Advertisement

Abstract

The spread of viruses and worms has severe implications on the performance of virtually any network. Current methods to stop the propagation of malicious code rely on anti-virus signature recognition to prevent hosts from being infected. Unfortunately, the latency between the introduction of a new virus into a network and the implementation/distribution of a patch can be significant. Within this period, a network can be crippled by the abnormally high rate of traffic generated by infected hosts. Previous research has provided a mechanism for controlling the rate at which a host can make new network connections when exhibiting virus-like behavior. Extending this technology to network routers provides the benefit of network protection without the need for individual client support, and serves as an initial step in developing a virus-resilient network. This paper/presentation reflects on the unique challenge of adapting the Virus Throttle mechanism to HP ProCurve network switch routers. Also discussed is the method of proving that it works in realistic network conditions to protect against worms without interfering with normal network traffic.

Keywords

Switch router virus worm behavior throttle 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    CSI/FBI 2006 Computer Crime and Security Survey (2007), http://www.gosci.com/
  2. 2.
    HP ProCurve (2007). Making Adaptive Networks a Reality (2007). http://www.hp.com/ rnd/pdfs/Vision TechnicalWhitePaper.pdf
  3. 3.
    HP ProCurve 2007. ProCurve ProActive Defense: A Comprehensive Network Security Strategy (2007), http://www.hp.com/rnd/pdfs/ProCurve_Security_paper_022107.pdf
  4. 4.
    HP ProCurve (2007). Protecting the Extended Enterprise Network: Security Strategies and Solutions from ProCurve Networking (2007) http://www.hp.com/rnd/pdfs/Adaptive_EDGE_Arch_wp.pdf
  5. 5.
    HP ProCurve (2007). ProVision ASIC: Built for the future (2007), http://www.hp.com/ rnd/itmgrnews/built_for_future.htm?jumpid=reg_R1002_USEN
  6. 6.
    HP ProCurve (2007). ProCurve Network Immunity Solution (2007), http://www.procurve.com/ security/Network_Immunity_Technical_Brief.pdf
  7. 7.
    HP ProCurve (2006). ProCurve Identity Driven Manager (2007) http://www.hp.com/rnd/ products/management/idm/overview.htm
  8. 8.
    Twycoss, J., Williamson, M.: Implementing and Testing a Virus Throttle. In: Proceedings 12th USENIX Security Symposium, Washington (2003)Google Scholar
  9. 9.
    Wikipedia. SQL Slammer (2007), http://en.wikipedia.org/wiki/SQL_Slammer
  10. 10.
    HP ProCurve 5300xl switches — datasheet (2007), http://www.hp.com/rnd/products/ switches/switch5300xlseries/overview.htm
  11. 11.
    Noll, L.C., Fowler-Noll-Vo (FNV) hash webpage (2007), http://www.isthe.com/ chongo/tech/comp/fnv/index.html
  12. 12.
    InMon (2007) sFlow technology website. http://www.inmon.com/technology/index.php
  13. 13.
  14. 14.
    HP ProCurve Wireless Edge Services xl Module — datasheet (2007), http://www.hp.com/ rnd/pdfs/datasheets/ProCurve_Wireless_Edge_Services_xl_Module.pdf
  15. 15.
    HP ProCurve Wireless Access Point 530 — datasheet (2007), http://www.hp.com/rnd/pdfs/ datasheets/ProCurve_Access_Point_530.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Mauricio Sanchez
    • 1
  1. 1.ProCurve Networking by HPUSA

Personalised recommendations