North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Some abuse detection hacks ...
Avi Freedmans post with a perl script to look for network abuses a while back got me to thinking that a C program could be written to do what his scripts do in near real time, continuously, if desired. It is possible to get Cisco routers to dump netflow data records to a host. I modified a Cisco demonstration program called fdget.c to look at the netflow data records and search for illegimate default pointing or transit routing from unauthorized source AS's to unauthorized destination AS's. I have made this program available via anonymous ftp (not a URL) on venera.isi.edu in subdirectory mon. This directory is blind. You must know what files you wish to retrieve by exact name. The files of interest are: atack.c README.atack flowdata.h I hope that you find them useful. My thanks go to Cisco for letting me distribute this program even though most of the code was written by Cisco. So keep in mind any bugs are mine. Walt Prue Los Nettos USC/ISI