glFlow 0.1.4

Date Added: February 03, 2010 | Visits: 933

Report Broken Link
Printer Friendly Version

Product Homepage
Download (101 downloads)

glFlow is a (D)DoS logger written with speed in mind. glFlow detects attacks on high speed links through real-time flow aggregation and analysis. What do I run it on ? It was written on FreeBSD and tested on both FreeBSD and Linux. It should work on any OS to which libpcap and OpenSSL were ported. The rest of the code is perfectly portable. How does it work ? Cisco Systems have defined the flow as a four value tuplet: {srcaddr, srcport, dstaddr, dstport}. The format evolved over time. The complete structures for various NetFlow versions are available on Ciscos site. Now, lets assume that the attacker floods the victim with packets that keep the same characteristics throughout the duration of the attack. No source spoof, no source port increments or randomizations. That would lead to a very large packet rate inside that flow. glFlow calculates the average packet rate in every flow and raises an alarm signal if the threshold is hit. What about spoofed attacks ? How are they detected ? Simple. glFlow keeps a history for every destination host that it sees. When a new flow is created, the flow counter for that host is incremented. The average number of newly created flows corresponding to a specific host in a specific amount of time is calculated, and, as above, an alarm is raised if the threshold is hit. To prevent attacks that dont hit any of the above thresholds, theres a new one starting with v0.1, measuring the packet rate for a destination. Cant other tools, like SNORT, do this ? We sincereley believe not. Remember, glFlow was written with high speeds in mind. Weve been using it at over 500Mbps. At that speed, with an ordinary x86 machine, even with a strong motherboard/NIC combination, you cant do anything fancy. glFlow was specifically designed for detecting large floods in real time, or at least something close to that. How is it that its so fast ? Well, Andrei did a great job implementing a very fast binary tree. That allowed us to drop the threaded model and choose a single loop design. The new results were stunning. The tests were made on a P4 Xeon/3 GHz, with an Intel GigE NIC. The average traffic rate was about 500Mbps, with an average packet rate of 100kpps. That lead to about 200k active flows. glFlow managed to clean the inactive ones in less than 0.3 seconds. There was no alarm raised after more than 5 seconds of flooding. glFlow ate ~50% of the CPU, while consuming about 40MB of system memory. How do I install and run it ? Run ./configure --help. Youll see two adjustable knobs: --with-hash and --enable-debug. The first one permits you to switch between MD4 and MD5 summing of the flow and host structures kept in the memory. The second lets you run glflow in the foreground, printing some statistics on stdout. The thresholds are harcoded in defs.h. You shouldnt have any trouble tweaking them. However, weve observed that the best results are obtained when using the same values for flow lifetime and the time between flow cleanups. And they shouldnt be much over 20. The smaller the tree is, the faster it will be cleaned. Finally, edit your /etc/syslog.conf and write something like this: "local6.*< tabs >/var/log/something". Restart sys[k]logd afterwards. Fire glFlow up, like this: "./glFlow < interface > < bpf filter >" and watch /var/log/something for changes. You may play with nmap or some DoS programs to test it. The IPs in the syslog will be shown as integers rather than in dotted notation. We decided to leave this job to the log analyzer. Can it go even faster ? Sure. There are a few methods which permit you to improve the packet capture. For more info read Luca Deris paper: http://luca.ntop.org/Ring.pdf Whats New in This Release: - This is a bugfix release.. SourceForge presents the glFlow project. glFlow is an open source application. SourceForge provides the world's largest selection of Open Source Software. glFlow is a robust, fast, portable, pcap-centric (D)DoS detection tool.

Requirements: No special requirements

Platforms: Linux

Keyword: Dos, Flow, Glflow, Monitoring, Packet, Rate, Speed, Speed In, System, Written

Users rating: 0/10

License: Freeware

Size: 102.4 KB

USER REVIEWS

More Reviews or Write Review

GLFLOW RELATED

Development Tools - Sound Speed in Fresh Water 1.0 Calculates sound speed in fresh (distilled) water as function of temperature (Celsius) using six-term Marczak equation. See "salt_water_c.m" for sea water speed calculations	10 KB
Development Tools - Sound Speed in Sea Water 1.0 Sound speed in sea water as function of depth, temperature and salinity using nine-term Mackenzie equation	10 KB
Remote Computing Tools - Speed Test 1.0.736 The Ultimate Speed Test: - Speed Test (Actual Maximum speed) - Monitor Upload/Download transfer - Ping Testing - Website Downtime/Error monitoring - Website response time, connection time and bandwidth - QOS - WIFI Signal strength - LAN/WAN/Home...	4.91 MB
Development Tools - Speed Control of a DC Motor 1.0 The goal of this assignment was to develop a Speed control system for a DC motor. Various control methods were to be employed, both open loop and closed loop. All control methodologies are implemented using MATLAB GUI. The important feature of the...	20.48 KB
Network Monitors - PRTG Network Monitor 16.4.27 An advanced, easy-to-use monitoring solution for your entire network. The software's features include: up/downtime monitoring, traffic and usage monitoring, packet sniffing, failover clustering, in-depth analysis and concise reporting. A...	179.77 MB
File Cataloguers - WinMend File Copy 1.3.7 WinMend File Copy is a free and excellent batch file copy tool. Based on extensive testing, and by constantly maximizing the potential of the operating system, WinMend File Copy developed a unique key technique that makes up for the inadequacy of...	2.1 MB
Multimedia & Graphics - iSpin 1.0.0.0 iSpin is a useful application that will enable you to calculate the speed in RPM and the force in Gs. All you need to do is provide the rotor radius in millimeters. for WindowsAll
Remote Computing Tools - DownTester 1.28 DownTester allows you to easily test your Internet download speed in multiple locations around the world. It automatically test the download speed of the URLs that you choose, one after another. It moves to the next download URL after the...	61.44 KB
Network & Internet - WiSpy 1.0 WiSpy is a tiny app that does nothing more than display your current AirPort link speed in megabits per second in the menu bar. This is useful to determine where at your location you get the fastest reception for local file transfers, or where...	235.52 KB
Registry Tools - AKick PC Booster 1.3 Akick PC Booster is a software that can speed up your slowed-down computer, boost up the internet speed, and improve its overall performance. With its new improved features, the software brings a complete overhaul in Windows speed optimization,...	4.14 MB

NEW DOWNLOADS IN LINUX SOFTWARE, UTILITIES

Linux Software - EasyEDA PCB Designer for Linux 2.0.0 EasyEDA, a great web based EDA(Electronics Design Automation) tool, online PCB tool, online PCB software for electronics engineers, educators, students, makers and enthusiasts. Theres no need to install any software. Just open EasyEDA in any...	34.4 MB
Linux Software - wpCache® WordPress HTTP Cache 1.9 wpCacheÂ® is a high-performance, distributed object, caching system application, generic in nature, but intended for use in speeding up dynamic web applications, by decreasing database load time. wpCacheÂ® decreases dramatically the page...	3.51 MB
Linux Software - Polling Autodialer Software 3.4 ICTBroadcast Auto Dialer software has a survey campaign for telephone surveys and polls. This auto dialer software automatically dials a list of numbers and asks them a set of questions that they can respond to, by using their telephone keypad....	488 B
Linux Software - Total Video Converter Mac Free 3.5.5 Total Video Converter Mac Free developed by EffectMatrix Ltd is the official legal version of Total Video Converter which was a globally recognized brand since 2006. Total Video Converter Mac Free is a free but powerful all-in-one video...	17.7 MB
Linux Software - Skeith mod_log_sql Analyzer 2.10beta2 Skeith is a php based front end for analyzing logs for Apache using mod_log_sql.	47.5 KB
Utilities - Nessconnect 1.0.2 Nessconnect is a GUI, CLI and API client for Nessus and Nessus compatible servers. With an improved user interface, it provides local session management, scan templates, report generation through XSLT, charts and graphs, and vulnerability trending.	819.2 KB
Utilities - Dynamic Power Management 2.6.16 The Dynamic Power Management (DPM) project explores technologies to improve power conservation capabilities of platforms based on open source software. Of particular interest are techniques applicable to running systems, adjusting power parameters...	30.72 KB
Utilities - Ethernet bridge tables 2.4.37.9 Ethernet bridge tables - Linux Ethernet filter for the Linux bridge. The 2.4-ebtables-brnf package contains the ebtables+bridge-nf patch. Be sure to check out the ebtables hp. This site also contains the arptables userspace tool.	40.96 KB
Utilities - SaraB 1.0.0 SaraB works with DAR (Disk ARchive) to schedule and rotate backups on random-access media (i.e. hard drives, CDs, DVDs, Zip, etc. Basically anything except magnetic tapes.) This reduces hassle for the administrator by providing an automatic backup...	20.48 KB
Utilities - Command Not Found 0.2.41 Command Not Found is a program that uses a cache of existing programs and their associated packages to aid users in their day-to-day command-line work. Usage: command-not-found [options] Options: ...	30.72 KB

Windows Software	BeOS Software
Macintosh Software	Linux Software
PDA Software	OS/2 Software
Mobile Software	Scripts