nanog mailing list archives
Re: Blocking TCP flows?
From: Kenny Kant <akennykant () gmail com>
Date: Fri, 14 Jun 2013 01:47:56 -0500
+1 for Bro http://www.bro.org http://packetpushers.net/healthy-paranoia-show-11-bro-the-outer-limits-of-ids/ Sent from my iPad On Jun 13, 2013, at 2:32 PM, Eric Wustrow <ewust () umich edu> wrote:
Hi all, I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 gbps link, with new blocked flows being dropped within a millisecond or so of being added. I've been looking into using OpenFlow on an HP Procurve, but I don't know much in this area, so I'm looking for better alternatives. Ideally, such a device would add minimal latency (many/expandable CAM entries?), can handle many programatically added flows (hundreds per second), and would be deployable in a production network (fails in bypass mode). Are there any COTS devices I should be looking at? Or is the market for this all under the table to pro-censorship governments? Thanks, -Eric
Current thread:
- Re: Blocking TCP flows?, (continued)
- Re: Blocking TCP flows? Jonathan Lassoff (Jun 13)
- Re: Blocking TCP flows? Phil Fagan (Jun 13)
- Re: Blocking TCP flows? Phil Fagan (Jun 13)
- Re: Blocking TCP flows? Jonathan Lassoff (Jun 13)
- Re: Blocking TCP flows? Phil Fagan (Jun 13)
- Re: Blocking TCP flows? shawn wilson (Jun 13)
- Re: Blocking TCP flows? Phil Fagan (Jun 13)
- Re: Blocking TCP flows? Jonathan Lassoff (Jun 13)
- Re: Blocking TCP flows? Christopher Morrow (Jun 13)
- Re: Blocking TCP flows? Jeff Kell (Jun 13)
- Re: Blocking TCP flows? QliX=D! [aka EHB] (Jun 14)
- Re: Blocking TCP flows? Eric Wustrow (Jun 14)
- Re: Blocking TCP flows? Phil Fagan (Jun 14)
- Re: Blocking TCP flows? Phil Fagan (Jun 16)