Add Andre's passive libpcap network anomoly monitoring summer of code idea.
This commit is contained in:
Murray Stokely
parent
de760516a1
commit
7614a32aa3
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/www/; revision=31670
1 changed files with 28 additions and 4 deletions
|
|
@ -15,7 +15,7 @@ Ideas//EN"
|
|||
<ideas>
|
||||
<cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0">
|
||||
<cvs:keyword name="freebsd">
|
||||
$FreeBSD: www/en/projects/ideas/ideas.xml,v 1.38 2008/03/14 15:46:16 rwatson Exp $
|
||||
$FreeBSD: www/en/projects/ideas/ideas.xml,v 1.39 2008/03/14 15:48:46 rwatson Exp $
|
||||
</cvs:keyword>
|
||||
</cvs:keywords>
|
||||
|
||||
|
|
@ -843,9 +843,10 @@ href="http://info.iet.unipi.it/~luigi/FreeBSD/linux_bsd_kld.html">here</a>.</p>
|
|||
<p><strong>Technical contact</strong>: <a
|
||||
href="mailto:rwatson@FreeBSD.org">Robert Watson</a>, <a
|
||||
href="mailto:gnn@FreeBSD.org">George V. Neville-Neil</a></p>
|
||||
<p>Design and implement a wire level regression test suite to exercise various
|
||||
states in the TCP/IP protocol suite. Ideally with both IPv4 and IPv6
|
||||
support.</p>
|
||||
|
||||
<p>Design and implement a wire level regression test suite to exercise
|
||||
various states in the TCP/IP protocol suite. Ideally with both IPv4
|
||||
and IPv6 support.</p>
|
||||
<p><strong>Requirements</strong>:</p>
|
||||
<ul>
|
||||
<li>Strong TCP/IP knowledge.</li>
|
||||
|
|
@ -853,6 +854,29 @@ href="http://info.iet.unipi.it/~luigi/FreeBSD/linux_bsd_kld.html">here</a>.</p>
|
|||
</desc>
|
||||
</idea>
|
||||
|
||||
<idea class="soc" id="passivelibpcapdetector">
|
||||
<title>Passive libpcap based TCP session anomaly detector</title>
|
||||
|
||||
<desc>
|
||||
<p><strong>Technical contact</strong>: <a href="mailto:andre@FreeBSD.org">Andre Opperman</a>.</p>
|
||||
|
||||
<p>Listens on an interface and tracks all TCP sessions it sees. In the
|
||||
normal case only general information is carried forward (seq#/ack#,
|
||||
negotiated SYN/ACK features, etc). Whenever an anomaly happens -
|
||||
that is a duplicate ACK, SACK response, out-of-order segment,
|
||||
retransmission or others; it captures those packets into a tcpdump
|
||||
file for later deep inspection with Wireshark or other tools. This
|
||||
tool is to be deployed on live hosts and passive monitors to collect
|
||||
reliable condensed data about real-world behavior of TCP on the
|
||||
global Internet. Currently no such quantitative data exist and
|
||||
contribution of such a tool that can be easily run is a significant
|
||||
step in helping further development of TCP algorithms.</p>
|
||||
|
||||
<p><strong>Difficulty</strong>: Medium, good familiarity with the TCP RFCs is
|
||||
necessary and detection of many edge cases has to be implemented correctly.</p>
|
||||
</desc>
|
||||
</idea>
|
||||
|
||||
<idea id="wi">
|
||||
<title>Update wi</title>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue