Abstract
The spread of viruses and worms has severe implications on the performance of virtually any network. Current methods to stop the propagation of malicious code rely on anti-virus signature recognition to prevent hosts from being infected. Unfortunately, the latency between the introduction of a new virus into a network and the implementation/distribution of a patch can be significant. Within this period, a network can be crippled by the abnormally high rate of traffic generated by infected hosts. Previous research has provided a mechanism for controlling the rate at which a host can make new network connections when exhibiting virus-like behavior. Extending this technology to network routers provides the benefit of network protection without the need for individual client support, and serves as an initial step in developing a virus-resilient network. This paper/presentation reflects on the unique challenge of adapting the Virus Throttle mechanism to HP ProCurve network switch routers. Also discussed is the method of proving that it works in realistic network conditions to protect against worms without interfering with normal network traffic.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
CSI/FBI 2006 Computer Crime and Security Survey (2007), http://www.gosci.com/
HP ProCurve (2007). Making Adaptive Networks a Reality (2007). http://www.hp.com/ rnd/pdfs/Vision TechnicalWhitePaper.pdf
HP ProCurve 2007. ProCurve ProActive Defense: A Comprehensive Network Security Strategy (2007), http://www.hp.com/rnd/pdfs/ProCurve_Security_paper_022107.pdf
HP ProCurve (2007). Protecting the Extended Enterprise Network: Security Strategies and Solutions from ProCurve Networking (2007) http://www.hp.com/rnd/pdfs/Adaptive_EDGE_Arch_wp.pdf
HP ProCurve (2007). ProVision ASIC: Built for the future (2007), http://www.hp.com/ rnd/itmgrnews/built_for_future.htm?jumpid=reg_R1002_USEN
HP ProCurve (2007). ProCurve Network Immunity Solution (2007), http://www.procurve.com/ security/Network_Immunity_Technical_Brief.pdf
HP ProCurve (2006). ProCurve Identity Driven Manager (2007) http://www.hp.com/rnd/ products/management/idm/overview.htm
Twycoss, J., Williamson, M.: Implementing and Testing a Virus Throttle. In: Proceedings 12th USENIX Security Symposium, Washington (2003)
Wikipedia. SQL Slammer (2007), http://en.wikipedia.org/wiki/SQL_Slammer
HP ProCurve 5300xl switches — datasheet (2007), http://www.hp.com/rnd/products/ switches/switch5300xlseries/overview.htm
Noll, L.C., Fowler-Noll-Vo (FNV) hash webpage (2007), http://www.isthe.com/ chongo/tech/comp/fnv/index.html
InMon (2007) sFlow technology website. http://www.inmon.com/technology/index.php
HP ProCurve 5400zl/3400yl — datasheets (2007), http://www.hp.com/rnd/products/ switches/ProCurve_Switch_3500yl-5400zl_Series/overview.htm
HP ProCurve Wireless Edge Services xl Module — datasheet (2007), http://www.hp.com/ rnd/pdfs/datasheets/ProCurve_Wireless_Edge_Services_xl_Module.pdf
HP ProCurve Wireless Access Point 530 — datasheet (2007), http://www.hp.com/rnd/pdfs/ datasheets/ProCurve_Access_Point_530.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sanchez, M. (2007). Virus Throttle as Basis for ProActive Defense. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-73986-9_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73985-2
Online ISBN: 978-3-540-73986-9
eBook Packages: Computer ScienceComputer Science (R0)