• Aucun résultat trouvé

Firewall Log filter.

N/A
N/A
Info
Télécharger
Protected

Academic year: 2021

Partager "Firewall Log filter."

Copied!
30
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

Publisher’s version / Version de l'éditeur:

Vous avez des questions? Nous pouvons vous aider. Pour communiquer directement avec un auteur, consultez la première page de la revue dans laquelle son article a été publié afin de trouver ses coordonnées. Si vous n’arrivez pas à les repérer, communiquez avec nous à PublicationsArchive-ArchivesPublications@nrc-cnrc.gc.ca.

Questions? Contact the NRC Publications Archive team at

PublicationsArchive-ArchivesPublications@nrc-cnrc.gc.ca. If you wish to email the authors directly, please see the first page of the publication for their contact information.

https://publications-cnrc.canada.ca/fra/droits

L’accès à ce site Web et l’utilisation de son contenu sont assujettis aux conditions présentées dans le site LISEZ CES CONDITIONS ATTENTIVEMENT AVANT D’UTILISER CE SITE WEB.

Student Report; no. SR-2009-20, 2009-01-01

READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THIS WEBSITE.

https://nrc-publications.canada.ca/eng/copyright

NRC Publications Archive Record / Notice des Archives des publications du CNRC :

https://nrc-publications.canada.ca/eng/view/object/?id=a89e9e70-2196-474a-8292-8f8dae2f21d0 https://publications-cnrc.canada.ca/fra/voir/objet/?id=a89e9e70-2196-474a-8292-8f8dae2f21d0

NRC Publications Archive

Archives des publications du CNRC

For the publisher’s version, please access the DOI link below./ Pour consulter la version de l’éditeur, utilisez le lien DOI ci-dessous.

https://doi.org/10.4224/18253434

Access and use of this website and the material on it are subject to the Terms and Conditions set forth at

Firewall Log filter.

(2)

National Research Council Canada Institute for Ocean Technology Conseil national de recherches Canada Institut des technologies oc ´eaniques

SR-2009-20

Student Report

Firewall Log filter.

Jiang, P.

Jiang, P., 2009. Firewall Log filter. St. John's, NL : NRC Institute for Ocean Technology. Student Report, SR-2009-20

(3)

DOCUMENTATION PAGE

REPORT NUMBER

SR-2009-20

NRC REPORT NUMBER DATE

December 2009

REPORT SECURITY CLASSIFICATION

Unclassified

DISTRIBUTION

Unlimited

TITLE

FIREWALL LOG FILTER AUTHOR(S)

Peng Jiang

CORPORATE AUTHOR(S)/PERFORMING AGENCY(S)

National Research Council, Institute for Ocean Technology, St. John’s, NL

PUBLICATION

SPONSORING AGENCY(S)

IOT PROJECT NUMBER NRC FILE NUMBER

KEY WORDS

Firewalls, Networks, Security, Logs, OpenBSD, PF Filter PAGES 27, App. A-G FIGS. 4 TABLES SUMMARY

The need for Firewall Log Filter. In many cases, it is possible to detect patterns by browsing the log data but unfortunately it is also tedious. For example, a clever attack against a firewall cluster of an enterprise is scattered over all of its firewalls and executed slowly from several different IP addresses using all the possible protocols alternately. In such situation, we have to use the log filter to collect the correlated IP addresses. The typical size of the firewall log entries was more than 100,000 lines, which were collected during a period of a day. From these entries, with the frequency of equal or greater than 5,000 the FLF was able to identify the pattern and was able to generate a summary. When the frequency was lowered to 50, the FLF also has the ability to ignore generating summaries in order to save computation and analyzing time.

ADDRESS National Research Council

Institute for Ocean Technology Arctic Avenue, P. O. Box 12093 St. John's, NL A1B 3T5

(4)
(5)
(6)
(7)
(8)
(9)
(10)
(11)
(12)
(13)
(14)
(15)
(16)
(17)
(18)
(19)
(20)
(21)
(22)
(23)
(24)
(25)
(26)
(27)
(28)
(29)
(30)

Références

Télécharger maintenant ( PDF - 30 Page - 687.50 KB )

Documents relatifs

Annual Report 2009: Millimeter Wave Deep Drilling For Geothermal Energy, Natural Gas and Oil MITEI Seed Fund Program

Mechanical drilling technologies are fully mature. New approaches are needed to make future major advances in increasing access to and reducing costs for underground energy

A chromaticity analysis and PSF subtraction techniques for SCExAO/CHARIS data

(c) and (d): The 15th most correlated selectable reference image at all separations and for two input spectral types (c) at a single wavelength as a function of time and (d) at a

Preharvest hormetic doses of UV-C radiation can decrease susceptibility of lettuce to Botrytis

Hilariòn Vàsquez, Jawad Aarrouf, Laurent Urban, Yves Lizzi, Marine Forges, Chayma Ouhibi, Nassera Azzouz, Marc Bardin, Philippe

Supplementation with sterols improves food quality of a ciliate for Daphnia magna.

Tetrahymanol and diplopterol content of Colpidium campylum grown on bacteria (bar labeled with C. campylum), bacteria and unsupplemented albumin beads, or bacteria and albumin

Pourquoi faudrait-il lutter contre le gaspillage alimentaire ?

moins que les pauvres mangeront plus ou mieux. Donner des invendus alimentaires aux pauvres est un acte très dégradant pour les "bénéficiaires". C’est un acte dans lequel

Search for a Standard Model Higgs boson in the H -> ZZ -> llnunu decay channel using 4.7 fb-1 of sqrt(s) = 7 TeV data with the ATLAS detector

Stepanov Institute of Physics, National Academy of Sciences of Belarus, Minsk, Republic of Belarus 91 National Scientific and Educational Centre for Particle and High Energy

Applications of plasma density measurements to spacecraft radio tracking

relativity experiment, which is most sensitive to delay range measurements taken near superior conjunction. The Viking Orbiters have the ability to retransmit a

Recalcitrance of gas hydrate crystals formed in the presence of kinetic hydrate inhibitors

The impact of heating rate on dissociation tem- perature of methane hydrate and mixture of methane/propane hydrate in the presence of PVCap was previously investigated ( Gulbrandsen