Warren Harrop scite author profile

2005

Darknets are increasingly being proposed as a means by which network administrators can monitor for anomalous, externally sourced traffic. Current darknet designs require large, contiguous blocks of unused IP addresses -not always feasible for enterprise network operators. In this paper we introduce, define and evaluate the concept of a Greynet -a region of IP address space that is sparsely populated with 'darknet' addresses interspersed with active (or 'lit') IP addresses. We use raw traffic traces collected within a university network to evaluate how sparseness affects a greynet's effectiveness and hence show that enterprise operators can achieve useful levels of network scan detection, with only small numbers of 'dark' IP addresses making up their greynets.

Real-time collaborative network monitoring and control using 3D game engines for representation and interaction

2006

Identifying and reacting to malicious or anomalous IP traffic is a significant challenge for network operators. Automated real-time responses have been simplistic and require followup actions by technically specialised employees. We describe a system where off-the-shelf 3D game-engine technology enables collaborative network control through familiar 'interaction' metaphors by translating network events into visually-orthogonal 'activities'. Anomalous behaviour is targeted by the managers-as-players using in-game techniques, such as 'shooting' or 'healing', resulting in defensive actions (such as updates to a firewall's access control list) being instantiated behind the scenes.

Teaching IP networking fundamentals in resource constrained educational environments

2005

AJET

Many educational institutions suffer from a lack of funding to keep telecomm-unications laboratory classes up to date and flexible. This paper describes our Remote Unix Lab Environment (RULE), a solution for exposing students to the latest Internet based telecommunications software tools in a Unix like environment. RULE leverages existing PC laboratories (often based on Microsoft's Windows) to enable student access to Internet Protocol (IP) networked hosts for telecommunications coursework and research projects. Re-use of existing PC labs substantially decreases the cost of introducing hands on teaching of Unix based Internet services into curricula. We discuss our experiences of deploying, using and provisioning RULE since early 2003. RULE itself is a handful of FreeBSD hosts, mounted in a small back room, utilising FreeBSD's "jail" functionality to create multiple virtual hosts.

IPv4 and IPv6 Greynets

Baker¹,

Harrop²,

Armitage³

2010

Modifying first person shooter games to perform real time network monitoring and control tasks

2006

This paper describes how a first person shooter (FPS) game engine can be leveraged for monitoring and control of enterprise IP data networks. Network administration can then occur in the following manner: network events (such as port scans or packets hitting a darknet) are translated in real time to various changes in the 3D game world state. Network administrators, logged in as 'players', can then collaboratively detect anomalous network events using the visual and aural cues given by the game. Using the native interaction metaphors from within the game (such as shooting, using or healing) they can then instantiate network administration policy changes (such as network layer firewall rules) directly back onto the running network without the need for interactions with complicated command line interfaces. We explore the possibilities offered by modern 3D game engines to implement this scheme as a server-side 'mod'. Finally, we detail the modifications made to the open source game engine 'Cube' to allow both the visualisation of large amounts of live network data within a virtual environment and support interacting with this data to create network administration events.