

  2. Agenda ICmyNet / NetVizura overview Use cases / case studies Statistics per exporter/interfaces Traffic Patterns – NREN case study DoS Attack – case study Statistics with no netflow capable device – case study Other use cases Questions Miloš Zeković 2 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  3. ICmyNet / NetVizura ICmyNet → NetVizura: Rebranding in progress NetFlow Analyzer (ICmyNet.Flow) Statistics per Traffic Patterns and subnets Statistics per exporter/interfaces (v4) Statistics for each node, IP hierarchy More at www.icmynet.com Free Academic Network Program Miloš Zeković 3 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  4. Exporter/interface statistic NetFlow enabled: All significant exporters and their interfaces All on ingress or egress Top exporters and interfaces Top talkers by interface, host, service, … Throughput and Volume Bit/s, packet/s, flow/s In/Out + dst/src (host, services, AS) Miloš Zeković 4 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  5. Exporter/interface statistic (2) Miloš Zeković 5 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  6. NREN CS - challenge AMRES, Serbian NREN 150+ member organisations 150 000 active users Traffic Analysis per member Geographically dispersed Hierarchical network: regions, cities, institutions IP address/subnet != member Archive network logs for 1 year Miloš Zeković 6 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  7. NREN CS - Solution Deployment Cisco NetFlow enabled on 2 central routers ICmyNet.Flow installed on 1 server Configuration of ICmyNet.Flow Members = subnets and Subnet Sets Specific traffic isolated with Traffic Patterns NetFlow records in Raw Data Miloš Zeković 7 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  8. NREN CS - Solution (2) Traffic Pattern Specific traffic between two networks Miloš Zeković 8 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  9. NREN CS - Solution (3) Miloš Zeković 9 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  10. NREN CS – solution (4) Miloš Zeković 10 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  11. NREN CS – Solution (3) Miloš Zeković 11 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  12. NREN CS - Results Two NetFlow devices – full network statistic Statistic per member Statistic independent to network topology Bandwidth utilization understanding Increased security awareness Miloš Zeković 12 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  13. DoS Attack CS Miloš Zeković 13 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  14. DoS Attack CS (2) Miloš Zeković 14 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  15. DoS Attack CS (3) Miloš Zeković 15 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  16. DoS Attack CS (4) Miloš Zeković 16 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  17. DoS Attack CS (5) Charts: Bits and packets traffic looks normal Flows traffic shows an anomaly Anomaly related to UDP protocol and DNS service Host identified (top talker for DNS flows) Raw Data: Filtered by host, protocol and service port Grouped by destination IP addresses Miloš Zeković 17 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  18. DoS Attack CS – results (6) Isolated destinations with large number of DNS conversations In several clicks: Attacker discovered Type of attack determined Victims identified Miloš Zeković 18 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  19. No NetFlow devices CS - challenge DZ Palilula, primary healthcare center, Serbia One main clinic with local clinic network Centralized Healthcare software system Access through server in main clinic Leased network devices (L3VPN) No NetFlow enabled devices No device access Privacy issues - patient medical data Miloš Zeković 19 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  20. No NetFlow devices CS - solution NetFlow probe - SoftFlowd installed on two server interfaces: to clinics and to database Netflow data exported to ICmyNet Server Privacy - NetFlow only monitors statistic, not traffic content Local clinics identified by IP addresses Subnets for each clinic and their department Service/Application monitor Traffic Pattern for each service/application of interest Miloš Zeković 20 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  21. No NetFlow devices CS - Results NetFlow statistics without NetFlow devices No devices purchased Statistics per clinic and department Statistics per service of interest Better planning for future leased links and speed Most active personnel and departments identified Periods of most activity identified L3VPN link speed optimization per clinic Better service reliability Miloš Zeković 21 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  22. Other use cases Alarms Threshold based Faster reaction Reaction when needed Conversations Identify top End to end talkers Bandwidth management Monitor specific services or traffic (Viber, YouTube etc.) Implement QoS policies Miloš Zeković 22 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  23. Other use cases (2) Blocked traffic Interface out is 0 (traffic pattern) Firewall check Mitigated attacks check “Rare” protocols Monitor protocols other than TCP and UDP (99%) Specific ports Most attacks utilize open ports on several applications Miloš Zeković 23 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  24. Question time Questions? Miloš Zeković 24 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  25. Thank you Miloš Zeković 25 / 26 8 th September 2014 ICmyNet Chief Customer Officer Soneco, d.o.o. Serbia

  26. NetFlow use cases ICmyNet / NetVizura Miloš Zeković, milos.zekovic@soneco.rs ICmyNet Chief Customer Officer Soneco d.o.o. Serbia

Recommend

NetFlow Ne t wor k M a na g e me nt W or k s h op APRI COT 2010 Kua l a Lumpur Contents

NetFlow Ne t wor k M a na g e me nt W or k s h op APRI COT 2010 Kua l a Lumpur Contents

NetFlow Ne t wor k M a na g e me nt W or k s h op APRI COT 2010 Kua l a Lumpur Contents Netflow What it is and how it works Uses and Applications Vendor Configurations/Implementation Cisco and Juniper NetFlow tools

1.24k views • 62 slides
Overview of NetFlow NetFlow and ITSG -33 Existing Monitoring Tools Network

Overview of NetFlow NetFlow and ITSG -33 Existing Monitoring Tools Network

Overview of NetFlow NetFlow and ITSG -33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A What t is NetFlow? Network protocol originally developed by Cisco

560 views • 21 slides
Using of time characteristic in Netflow data for improvement of protocol detection P. Piska,

Using of time characteristic in Netflow data for improvement of protocol detection P. Piska,

Using of time characteristic in Netflow data for improvement of protocol detection P. Piska, J. Novotn, {piskac|novotny}@ics.muni.cz 3rd NMRG Workshop on NetFlow/IPFIX Usage in Network Management July 30, 2010, Maastricht, The Netherlands

479 views • 26 slides
NetFlow Analysis Jonzy Data Security Analysis, Sr. Information Security Office NetFlow Analysis

NetFlow Analysis Jonzy Data Security Analysis, Sr. Information Security Office NetFlow Analysis

NetFlow Analysis Jonzy Data Security Analysis, Sr. Information Security Office NetFlow Analysis Intrusion Detection, Protection, and Usage Reporting NetFlow is a cornucopia of information that allows for: Intrusion Detection, Bandwidth usage,

665 views • 17 slides
NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using

NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using

NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using NetFlow data By: Joey Dreijer, Student OS3 5-07-14 1 NetFlow Analysis: Detecting covert channels on the network Gathering NetFlow data

346 views • 16 slides
nProbe: an Open Source NetFlow Probe for Gigabit Networks Luca Deri <deri@ntop.org>

nProbe: an Open Source NetFlow Probe for Gigabit Networks Luca Deri <deri@ntop.org>

nProbe: an Open Source NetFlow Probe for Gigabit Networks Luca Deri <deri@ntop.org> NetFlow Traffic Monitoring Cisco NetFlow is a commercial standard for network monitoring and accounting Many companies (e.g. Cisco, Juniper,

430 views • 14 slides
Malware Detection From The Network Perspective Using NetFlow Data P. eleda, J. Vykopal, T.

Malware Detection From The Network Perspective Using NetFlow Data P. eleda, J. Vykopal, T.

Malware Detection From The Network Perspective Using NetFlow Data P. eleda, J. Vykopal, T. Plesnk, M. Truneka, V. Krmek {celeda|vykopal|plesnik|trunecka|vojtec}@ics.muni.cz 3rd NMRG Workshop on NetFlow/IPFIX Usage in Network

1.19k views • 36 slides
Detecting Botnets with NetFlow V. Krmek, T. Plesnk {vojtec|plesnik}@ics.muni.cz FloCon

Detecting Botnets with NetFlow V. Krmek, T. Plesnk {vojtec|plesnik}@ics.muni.cz FloCon

Detecting Botnets with NetFlow V. Krmek, T. Plesnk {vojtec|plesnik}@ics.muni.cz FloCon 2011, January 12, Salt Lake City, Utah Presentation Outline NetFlow Monitoring at MU Chuck Norris Botnet in a Nutshell Botnet Detection Methods

906 views • 63 slides
Building a better NetFlow (to appear in SIGCOMM 2004) Cristian Estan, Ken Keys, David Moore,

Building a better NetFlow (to appear in SIGCOMM 2004) Cristian Estan, Ken Keys, David Moore,

Building a better NetFlow (to appear in SIGCOMM 2004) Cristian Estan, Ken Keys, David Moore, George Varghese University of California, San Diego IETF60 Aug 4, 2004 IPFIX WG UCSD CSE Disclaimers "NetFlow" used

510 views • 26 slides
Security Hands-on @ Pavilion Stream + NetFlow for Security & Insider Threat Detection Kelly

Security Hands-on @ Pavilion Stream + NetFlow for Security & Insider Threat Detection Kelly

Security Hands-on @ Pavilion Stream + NetFlow for Security & Insider Threat Detection Kelly Feagans | Sales Engineering September 2017 | Washington, DC Objective OBJECTIVE Learn how to use NetFlow with the Splunk Stream Forwarder for

444 views • 20 slides
Milan ermk Daniel Tovark, Martin Latovika, Pavel eleda NetFlow/IPFIX Monitoring

Milan ermk Daniel Tovark, Martin Latovika, Pavel eleda NetFlow/IPFIX Monitoring

A Performance Benchmark for NetFlow Data Analysis on Distributed Stream Processing Systems NOMS 2016 Wednesday 27 th April, 2016 Milan ermk Daniel Tovark, Martin Latovika, Pavel eleda NetFlow/IPFIX Monitoring and Analysis

606 views • 23 slides
Data Fusion Enhancing NetFlow Graph Analytics EMILIE PURVINE, BRYAN OLSEN, CLIFF JOSLYN Pacific

Data Fusion Enhancing NetFlow Graph Analytics EMILIE PURVINE, BRYAN OLSEN, CLIFF JOSLYN Pacific

Data Fusion Enhancing NetFlow Graph Analytics EMILIE PURVINE, BRYAN OLSEN, CLIFF JOSLYN Pacific Northwest National Laboratory FloCon 2016 Outline Introduction NetFlow Windows Event Log data Remote Desktop Protocol (RDP) sessions Approach

510 views • 32 slides
Tranalyzer Netflow extension It's the network go fix it! 2 Features

Tranalyzer Netflow extension It's the network go fix it! 2 Features

Tranalyzer Netflow extension It's the network go fix it! 2 Features Command-line based GUI: Traviz Extendable by plugins Fast and simple Practitioners: Anomaly and security related flags Researchers: Full

395 views • 11 slides
Netflow, Flow-tools tutorial Gaurab Raj Upadhaya SANOG X Workshop : 29 September -7 August 2007,

Netflow, Flow-tools tutorial Gaurab Raj Upadhaya SANOG X Workshop : 29 September -7 August 2007,

Netflow, Flow-tools tutorial Gaurab Raj Upadhaya SANOG X Workshop : 29 September -7 August 2007, New Delhi Agenda Agenda bashing Do you want to see the labs, or want to discuss issues Netflow What it is and how it works

1.1k views • 91 slides
Florida COVID-19 Cases COVID-19 Cases Hillsborough COVID-19 Cases Orange COVID-19 Cases

Florida COVID-19 Cases COVID-19 Cases Hillsborough COVID-19 Cases Orange COVID-19 Cases

Florida COVID-19 Cases COVID-19 Cases Hillsborough COVID-19 Cases Orange COVID-19 Cases Duval Suspended visitation and Developed 120 ambulance Deployed Rapid mandated staff screening assessment teams to Emergency Support Teams

394 views • 12 slides
NetFlow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0

NetFlow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0

Advanced Registry Operations Curriculum NetFlow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) as part of the ICANN, ISOC and NSRC

1.04k views • 63 slides
THE RESEARCH Assault 82,235 cases of assault on 64,519 cases Women Kidnapping women /

THE RESEARCH Assault 82,235 cases of assault on 64,519 cases Women Kidnapping women /

THE RESEARCH Assault 82,235 cases of assault on 64,519 cases Women Kidnapping women / 38,947 rape cases / 54,723 cases - Children Missing 55,625 not found Stalking 18,000 cases Children Burglary 1,11,746 cases Robbery 31,906 cases

352 views • 7 slides
Use Cases Use Cases Use Use cases cases 2003 Giorgini Information Acquisition -- 1 Basi

Use Cases Use Cases Use Use cases cases 2003 Giorgini Information Acquisition -- 1 Basi

Basi di Dati e Sistemi Informativi II Use Cases Use Cases Use Use cases cases 2003 Giorgini Information Acquisition -- 1 Basi di Dati e Sistemi Informativi II Use Cases Diagrams Textual descriptions of the functionality of the system

437 views • 9 slides
On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate

On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate

On the challenges of network traffic classification with NetFlow/IPFIX Pere Barlet-Ros Associate Professor at UPC BarcelonaTech (pbarlet@ac.upc.edu) Joint work with: Valentn Carela-Espaol, Tomasz Bujlow and Josep Sol-Pareta This project

544 views • 26 slides
COVID-19 Press Briefing May 1, 2020 CCBH Cases Lab-confirmed cases 1,237 Probable

COVID-19 Press Briefing May 1, 2020 CCBH Cases Lab-confirmed cases 1,237 Probable

COVID-19 Press Briefing May 1, 2020 CCBH Cases Lab-confirmed cases 1,237 Probable cases 441 Total cases 1,678 Age range 1week 101 years old Sex Female 54% Male 46% CCBH Cases Date of illness onset

159 views • 15 slides
Indicator Expansion Techniques Tracking Cyber Threats via DNS and Netflow Analysis United

Indicator Expansion Techniques Tracking Cyber Threats via DNS and Netflow Analysis United

Indicator Expansion Techniques Tracking Cyber Threats via DNS and Netflow Analysis United States Computer Emergency Readiness Team (US-CERT) Detection and Analysis January 2011 Background As the number or compromises escalates and our

182 views • 15 slides
Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering

Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering

Peer-to-Peer Botnet Detection Using NetFlow Connor Dillon System and Network Engineering University of Amsterdam Master thesis presentation, July 3 rd 2014 Supervisor: Pepijn Janssen RedSocks Botnets Large group of infected computers,

610 views • 23 slides
CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow

CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow

CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow Probes Martin Rehak, Pavel Celeda, Michal Pechoucek, Jiri Novotny CESNET, z. s. p. o. Gerstner Laboratory - Agent Technology Center Department of

305 views • 29 slides
Conformal Clustering and its Application to Botnet Traffic Giovanni Cherubin, Ilia Nouretdinov,

Conformal Clustering and its Application to Botnet Traffic Giovanni Cherubin, Ilia Nouretdinov,

Conformal Clustering and its Application to Botnet Traffic Giovanni Cherubin, Ilia Nouretdinov, Alexander Gammerman Roberto Jordaney, Zhi Wang, Davide Papini, Lorenzo Cavallaro Netflow, network traces Internet Bot TCP/ netflow Date

576 views • 20 slides

More recommend