NETFLOW FOR ACCOUNTING,ANALYSIS AND ATTACK会计电算化， 分析解析攻击.pdf

《NETFLOW FOR ACCOUNTING,ANALYSIS AND ATTACK会计电算化， 分析解析攻击.pdf》由会员上传分享，免费在线阅读，更多相关内容在行业资料-天天文库。

1、NETFLOWFORACCOUNTING,ANALYSISANDATTACKNMS-20329728_05_2004_c2©2004CiscoSystems,Inc.Allrightsreserved.1Agenda•Introduction•Hardware•Versions•AccountingandAnalysis—MPLSEnvironment•AccountingandAnalysis—BGPandAutonomousSystems•AnalysisandAttack—MulticastOptions•Attack—SecurityFeatures

2、andApplications•Scaling—FeaturesandOptions•Export—Collector,NAMandPartners•EvolvingNetFlow—IPv6andDeploymentAcknowledgementBenoitClaiseNMS-20329728_05_2004_c2©2004CiscoSystems,Inc.Allrightsreserved.2AgendaIntroduction•WhatIsaFlow?•NetFlowPrinciples•NetFlowCache•Timers•NetFlowCLINMS

3、-20329728_05_2004_c2©2004CiscoSystems,Inc.Allrightsreserved.3NetFlowOrigination•DevelopedbyDarrenKerrandBarryBruinsatCiscoSystemsin1996USPatent6,243,667•ThevalueofinformationinthecachewasasecondarydiscoveryInitiallydesignedasaswitchingpath•NetFlowisnowtheprimarynetworkaccountingtec

4、hnologyintheindustry•AnswersquestionsregardingIPtraffic:who,what,where,when,andhowNMS-20329728_05_2004_c2©2004CiscoSystems,Inc.Allrightsreserved.4PrincipleNetFlowBenefitsServiceProviderEnterprise•Peeringarrangements•Internetaccessmonitoring(protocol•Networkplanningdistribution,wher

5、e•Trafficengineeringtrafficisgoing/coming)•Accountingandbilling•Usermonitoring•Securitymonitoring•Applicationmonitoring•Chargebackbillingfordepartments•SecuritymonitoringNMS-20329728_05_2004_c2©2004CiscoSystems,Inc.Allrightsreserved.5WhatIsaFlow?DefinedbySevenUniqueKeys:•SourceIPad

6、dress•DestinationIPaddress•Sourceport•Destinationport•Layer3protocoltype•TOSbyte(DSCP)•Inputlogicalinterface(ifIndex)ExportedDataNMS-20329728_05_2004_c2©2004CiscoSystems,Inc.Allrightsreserved.6NetFlowPrinciples•Inboundtrafficonly•Unidirectionalflow•Accountsforbothtransittrafficandt

7、rafficdestinedfortherouter•WorkswithCiscoExpressForwardingorfastswitchingNotaswitchingpath•SupportedonallinterfacesandCiscoIOS®Softwareplatforms•Returnsthesubinterfaceinformationintheflowrecords•CiscoCatalyst®6500SeriesandCisco7600SeriesenablesNetFlowonallinterfacesbydefaultNMS-203

8、29728_05_2004_c2©2004Cisco