207 posts categorized "Switching & Routing" Feed

Detecting SYN Flood Attacks with Colasoft Capsa (by Jack Wei)

Detecting SYN Flood Attacks with Colasoft Capsa!

 Denial-of-service attack (DoS attack) is a malicious attack to make a machine or network resource unavailable to users, usually by temporarily or indefinitely disrupting services of a host connected to the Internet. (US-CERT 2013)

Today, DoS attack is a common cyber-attack on the network. According to the statistics, every three seconds, there is a DoS attack happening on the Internet. The low cost of launching a DoS attack is one of the major causes of frequent DoS attacks.

Some of the most commonly used DoS attack types include:

Ping of Death, Teardrop, WinNuk, UDP flood, TCP SYN flood, IP Spoofing, Land Attack, Smurf, ICMP flood, etc.

In this article, we will show you how to detect SYN flood attacks using a network analyzer named Colasoft Capsa.

You can download some awesome tools here - Including the Freeware Capsa - 

Free Tool Download, including Capsa free - Click Here!

In order to analyze DoS attacks (and Others) , I suggest you follow the three steps below:

  1. Observation

Most hosts which are under DoS attack will show high CPU and memory usage or the network bandwidth is occupied by garbage traffic.

  1. Analysis

We can analyze and locate the attacks by decoding the raw packets. In this way, we will get protocols and behaviors of packets. Compare these information with attack signature, then we can locate the actual attack type.

  1. Locate issues

With TCP/UDP session and chart function, we can more accurately and quickly locate DOS attacks.

Now, I will give you an example to show you the detailed steps using the visual capabilities of Capsa!.

 

Continue reading "Detecting SYN Flood Attacks with Colasoft Capsa (by Jack Wei)" »


LMTV LIVE | What Can I Really Do With A Visibility Architecture? (with Keith Bromley of IXIA and Mike Canney of IXIA)



Yx_X0tC2Network visibility is an often overlooked but critically important activity for IT. The real question people often ask is, what can I really do with a “Visibility Architecture?” The short answer is that it enables you to quickly isolate security threats and resolve performance issues. The long answer is that there are over 50 different monitoring and visibility use cases that are either enabled and/or improved by implementing a Visibility Architecture. This is our second of several discussions to learn what a visibility architecture is and how it can help you optimize network data capture and analysis.

Key Points to Comment on:

Continue reading "LMTV LIVE | What Can I Really Do With A Visibility Architecture? (with Keith Bromley of IXIA and Mike Canney of IXIA)" »


LMTV LIVE | Best Practices for Network Tapping (with Keith Bromley of IXIA)



YouTube Live Event starts at 9:30AM PST, Wednesday, February 22, 2017


Yx_X0tC2This week we will be speaking with Keith Bromley, Senior Manager of Solutions Marketing of IXIA.

We promise to do our very best to avoid the usual Taps vs SPAN discussion in this live event. But what we will discuss is the following.

  • Taps are part of a well-planned visibility architecture.
  • Taps should be as easy as set and forget.
  • Taps are placed inline in the network but they are passive and only make a copy of the data, i.e. they don’t divert the main traffic flow.
  • Bypass switches are similar to taps but different from taps as they actually divert the data but also provide fail-over mechanisms for network survivability.
  • A virtual tap is a software version of the standard tap except that this can be loaded onto virtualized servers to capture east-west data in the virtual data center.
  • Some best practices for tap placement
    • Use taps where you can to ensure that you get the best data possible as fast as possible
    • Tap your network ingress and egress points
    • Tap any known choke points

Please join us.


Click to read other LMTV posts by contributors of LoveMyTool »


LMTV LIVE | Networking Trends for 2017 (with Mike Canney of Viavi)



Live Broadcast starts @ 9:30 AM PST, Wednesday, January 11, 2017


ViaviMike canneyWith the New Year’s celebrations behind us, it’s time to put down the eggnog and look forward to the key technologies and trends that will impact network professionals in 2017.

LMTV will kick off this year with Mike Canney, Principal Strategic Architect and troubleshooter of Viavi Solutions, to take a look into our crystal ball to discuss the biggest things to impact IT.


Continue reading "LMTV LIVE | Networking Trends for 2017 (with Mike Canney of Viavi) " »


LMTV LIVE | Steve Brown and Warren Caron of Viavi Solutions


Viavi_Color_RGB

This week we will speak with Steve Brown and Warren Caron of Viavi Solutions, who are their Director of Solutions Marketing and Solutions Engineer, respectively.

With network teams increasingly involved in all aspects of security from threat prevention to breach investigation and remediation, understanding how to be proactive is critical. In this week's LMTV LIVE, we’ll discuss how network pros can more effectively work with security teams on threat prevention, investigations, and cleanup efforts.

  • Proactively ID anomalous network behavior
  • Recognize malware, ransomware, and DDoS
  • Assess damage post-attack
  • Reconstruct or playback breaches
  • Ensure successful remediation
  • Overcoming key visibility and intelligence issues
  • Strategies to ensure security events are fully captured