nanog mailing list archives

Re: Blocking TCP flows?

From: Kenny Kant <akennykant () gmail com>
Date: Fri, 14 Jun 2013 01:47:56 -0500

+1 for Bro

http://www.bro.org

 http://packetpushers.net/healthy-paranoia-show-11-bro-the-outer-limits-of-ids/

Sent from my iPad

On Jun 13, 2013, at 2:32 PM, Eric Wustrow <ewust () umich edu> wrote:

Hi all,

I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 gbps
link, with new blocked flows being dropped within a millisecond or so of
being
added. I've been looking into using OpenFlow on an HP Procurve, but I don't
know much in this area, so I'm looking for better alternatives.

Ideally, such a device would add minimal latency (many/expandable CAM
entries?), can handle many programatically added flows (hundreds per
second),
and would be deployable in a production network (fails in bypass mode). Are
there any
COTS devices I should be looking at? Or is the market for this all under
the table to
pro-censorship governments?

Thanks,

-Eric

Current thread:

Re: Blocking TCP flows?, (continued)
- Re: Blocking TCP flows? Jonathan Lassoff (Jun 13)
  - Re: Blocking TCP flows? Phil Fagan (Jun 13)
    - Re: Blocking TCP flows? Phil Fagan (Jun 13)
    - Re: Blocking TCP flows? Jonathan Lassoff (Jun 13)
    - Re: Blocking TCP flows? Phil Fagan (Jun 13)
    - Re: Blocking TCP flows? shawn wilson (Jun 13)
    - Re: Blocking TCP flows? Christopher Morrow (Jun 13)
    - Re: Blocking TCP flows? Jeff Kell (Jun 13)
    - Re: Blocking TCP flows? QliX=D! [aka EHB] (Jun 14)
- Re: Blocking TCP flows? Patrick Bailey (Jun 13)
- Re: Blocking TCP flows? Kenny Kant (Jun 13)
- Re: Blocking TCP flows? Dobbins, Roland (Jun 14)
  - Re: Blocking TCP flows? Eric Wustrow (Jun 14)
    - Re: Blocking TCP flows? Phil Fagan (Jun 14)
    - Re: Blocking TCP flows? Phil Fagan (Jun 16)