Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
dhcp rework in bro 2 6

DHCP Rework in Bro 2.6 Seth Hall Corelight Why Tackled? Why - PowerPoint PPT Presentation

Jun 02, 2023 •474 likes •628 views

DHCP Rework in Bro 2.6 Seth Hall Corelight Why Tackled? Why Tackled? Log wasnt great. Purely based on DHCP ACK messages. No tie together between assigned IP address and MAC address. Load balancing issues Mix of broadcast

  1. DHCP Rework in Bro 2.6 Seth Hall Corelight

  2. Why Tackled?

  3. Why Tackled? • Log wasn’t great. • Purely based on DHCP ACK messages. • No tie together between assigned IP address and MAC address. • Load balancing issues • Mix of broadcast and unicast packets is a nightmare for load balancing.

  4. Design Approach 
 Novel BinPAC Structure Define a case with no values up front Refine and extend case (switch)

  5. Design Approach 
 Simplify Event Structure

  6. Design Approach 
 Centralize DHCP messages Worker Worker Worker Worker Worker Worker DHCP::aggregate_msgs Manager

  7. Design Approach 
 Log DHCP “Conversation” Client Server discover o ff er request One Log Entry! ack

  8. What’s in the log?

  9. Regrets & Mistakes • Blindly changed the DHCP event structure! • Thanks to Vlad Grigorescu for jumping in and writing a compatibility script for scripts that haven’t been updated. • @load protocols/dhcp/deprecated_events • No DHCPv6!

  10. Fun Stuff 
 IP Forwarding option (19)

  11. Fun Stuff 
 Client FQDN option (81)

  12. Fun Stuff 
 Client FQDN option (81) • BAHRxHxxxx.resource.ds.bah.com • PLxxxxxx-NB.corp.tangoe.com • sysxxxl.meachamapel.com • ussfmblxxxx.na.watson.com • L01OHxxxxxxxxxQ.cardinalhealth.net 


  13. Fun Stuff 
 Auto Proxy Config option (252)

  14. Thanks!

Recommend

Bro stuff Justin Azoff Aug 4, 2015 try.bro.org on github Figure : try.bro on github Bro

Bro stuff Justin Azoff Aug 4, 2015 try.bro.org on github Figure : try.bro on github Bro

Bro stuff Justin Azoff Aug 4, 2015 try.bro.org on github Figure : try.bro on github Bro Dockerfiles on github Figure : try.bro on github try.bro.org CORS CORS is enabled on API endpoints. http:

286 views • 15 slides
REWORK REDUCTION on Industrial Projects. COAA Conference : Edmonton May 2006 Agenda Rework

REWORK REDUCTION on Industrial Projects. COAA Conference : Edmonton May 2006 Agenda Rework

COAAs Initiatives Toward REWORK REDUCTION on Industrial Projects. COAA Conference : Edmonton May 2006 Agenda Rework Reduction Project Rework Reduction Tool PRRT TM The Tool: Purpose, Features & Benefits, Overview

640 views • 30 slides
Bro Clusters Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Thursday, November

Bro Clusters Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Thursday, November

Bro Clusters Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Thursday, November 17, 2011 Someone here is analyzing 7Gbps of mixed traffic with Bro. With everything turned on! Bro Workshop 2011 2 Thursday, November

395 views • 19 slides
Broverview Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline 2 Bro

Broverview Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline 2 Bro

The Bro Network Security Monitor Broverview Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline 2 Bro Workshop 2011 Outline Philosophy and Architecture A framework for network traffic analysis. 2 Bro Workshop 2011

1.12k views • 69 slides
BroCon 2017 Introduction & Welcome Adam Slagell Supporting the Project Create Bro

BroCon 2017 Introduction & Welcome Adam Slagell Supporting the Project Create Bro

BroCon 2017 Introduction & Welcome Adam Slagell Supporting the Project Create Bro packages http://bro-package-manager.readthedocs.io/ pip install bro-pkg Help on mailing lists bro@bro.org Bro-dev@bro.org

348 views • 6 slides
Bro Scripts The Bro Monitoring Platform Agenda Thursday Block 1: Bro-Overview and introduction.

Bro Scripts The Bro Monitoring Platform Agenda Thursday Block 1: Bro-Overview and introduction.

Bro Scripts The Bro Monitoring Platform Agenda Thursday Block 1: Bro-Overview and introduction. Structure, setup, administration. Exercise: find your way around in the training VM. Block 2: Bro-logs, network logs. Introduction on

294 views • 13 slides
A Bro Script Case Study Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 No

A Bro Script Case Study Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 No

A Bro Script Case Study Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 No deep detail now, just enough to understand basic constructs. Important to focus on script structure and data flow. Bro Workshop 2011 2 Script

485 views • 17 slides
Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline Near- to

Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline Near- to

The Bro Network Security Monitor Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline Near- to Medium-term Roadmap Current Research Projects Workshop Wrap-Up 2 Bro Workshop 2011 Version 2.0 Final 3 Bro

620 views • 57 slides
The Bro Network Security Monitor Bro Integrations: Some Misc. Bro Related Stuff Jon Schipp, NCSA

The Bro Network Security Monitor Bro Integrations: Some Misc. Bro Related Stuff Jon Schipp, NCSA

The Bro Network Security Monitor Bro Integrations: Some Misc. Bro Related Stuff Jon Schipp, NCSA BroCon15 MIT, Cambridge, Massachusetts Agenda Outlining a few things Ive worked on ISLET - Software that can be used for Bro training

587 views • 20 slides
Zeek 3.0.0 and beyond Robin Sommer robin@corelight.com Just released: Zeek 3.0.0 bro ->

Zeek 3.0.0 and beyond Robin Sommer robin@corelight.com Just released: Zeek 3.0.0 bro ->

Zeek 3.0.0 and beyond Robin Sommer robin@corelight.com Just released: Zeek 3.0.0 bro -> zeek broctl -> zeekctl bro-cut -> zeek-cut bro-pkg -> zkg /usr/local/bro -> /usr/local/zeek *.bro -> *.zeek bro_{init,done} ->

908 views • 13 slides
The Bro Network Security Monitor Network Forensics with Bro Matthias Vallentin UC Berkeley /

The Bro Network Security Monitor Network Forensics with Bro Matthias Vallentin UC Berkeley /

The Bro Network Security Monitor Network Forensics with Bro Matthias Vallentin UC Berkeley / ICSI vallentin@icir.org Bro Workshop 2011 NCSA, Champaign-Urbana, IL Outline 1. The Bro Difference 2. Abstract Use Cases 3. From Post-Facto to

535 views • 23 slides
Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC

Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC

Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC DHCP Open-Source First version released in 1997 Default DHCP software in many distributions Server/relay/client for IPv4 & IPv6

304 views • 13 slides
DHCP (RFC 2131) Deliver host-specific configuration parameters from DHCP server to host.

DHCP (RFC 2131) Deliver host-specific configuration parameters from DHCP server to host.

DHCP (RFC 2131) Deliver host-specific configuration parameters from DHCP server to host. Allocate network address to nodes: Automatic allocation: permanent assignment. Dynamic allocation: for a limited period of time. Manual

388 views • 9 slides
Weakening Aggregated Traffic of Weakening Aggregated Traffic of DHCP Discover Messages draft

Weakening Aggregated Traffic of Weakening Aggregated Traffic of DHCP Discover Messages draft

Weakening Aggregated Traffic of Weakening Aggregated Traffic of DHCP Discover Messages draft yang sunset4 weaken dhcp 00 draft yang sunset4 weaken dhcp 00 Tianle Yang, Lianyuan Li, Qiongfang Ma China Mobile China Mobile

540 views • 12 slides
DHCP EAP Analysis or wheres my pony? Protocol overview

DHCP EAP Analysis or wheres my pony? Protocol overview

DHCP EAP Analysis or wheres my pony? Protocol overview EAP Encapsulated in DHCP Protocol DHCP protocol starts normally Relay (proxy)

885 views • 12 slides
N&H NYMC Information evening February 27 th Introductions APGM designate W Bro Mark

N&H NYMC Information evening February 27 th Introductions APGM designate W Bro Mark

N&H NYMC Information evening February 27 th Introductions APGM designate W Bro Mark Constant Corby Group Officer W Bro Steve Burton Provincial Mentor W Bro Duncan Childs Interim secretary W Bro Rab Reid YOUR ATTENDANCE

738 views • 40 slides
Leveraging Ambari to Build Comprehensive Management UIs For Your Hadoop Applications by

Leveraging Ambari to Build Comprehensive Management UIs For Your Hadoop Applications by

Leveraging Ambari to Build Comprehensive Management UIs For Your Hadoop Applications by Christian Tzolov @christzolov Whoami Christian Tzolov Technical Architect at Pivotal, BigData, Hadoop, SpringXD, Apache Committer, Crunch PMC member

715 views • 35 slides
Textures for Real-Time Ray Tracing Christian F. Ruff, Esteban W. G. Clua and Leandro A. F.

Textures for Real-Time Ray Tracing Christian F. Ruff, Esteban W. G. Clua and Leandro A. F.

Dynamic per Object Ray Caching Textures for Real-Time Ray Tracing Christian F. Ruff, Esteban W. G. Clua and Leandro A. F. Fernandes Universidade Federal Fluminense (UFF) 1 Ray Tracing Source: NVidia Source: Wikipedia 2 Ray Tracing

486 views • 29 slides
Parameterized Streaming Algorithms Graham Cormode Rajesh Chitnis Parameterized Streaming

Parameterized Streaming Algorithms Graham Cormode Rajesh Chitnis Parameterized Streaming

Towards a Theory ry of f Parameterized Streaming Algorithms Graham Cormode Rajesh Chitnis Parameterized Streaming Algorithms We increasingly have to deal with huge graphs Facebook graph Brain graph Google Maps in USA Web Graph 10

339 views • 16 slides
Discrete logarithm problem for matrices over finite group rings Alex Myasnikov Stevens Institute

Discrete logarithm problem for matrices over finite group rings Alex Myasnikov Stevens Institute

Discrete logarithm problem for matrices over finite group rings Alex Myasnikov Stevens Institute of Technology Discrete logarithm problem. The discrete logarithm problem (DLP) in a finite cyclic group G : for any pair g , h G find a

675 views • 18 slides
New Internet Architectures Martin Kaufmann Distributed Computing Seminar HS2007 Motivation

New Internet Architectures Martin Kaufmann Distributed Computing Seminar HS2007 Motivation

New Internet Architectures Martin Kaufmann Distributed Computing Seminar HS2007 Motivation 03.10.2007 Martin Kaufmann 2 1 Outline Motivation Problems with IPv4 Network Address Translation Improving NAT and IPv4 NAT

420 views • 16 slides
Patroni in 2019: What's New and Future Plans PGConf.EU 2019 Milan ALEXANDER KUKUSHKIN DMITRII

Patroni in 2019: What's New and Future Plans PGConf.EU 2019 Milan ALEXANDER KUKUSHKIN DMITRII

Please write title, subtitle Please write title, subtitle and speaker name in all and speaker name in all capital letters capital letters Patroni in 2019: What's New and Future Plans PGConf.EU 2019 Milan ALEXANDER KUKUSHKIN DMITRII DOLGOV

859 views • 44 slides
USER AUTHENTICATION GRAD SEC SEP 26 2017 TODAYS PAPERS SPEARPHISHING ATTACKS

USER AUTHENTICATION GRAD SEC SEP 26 2017 TODAYS PAPERS SPEARPHISHING ATTACKS

USER AUTHENTICATION GRAD SEC SEP 26 2017 TODAYS PAPERS SPEARPHISHING ATTACKS SPEARPHISHING ATTACKS Imbue the email with a sense of trust or authority LURE Spoof (or log in as) the source / name Make the topic such that theyll

634 views • 25 slides
Tips, Tricks and Tools for managing one or more medium to large CiviCRM installs CiviCon 2012

Tips, Tricks and Tools for managing one or more medium to large CiviCRM installs CiviCon 2012

Tips, Tricks and Tools for managing one or more medium to large CiviCRM installs CiviCon 2012 Maintenance best practices Drush & drush make drupal.org/project/drush drupal.org/project/drush_make Configuring environments Sysadmin

482 views • 20 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.