This document summarizes the history of bots and botnets, how botnets are controlled and used for criminal activities like DDoS attacks and spamming, and the large harms they cause. It discusses how botnets can include millions of compromised systems and generate huge amounts of attack traffic to bring down websites. The document also outlines approaches for detecting and mitigating botnets, including using darknets and honeypots to analyze anomalous traffic and identify infected systems.
Network and TCP performance relationship workshopKae Hsu
The document discusses TCP performance factors and techniques to improve TCP performance in network environments. It covers TCP operation principles, factors that impact TCP performance like packet loss, out-of-order packets, and congestion. It also discusses approaches to improve performance through the network like reducing packet loss and congestion, and through appliances like TCP offloading and optimization to reduce system resource usage.
How To Process And Solve Network Security In ISPKae Hsu
This document discusses security issues and solutions for Internet service providers (ISPs). It covers:
1. Implementing security on the control plane and data plane from both physical and logical positions. This includes securing routers, routing information, and event logging.
2. Examples of control plane security include router access control lists, authenticated routing protocols, route validation databases, and limiting route prefixes.
3. Data plane security focuses on preventing unauthorized packet flows and denial of service attacks on the ISP network.
FEGTS IP Training - Network Diagnostic IntroductionKae Hsu
This document provides an agenda and overview for an IP network diagnostic training session. The training will cover network diagnostic concepts, hostname resolution verification using nslookup and dig, network connection verification using ping and traceroute, and application condition verification. It includes examples of using these tools and concepts like ICMP packets, TTL, and troubleshooting network reachability. The goal is for students to understand basic network troubleshooting principles and tools.
Rawnet Lightning Talk - 'What is an idea & how do you create them?'Rawnet
This document discusses what ideas are and how to generate them. It defines an idea as a new combination of old elements. It then provides five exercises to help generate ideas: thinking laterally, drawing the problem and solution, challenging assumptions, considering parallel worlds, and reverse thinking. The document outlines a five stage process for developing an idea: 1) gather raw material, 2) digest the material, 3) undergo unconscious processing, 4) have an "A-ha" moment of insight, and 5) test the idea in reality. Finally, it emphasizes looking for connections between facts and allowing ideas to incubate unconsciously as keys to developing new ideas.
Web Components allow developers to create reusable custom elements that encapsulate HTML, CSS, and JavaScript. They include four specifications: HTML Imports for including and reusing HTML documents; Shadow DOM for encapsulating styles and scripts; Custom Elements for defining new types of HTML elements; and HTML Templates for declaring chunks of reusable markup. These specifications enable more modular and reusable component-based web development.
Network and TCP performance relationship workshopKae Hsu
The document discusses TCP performance factors and techniques to improve TCP performance in network environments. It covers TCP operation principles, factors that impact TCP performance like packet loss, out-of-order packets, and congestion. It also discusses approaches to improve performance through the network like reducing packet loss and congestion, and through appliances like TCP offloading and optimization to reduce system resource usage.
How To Process And Solve Network Security In ISPKae Hsu
This document discusses security issues and solutions for Internet service providers (ISPs). It covers:
1. Implementing security on the control plane and data plane from both physical and logical positions. This includes securing routers, routing information, and event logging.
2. Examples of control plane security include router access control lists, authenticated routing protocols, route validation databases, and limiting route prefixes.
3. Data plane security focuses on preventing unauthorized packet flows and denial of service attacks on the ISP network.
FEGTS IP Training - Network Diagnostic IntroductionKae Hsu
This document provides an agenda and overview for an IP network diagnostic training session. The training will cover network diagnostic concepts, hostname resolution verification using nslookup and dig, network connection verification using ping and traceroute, and application condition verification. It includes examples of using these tools and concepts like ICMP packets, TTL, and troubleshooting network reachability. The goal is for students to understand basic network troubleshooting principles and tools.
Rawnet Lightning Talk - 'What is an idea & how do you create them?'Rawnet
This document discusses what ideas are and how to generate them. It defines an idea as a new combination of old elements. It then provides five exercises to help generate ideas: thinking laterally, drawing the problem and solution, challenging assumptions, considering parallel worlds, and reverse thinking. The document outlines a five stage process for developing an idea: 1) gather raw material, 2) digest the material, 3) undergo unconscious processing, 4) have an "A-ha" moment of insight, and 5) test the idea in reality. Finally, it emphasizes looking for connections between facts and allowing ideas to incubate unconsciously as keys to developing new ideas.
Web Components allow developers to create reusable custom elements that encapsulate HTML, CSS, and JavaScript. They include four specifications: HTML Imports for including and reusing HTML documents; Shadow DOM for encapsulating styles and scripts; Custom Elements for defining new types of HTML elements; and HTML Templates for declaring chunks of reusable markup. These specifications enable more modular and reusable component-based web development.
The document summarizes suggestions for migrating to 4-byte AS numbers in BGP. It discusses upgrading routers in a network in stages, beginning with either border routers, route reflectors, or iBGP clients. While this approach is acceptable, operational issues still need to be considered, such as how to handle AS paths if a border router does not support 4-byte AS numbers. The document provides examples of different upgrading strategies and considerations for various common BGP configurations.
This document outlines test scenarios for 4-byte autonomous system numbers (ASNs) in BGP. It discusses: 1) an overview of 4-byte ASNs including the original 2-byte encoding and expanded 4-byte encoding; 2) BGP capabilities for advertising support of 4-byte ASNs; 3) updates to the AS_PATH and AS_AGGREGATOR attributes to support 4-byte ASNs; 4) new optional AS4_PATH and AS4_AGGREGATOR attributes to carry 4-byte ASNs; and 5) proposed test scenarios involving different combinations of 2-byte and 4-byte ASNs traveling through each other and being aggregated.
Noisy information transmission through molecular interaction networksMichael Stumpf
The document discusses cellular decision making processes and how reliably information is transmitted from a cell's environment to its nucleus. It examines how signal transduction networks process and transmit signals, and how intrinsic and extrinsic noise can distort the signal transmission. Some counterintuitive results are observed, such as noise overwhelming the signal or inducing apparent correlations, which reflect the interplay between network dynamics and multiple noise sources. The document also explores modeling intrinsic noise using stoichiometric matrices to represent molecular reactions and species changes.
The document discusses using semantic technologies like XML, RDF, and OWL to represent data on the web in a structured format that is accessible to machines. It describes two main approaches for accessing semantic data on the deep web: ontology plug-in search and deep web service annotation. Both approaches require a semantic web crawler or bot to harvest concepts from deep web forms and iteratively link them to build enriched ontologies that define domain terms and relationships to provide machine-interpretable meaning.
If you are new to the internet or have been a long-time user but would like to know more about how it works, this class is for you! Do you have a website or are you just starting to think about getting one? Whether you are going to hire a professional firm or go it alone, this course will cover everything you need to get started!
How internet works and how messages are transferred in Internetpagetron
An infographic from http://pagetron.com explains how an email travels through the internet from a user's device connected to their internet service provider's network through routers and optical backbones to reach a mail server like Yahoo mail, where the email is stored and then loaded to the user's computer when they access their email through a web browser.
This document summarizes a presentation on supporting IPv6 with software defined networking (SDN) and network functions virtualization (NFV). It defines SDN as separating the control plane and data plane in networks to allow for programmable, automated configuration changes. OpenFlow is described as an SDN protocol. NFV aims to virtualize network functions to run on virtual machines. Current carrier-grade NAT (CGNAT) solutions are hardware-based, while SDN/NFV could allow for a virtualized CGNAT with benefits like dynamic load adjustment and disaster recovery. The future of networking is predicted to involve open source SDN controllers and virtual switches running on commercial and open source platforms.
The document discusses CDNs and their evolution. It describes how early CDNs used server farms and caching to improve performance. Modern CDNs now use global server load balancing to distribute content across many locations worldwide. CDNs work by caching content at edge servers close to users to improve response times. This raises issues for ISPs, as DNS responses and traffic patterns may be impacted. The document considers both challenges CDNs pose for ISPs and potential aggressive strategies ISPs could employ to handle CDN traffic.
The document discusses how the Internet works at a high level. It covers Internet topology, elements like IP addresses, autonomous systems, routers and switches. It describes routing protocols used within and between autonomous systems. It also discusses Internet security, MPLS, and how routing is performed between Internet service providers.
Redundant Internet service provision - customer viewpointKae Hsu
The document discusses redundant internet service provision from the customer's viewpoint. It covers the requirement for redundancy, different types including backup, load-sharing and multihoming. It also discusses the challenges for service providers in providing redundant services, such as needing new equipment and routing architectures. Solutions for customers are explored, as well as other issues like MPLS VPNs. The next challenges in the area are also noted.
This document provides an overview of the history and development of the Internet. It discusses how internetworking connects local area networks and wide area networks using TCP/IP protocols. The domain name system assigns names and addresses to networked computers. The document outlines various Internet services like email, file transfer, and the World Wide Web. It also describes tools used to access and develop content on the World Wide Web, including web servers, browsers, search engines, and multimedia plugins.
This document provides an introduction to computer networking, including definitions of networking concepts and an overview of network topologies. It defines a network as connecting two or more computers to share resources like files, printers, and disk drives. There are different types of network topologies including bus, star, ring, and mesh, each with their own advantages and disadvantages in terms of cost, ease of installation and reconfiguration, and fault tolerance. The document also discusses network hardware, software, client/server models, and the roles of local, wide, and metropolitan area networks.
Research Inventy : International Journal of Engineering and Scienceresearchinventy
Research Inventy : International Journal of Engineering and Science is published by the group of young academic and industrial researchers with 12 Issues per year. It is an online as well as print version open access journal that provides rapid publication (monthly) of articles in all areas of the subject such as: civil, mechanical, chemical, electronic and computer engineering as well as production and information technology. The Journal welcomes the submission of manuscripts that meet the general criteria of significance and scientific excellence. Papers will be published by rapid process within 20 days after acceptance and peer review process takes only 7 days. All articles published in Research Inventy will be peer-reviewed.
This document discusses the growing threat of DDoS attacks fueled by insecure IoT devices. It provides statistics showing a rise in the size and frequency of DDoS attacks in 2016. Specifically, it notes a peak attack of 579Gbps in 2016 compared to 335Gbps in 2015. It also details characteristics of the powerful Mirai botnet, which has been used to launch major attacks exceeding 600Gbps. Finally, it offers best practices for organizations to help mitigate risks from DDoS attacks, such as deploying multi-layered protection and implementing anti-spoofing mechanisms.
This document provides an overview of distributed denial of service (DDoS) attacks, including how they work, common techniques used, and strategies for mitigating them. It defines DDoS attacks as attempts to exhaust the resources of networks, applications, or services to deny access to legitimate users. The document discusses how botnets are commonly used to launch large-scale DDoS attacks from multiple sources simultaneously. It also outlines best practices for selecting DDoS protection devices, emphasizing the importance of up-to-date detection techniques, low latency, and customized hardware-based logic to withstand major attacks.
Sergey Gordeychik gave a presentation on how to hack telecom networks and stay alive. He discussed that telecom networks have many perimeters including subscribers, partners, offices, and technology networks. He outlined specific attacks such as gaining unauthorized access to subscriber self-service portals or exploiting vulnerabilities in VoIP infrastructure. Gordeychik emphasized that telecom networks are complex with many third-party systems, exotic technologies, and administrative issues that can enable attacks if not properly secured. Forensics after an attack can also be very challenging in these large, dynamic networks.
This document discusses botnet detection techniques. It begins by defining what a botnet is and how botnets are used to conduct cybercrimes. It then outlines several botnet detection methods including signature-based detection, anomaly-based detection, DNS-based detection, mining-based detection, and using honeypots and honeynets. Specific examples of botnets and worst affected countries are also provided. The document concludes by emphasizing the threat posed by botnets and importance of detecting and preventing botnet attacks.
The document summarizes suggestions for migrating to 4-byte AS numbers in BGP. It discusses upgrading routers in a network in stages, beginning with either border routers, route reflectors, or iBGP clients. While this approach is acceptable, operational issues still need to be considered, such as how to handle AS paths if a border router does not support 4-byte AS numbers. The document provides examples of different upgrading strategies and considerations for various common BGP configurations.
This document outlines test scenarios for 4-byte autonomous system numbers (ASNs) in BGP. It discusses: 1) an overview of 4-byte ASNs including the original 2-byte encoding and expanded 4-byte encoding; 2) BGP capabilities for advertising support of 4-byte ASNs; 3) updates to the AS_PATH and AS_AGGREGATOR attributes to support 4-byte ASNs; 4) new optional AS4_PATH and AS4_AGGREGATOR attributes to carry 4-byte ASNs; and 5) proposed test scenarios involving different combinations of 2-byte and 4-byte ASNs traveling through each other and being aggregated.
Noisy information transmission through molecular interaction networksMichael Stumpf
The document discusses cellular decision making processes and how reliably information is transmitted from a cell's environment to its nucleus. It examines how signal transduction networks process and transmit signals, and how intrinsic and extrinsic noise can distort the signal transmission. Some counterintuitive results are observed, such as noise overwhelming the signal or inducing apparent correlations, which reflect the interplay between network dynamics and multiple noise sources. The document also explores modeling intrinsic noise using stoichiometric matrices to represent molecular reactions and species changes.
The document discusses using semantic technologies like XML, RDF, and OWL to represent data on the web in a structured format that is accessible to machines. It describes two main approaches for accessing semantic data on the deep web: ontology plug-in search and deep web service annotation. Both approaches require a semantic web crawler or bot to harvest concepts from deep web forms and iteratively link them to build enriched ontologies that define domain terms and relationships to provide machine-interpretable meaning.
If you are new to the internet or have been a long-time user but would like to know more about how it works, this class is for you! Do you have a website or are you just starting to think about getting one? Whether you are going to hire a professional firm or go it alone, this course will cover everything you need to get started!
How internet works and how messages are transferred in Internetpagetron
An infographic from http://pagetron.com explains how an email travels through the internet from a user's device connected to their internet service provider's network through routers and optical backbones to reach a mail server like Yahoo mail, where the email is stored and then loaded to the user's computer when they access their email through a web browser.
This document summarizes a presentation on supporting IPv6 with software defined networking (SDN) and network functions virtualization (NFV). It defines SDN as separating the control plane and data plane in networks to allow for programmable, automated configuration changes. OpenFlow is described as an SDN protocol. NFV aims to virtualize network functions to run on virtual machines. Current carrier-grade NAT (CGNAT) solutions are hardware-based, while SDN/NFV could allow for a virtualized CGNAT with benefits like dynamic load adjustment and disaster recovery. The future of networking is predicted to involve open source SDN controllers and virtual switches running on commercial and open source platforms.
The document discusses CDNs and their evolution. It describes how early CDNs used server farms and caching to improve performance. Modern CDNs now use global server load balancing to distribute content across many locations worldwide. CDNs work by caching content at edge servers close to users to improve response times. This raises issues for ISPs, as DNS responses and traffic patterns may be impacted. The document considers both challenges CDNs pose for ISPs and potential aggressive strategies ISPs could employ to handle CDN traffic.
The document discusses how the Internet works at a high level. It covers Internet topology, elements like IP addresses, autonomous systems, routers and switches. It describes routing protocols used within and between autonomous systems. It also discusses Internet security, MPLS, and how routing is performed between Internet service providers.
Redundant Internet service provision - customer viewpointKae Hsu
The document discusses redundant internet service provision from the customer's viewpoint. It covers the requirement for redundancy, different types including backup, load-sharing and multihoming. It also discusses the challenges for service providers in providing redundant services, such as needing new equipment and routing architectures. Solutions for customers are explored, as well as other issues like MPLS VPNs. The next challenges in the area are also noted.
This document provides an overview of the history and development of the Internet. It discusses how internetworking connects local area networks and wide area networks using TCP/IP protocols. The domain name system assigns names and addresses to networked computers. The document outlines various Internet services like email, file transfer, and the World Wide Web. It also describes tools used to access and develop content on the World Wide Web, including web servers, browsers, search engines, and multimedia plugins.
This document provides an introduction to computer networking, including definitions of networking concepts and an overview of network topologies. It defines a network as connecting two or more computers to share resources like files, printers, and disk drives. There are different types of network topologies including bus, star, ring, and mesh, each with their own advantages and disadvantages in terms of cost, ease of installation and reconfiguration, and fault tolerance. The document also discusses network hardware, software, client/server models, and the roles of local, wide, and metropolitan area networks.
Research Inventy : International Journal of Engineering and Scienceresearchinventy
Research Inventy : International Journal of Engineering and Science is published by the group of young academic and industrial researchers with 12 Issues per year. It is an online as well as print version open access journal that provides rapid publication (monthly) of articles in all areas of the subject such as: civil, mechanical, chemical, electronic and computer engineering as well as production and information technology. The Journal welcomes the submission of manuscripts that meet the general criteria of significance and scientific excellence. Papers will be published by rapid process within 20 days after acceptance and peer review process takes only 7 days. All articles published in Research Inventy will be peer-reviewed.
This document discusses the growing threat of DDoS attacks fueled by insecure IoT devices. It provides statistics showing a rise in the size and frequency of DDoS attacks in 2016. Specifically, it notes a peak attack of 579Gbps in 2016 compared to 335Gbps in 2015. It also details characteristics of the powerful Mirai botnet, which has been used to launch major attacks exceeding 600Gbps. Finally, it offers best practices for organizations to help mitigate risks from DDoS attacks, such as deploying multi-layered protection and implementing anti-spoofing mechanisms.
This document provides an overview of distributed denial of service (DDoS) attacks, including how they work, common techniques used, and strategies for mitigating them. It defines DDoS attacks as attempts to exhaust the resources of networks, applications, or services to deny access to legitimate users. The document discusses how botnets are commonly used to launch large-scale DDoS attacks from multiple sources simultaneously. It also outlines best practices for selecting DDoS protection devices, emphasizing the importance of up-to-date detection techniques, low latency, and customized hardware-based logic to withstand major attacks.
Sergey Gordeychik gave a presentation on how to hack telecom networks and stay alive. He discussed that telecom networks have many perimeters including subscribers, partners, offices, and technology networks. He outlined specific attacks such as gaining unauthorized access to subscriber self-service portals or exploiting vulnerabilities in VoIP infrastructure. Gordeychik emphasized that telecom networks are complex with many third-party systems, exotic technologies, and administrative issues that can enable attacks if not properly secured. Forensics after an attack can also be very challenging in these large, dynamic networks.
This document discusses botnet detection techniques. It begins by defining what a botnet is and how botnets are used to conduct cybercrimes. It then outlines several botnet detection methods including signature-based detection, anomaly-based detection, DNS-based detection, mining-based detection, and using honeypots and honeynets. Specific examples of botnets and worst affected countries are also provided. The document concludes by emphasizing the threat posed by botnets and importance of detecting and preventing botnet attacks.
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...Eric Vanderburg
Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents "The Bot Stops Here: Removing the BotNet Threat" at the Public and Higher Ed Security Summit.
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
Hacking telecommunication companies presents unique challenges and opportunities for attackers. Some key points include:
- Telecom networks are large with many interconnected systems and perimeters owned by third parties.
- Attacks can target subscribers by exploiting weaknesses in broadband access, mobile networks, or subscriber-facing web portals.
- Network infrastructure and subscriber equipment often have vulnerabilities like default credentials, outdated software or misconfigurations.
- Less traditional systems like VOIP gateways, wireless access points or control systems may be overlooked but contain vulnerabilities.
- Partner resources and systems are sometimes co-located with the telecom's own infrastructure, providing a path into the network.
How to hack a telecom and stay alive
Speaker: Sergey Gordeychik
Penetration testing of telecommunication companies' networks is one of the most complicated and interesting tasks of this kind. Millions of IPs, thousands of nodes, hundreds of Web servers and only one spare month. What challenges are waiting for an auditor during the telecom network testing? What to pay attention on? How to use the working time more effectively? Why is the subscriber more dangerous than hacker? Why is contractor more dangerous than subscriber? How to connect vulnerability with financial losses? Sergey Gordeychik will tell about it and the most significant and funny cases of penetration testing of telecommunication networks in his report.
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
Sergey Gordeychik discussed how to hack telecommunication companies while avoiding illegal activity. He explained that telecom networks have many perimeters, partners, contractors, and technology that could be vulnerable. Specific risks included attacks against subscribers by guessing passwords, malware, or fraud. Pentesters should thoroughly examine the network for any overlooked systems or misconfigurations while respecting all laws and client approvals. Forensics after an incident would also be very challenging in large telecom networks with many access points.
WebRTC introduces new security considerations for real-time communications. The document discusses various VoIP attacks that could impact WebRTC like denial of service, fraud, and illegal interception. It also examines vulnerabilities from accessing devices, signaling sent in plain text, and cross protocol attacks. The presentation recommends using TLS for signaling, getting user permission for devices, DTLS-SRTP for media encryption, and identity management through providers. Integrating WebRTC with IMS can leverage the authentication of IMS subscriptions for web credentials.
- VoIP attacks Denial of service. Fraud. Illegal interception. Illegal control.
- Adhoc WebRTC attacks: malicious HTML code. Webservers. Forced DoS. Cam/mic control. Etc.
- Protection: Role of border elements (SBC, media gateways,...). WebRTC Portal and web servers. Browser mechanisms
- Identity Management: Anonymous calls. OpenID and third parties. Telco identity. Real implementations
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
This document discusses distributed denial of service (DDoS) attacks, detection, and mitigation. It provides background on DDoS including components and architecture. It explains why small and medium internet service providers should care about DDoS attacks. The presentation aims to show how an ISP can implement an automated solution for DDoS mitigation using Mikrotik Traffic Flow, Fastnetmon for detection, and ExaBGP for route announcements. Detection and mitigation techniques are discussed such as remote triggered blackholing, mitigation at a cloud scrubbing center, and using the Cymru Unwanted Traffic Removal Service.
Conferencia de Santiago Troncoso expuesta en la última edición de VoIP2DAY en la que nos explica cómo WebRTC hereda todas las amenazas de los servicios VoIP tradicionales junto con los ataques web existentes y nos da algunas claves sobre cómo mantener la seguridad de los servicios.
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"Quobis
WebRTC inherits all the threats of traditional VoIP services together with existing web attacks. In this session Antón Román will explain this together with ad-hoc WebRTC attacks and ways to deal with Identity and keep the services secure.
- VoIP attacks Denial of service. Fraud. Illegal interception. Illegal control.
- Adhoc WebRTC attacks: malicious HTML code. Webservers. Forced DoS. Cam/mic control. Etc.
- Protection: Role of border elements (SBC, media gateways,...). WebRTC Portal and web servers. Browser mechanisms
- Identity Management: Anonymous calls. OpenID and third parties. Telco identity. Real implementations
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Julia Yu-Chin Cheng
This document outlines the evolution of botnets and their threats. It discusses how botnets have moved from centralized command and control structures to using exploit kits and scripts for distribution. The document is divided into two parts, with part one covering traditional botnet landscapes and how they have evolved to use techniques like exploit kits, social engineering, and drive-by downloads to more efficiently infect computers and spread malware. Part two will focus specifically on web exploit kits, examining what they are, how they work, case studies, and how they generate revenue. The document provides an overview of the changing botnet ecosystem.
This document discusses distributed denial-of-service (DDoS) attacks and mitigation strategies. It begins with a definition of DDoS attacks as attempts to make machines or networks unavailable to intended users. It then discusses different types of DDoS attack motivations, including distraction from criminal activity, competitive advantage, retaliation, and ideology. The document outlines the sophistication of DDoS attack tools and services available. It emphasizes that DDoS attacks are a major risk to service availability that should be accounted for in risk planning and analyses. The business impacts of DDoS attacks, including revenue loss, operations impacts, help desk impacts, and brand/reputation damage are reviewed. Finally, mitigation strategies are discussed
Eradicate the Bots in the Belfry - Information Security Summit - Eric VanderburgEric Vanderburg
Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents "Eradicate the Bots in the Belfry" at the Information Security Summit.
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
Multicluster Service Mesh in Action
Denis Jannot, Director of Field Engineering - EMEA at Solo.io
Suggestions for end users to deploy multihoming, load-balance and load-sharingKae Hsu
The document discusses recommendations for multihoming, load balancing, and load sharing approaches. It describes commonly used connection and distribution methods like leased lines, ISDN, ADSL and how new technologies like FTTX are replacing older ones. It also discusses more robust multihoming approaches that maintain redundancy and distribution without requiring BGP or own IP blocks, like using the same protocol across connections without own blocks.
The document discusses recommendations for multihoming, load balancing, and load sharing approaches for end users. It describes commonly used connection and distribution methods like leased lines, ISDN, ADSL and FTTX. It also discusses more robust multihoming options that maintain redundancy and balance traffic across connections without requiring BGP or own IP blocks, like using the same dynamic routing protocol across all ISP connections.
Suggestions for end users to deploy multihoming, load-balance and load-sharingKae Hsu
The document discusses recommendations for multihoming, load balancing, and load sharing approaches for end users. It describes commonly used connection and distribution methods like leased lines, ISDN, ADSL and FTTX. It also discusses more advanced multihoming options using BGP with independently assigned IP addresses to achieve redundancy and connection resiliency without requiring end users to manage BGP protocols or obtain their own IP blocks. Simpler approaches that maintain benefits without those requirements are preferable.
Suggestions for end users to deploy multihoming, load-balance and load-sharingKae Hsu
The document discusses recommendations for multihoming, load balancing, and load sharing approaches. It describes commonly used connection and distribution methods like leased lines, ISDN, ADSL and how new technologies like FTTX are replacing older ones. It also discusses more robust multihoming options that maintain redundancy and balance traffic across connections without requiring BGP or own IP blocks. The preferred approaches provide benefits like lower cost and complexity while preserving resiliency.
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Ukraine
Під час доповіді відповімо на питання, навіщо потрібно підвищувати продуктивність аплікації і які є найефективніші способи для цього. А також поговоримо про те, що таке кеш, які його види бувають та, основне — як знайти performance bottleneck?
Відео та деталі заходу: https://bit.ly/45tILxj
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsScyllaDB
ScyllaDB monitoring provides a lot of useful information. But sometimes it’s not easy to find the root of the problem if something is wrong or even estimate the remaining capacity by the load on the cluster. This talk shares our team's practical tips on: 1) How to find the root of the problem by metrics if ScyllaDB is slow 2) How to interpret the load and plan capacity for the future 3) Compaction strategies and how to choose the right one 4) Important metrics which aren’t available in the default monitoring setup.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
"NATO Hackathon Winner: AI-Powered Drug Search", Taras KlobaFwdays
This is a session that details how PostgreSQL's features and Azure AI Services can be effectively used to significantly enhance the search functionality in any application.
In this session, we'll share insights on how we used PostgreSQL to facilitate precise searches across multiple fields in our mobile application. The techniques include using LIKE and ILIKE operators and integrating a trigram-based search to handle potential misspellings, thereby increasing the search accuracy.
We'll also discuss how the azure_ai extension on PostgreSQL databases in Azure and Azure AI Services were utilized to create vectors from user input, a feature beneficial when users wish to find specific items based on text prompts. While our application's case study involves a drug search, the techniques and principles shared in this session can be adapted to improve search functionality in a wide range of applications. Join us to learn how PostgreSQL and Azure AI can be harnessed to enhance your application's search capability.
From Natural Language to Structured Solr Queries using LLMsSease
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or “cognitive” gap) remains between the data user needs and the data producer constraints.
That is where AI – and most importantly, Natural Language Processing and Large Language Model techniques – could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr index’s metadata.
This approach leverages the LLM’s ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
1. 9th TWNIC IP Open Policy Meeting
2007/12/5, Taipei
Botnets & DDoS Introduction
Kae Hsu (IS-TW)
2. Agenda
• Bot
• Botnet and the mechanisms used in
• Botnets activities and economics
• Harms from Botnets
• DDoS mitigation
• Botnets detection and defense
• Reference
2007/12/5 2 Copyright 2007 - Trend Micro Inc.
3. Bot
• Brief history of Bot (summarized from “Botnets, THE KILLER WEB APP”)
– GM (1989)
• A robot user in an IRC channel.
– PrettyPark (1999)
• A Bot client on Windows95/98.
• Malicious IRC Bots.
– SubSeven Trojan/Bot
• Create backdoor in the system.
• SubSeven server could control SubSeven clients via IRC server.
– GT Bot (2000)
• Based on the mIRC client
– could trigger mIRC client to run scripts from IRC server.
– support raw TCP and UDP socket connections.
– SDBot (2002)
• Written in C++ and the author released the source code.
• Exploits and infects.
2007/12/5 3 Copyright 2007 - Trend Micro Inc.
4. Bot
• History brief (cont.)
– Agobot (2002)
• Modular design.
• Using P2P file-sharing applications to spread.
Characteristic-Based Families
– Spybot (2003)
• Open source Trojan and deviate from SDBot.
– RBot (2003)
• Most detections in Windows platform, with 1.9 million PCs. (2005)
– Polybot (2004)
• Derived from the AgoBot.
– Mytob (2005)
• Hybrid from MyDoom and bot IRC C&C functionality.
2007/12/5 4 Copyright 2007 - Trend Micro Inc.
5. Botnet and the mechanisms used in
• Botnet
– Some Bots controlled by a single one/organization (botherder)
and execute the commands from the botherder.
• Botnet Life Cycle
1. Exploit.
2. Report to the botherder (via C&C channel).
3. Retrieve the anti-antivirus module.
4. Rally and secure the Bot client.
5. Listen to the C&C channel and receive command.
6. Retrieve the payload module.
7. Execute the command.
8. Report result to the C&C channel.
9. Back to step 5.
10. Erase all evidence and abandon the Bot client.
2007/12/5 5 Copyright 2007 - Trend Micro Inc.
6. Botnet and the mechanisms used in
• C&C: Command and Control
– Botherder use C&C to collect Bot client information and delivery
the commands to Bot clients.
– IRC server is the most early and widely used C&C
• Interactive.
• Easy to build a IRC server.
• Easy to create and control several Botnets using one server.
• Easy to create redundancy.
– Web-based C&C servers.
– P2P Botnets.
– Random.
– IM C&C.
– Remote Administration.
– Drop Zone and FTP-based C&C.
2007/12/5 6 Copyright 2007 - Trend Micro Inc.
7. Botnets activities and economics
• Exploit new Bot client
• DDoS attack
– DDoS ransom - $$$
• Software installation
– adware - $$$
– clicks4hire - $$$
• Spam and phishing - $$$
• Storage and distribution of stolen or illegal data
• Ransomware - $$$
• Data mining - $$$
• Reporting results
• Erase the evidence, abandon the client
2007/12/5 7 Copyright 2007 - Trend Micro Inc.
8. Harms from Botnets
• Spam
– Botherder control Bot clients to email spam.
• DDoS – Distributed Denial of Service
– Flooding lots of anomaly traffic or launch lots of service request
to the DDoS target
• The service is blocked on victim cause of resource exhausted.
– bandwidth resource
– system resource
– DDoS is hard to prevent
• It is hard to classify normal or abnormal traffic.
– Anomaly TCP/UDP/ICMP flooding is easy to detect.
– Anomaly service access request is hard to detect.
• ISP uplink congestion will impact other customer
– Traffic scrubbing is helpless to uplink congestion.
2007/12/5 8 Copyright 2007 - Trend Micro Inc.
9. Harms from Botnets
• Botnets: the source of DDoS
– In a Botnet, zombie PCs would be used to generate the attack
traffic to the victims.
– If a Botnet have >100,000 zombie PCs, each PC generate
50kbps attack traffic to the victim; The total attack traffic could
reach more than 5Gbps!!!
• 5Gbps traffic could congest lots of links of enterprise and ISP.
– If a Botnet have >100,000 zombie PCs, each PC generate 1kpps
attack traffic to the victim; The total attack traffic could reach
more than 100Mpps!!!
• 100Mpps traffic could shutdown lots of equipments of enterprise
and ISP.
– Most ISPs use “black-hole” mechanism to drop the attack traffic,
but it will drop normal traffic flow to victim too
• ISPs help the cyber-criminal complete the attack.
2007/12/5 9 Copyright 2007 - Trend Micro Inc.
10. Harms from Botnets
• Scale of Botnet:
– Telenor takes down 'massive' botnet – more than 10,000 zombie
PC
• http://www.theregister.co.uk/2004/09/09/telenor_botnet_dismantled/
– Dutch Botnet suspects ran 1.5 million machines
• http://www.techweb.com/wire/security/172303160
– Of the 600 million computers currently on the internet, between
100 and 150 million were already part of these botnet…
– http://news.bbc.co.uk/1/hi/business/6298641.stm
• Strength of Botnet:
– Estonian government websites were shutdown cause serious
DDoS attack from Apr. 27, 2007
• At its peak on May 9, the attack shut down up to 58 sites at once.
• Computers from the United States, Canada, Brazil, Vietnam and
others have been used in the attacks.
2007/12/5 10 Copyright 2007 - Trend Micro Inc.
11. Harms from Botnets
• DDoS example
– ISPs Bot client
BOTNETS
attack
traffic
VICTIMS
link
congestion
2007/12/5 11 Copyright 2007 - Trend Micro Inc.
12. Harms from Botnets
– All of the packets forward to victim were dropped.
BOTNETS
attack
traffic
VICTIMS
2007/12/5 12 Copyright 2007 - Trend Micro Inc.
13. DDoS mitigation
• Scrub the traffic, accept and forward the normal packets
and drop the abnormal packets
– Build the traffic scrubbing system in your netowrk
• Congestion still would be happened on ISP border router.
VICTIMS
link
congestion
– Order scrubbing service from upstream ISP or scrubbing service
provider.
scrubbing service provider
VICTIMS
link
congestion
2007/12/5 13 Copyright 2007 - Trend Micro Inc.
14. Botnets detection and defense
• Internet projects to detect Bot/Botnets
– Darknet
• A subnet that no any machine host in.
• There should not be any normal traffic flow to this subnet
– Anomaly traffic flow sent by malware almost.
• It is possible to trace the compromised machine by analyzing those
anomaly traffic.
enable promiscuous mode
Bot client
Internet
.4
analyze exploit traffic and catch Bot client IP
.1
.3
R(config)#ip route 172.17.12.128 255.255.255.128 172.17.12.4 .2
172.17.12.0/24
2007/12/5 14 Copyright 2007 - Trend Micro Inc.
15. Botnets detection and defense
• Internet projects to detect Bot/Botnets
– Honeypots
• A machine that exploit by malware on purpose.
– Botnets life cycle:
» 2) Report to the botherder (via C&C channel).
» 5) Listen to the C&C channel and receive command.
» 6) Retrieve the payload module.
» 8) Report result to the C&C channel.
– To sniff and analyze the connections of Bot, we could catch:
» the IP address of C&C
» the IP address of victims
C&C
172.31.1.1
Internet
.4
catch the C&C IP: 172.31.1.1
.1
.3
port mirror
honeypot
.2
2007/12/5 15 Copyright 2007 - Trend Micro Inc.
16. Botnets detection and defense
– Honeypot (cont.)
• In theories, off-line the C&C would destroy the whole Botnet
– It is the vulnerability of centralized C&C.
C&C
Internet
.4
.1
.3
port mirror
honeypot
.2
R(config)#ip route 172.31.1.1 255.255.255.255 null0
• Use black-hole to block the C&C IP on the Internet
– But botherder would not structure their Botnet by only one C&C
» Use DNS to improvement C&C surviving.
2007/12/5 16 Copyright 2007 - Trend Micro Inc.
17. Botnets detection and defense
• BGP flow-spec
– A new BGP NLRI
• The reason to use BGP: re-use
– protocol algorithms.
– operational experience.
– administrative processes such as inter-provider peering agreements.
– Distribute traffic flow specifications and action.
• Flow-spec NLRI
– Type 1 – destination prefix
– Type 2 – source prefix
– Type 3 – IP protocol
– Type 4 – port
– Type 5 – destination port
– Type 6 – source port
– Type 7 – ICMP type
– Type 8 – ICMP core
2007/12/5 17 Copyright 2007 - Trend Micro Inc.
18. Botnets detection and defense
• Flow-spec NLRI (cont.)
– Type 9 –TCP flags
– Type 10 – packet length
– Type 11 – DSCP
– Type 12 – fragment
• Traffic filtering actions
– Traffic-rate
– Traffic-action
» Terminal action
» Sample
– Redirect
– Use BGP flow-spec in your network
Bot client D
Normal
client B
Normal
client C
Server A
2007/12/5 18 Copyright 2007 - Trend Micro Inc.
19. Botnets detection and defense
– Use BGP flow-spec in your network
• Update BGP flow-spec route to border router
– ‘SRC=D, DST=A, action=drop’
Bot client D
Normal
client B
Normal
client C
Server A
• Update BGP flow-spec route to peering partner
– ‘SRC=D, DST=A, action=drop’
Bot client D
Normal
client B
Normal
client C
Server A
2007/12/5 19 Copyright 2007 - Trend Micro Inc.
20. Reference
• “Botnets, THE KILLER WEB APP”
– by Craig A. Schiller etc.; Syngress Publishing Inc., 2007
• The Team Cymru Darknet Project
– http://www.cymru.com/Darknet/index.html
• The Honeynet Project
– http://www.honeynet.org/index.html
• “Dissemination of flow specification rules”
– draft-marques-idr-flow-spec-04.txt
• “Configuring a flow route”
– http://www.juniper.net/techpubs/software/junos/junos85/swconfig85-
routing/id-10317421.html#id-10317421
• “Inferring Internet Denial-of-Service Activity”
– by David Moore etc.
• “The Zombie Roundup: Understanding, Detecting, and Disrupting
Botnets”
– by Evan Cooke etc.
• “How CNCERT/CC fighting to Botnets”
– by Mingqi Chen.; CNCERT/CC
2007/12/5 20 Copyright 2007 - Trend Micro Inc.