D4
/
architecture
mirror of https://github.com/D4-project/architecture
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:D4-project/architecture

master
Gerard Wagener 2019-03-29 09:53:37 +01:00
parent c11ea38cbf 7cad8f82a6
commit 60f92958b3
35 changed files with 1579 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
*.aux
*.log
*.nav
*.out
*.snm
*.toc
*.swp

71
docs/support_tools/ipasn_bgpanking/beamercolorthemefocus.sty Normal file
View File

@ -0,0 +1,71 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
% DEFINE COLORS. ---------------------------------------------------------------
\definecolor{main}{RGB}{64, 64, 64}
\definecolor{background}{RGB}{239, 239, 239}
\definecolor{alert}{RGB}{180, 0, 0}
\definecolor{example}{RGB}{0, 110, 0}
% SET COLORS. ------------------------------------------------------------------
\setbeamercolor{normal text}{fg=textcolor, bg=background}
\setbeamercolor{alerted text}{fg=alert}
\setbeamercolor{example text}{fg=example}
\setbeamercolor{titlelike}{fg=background, bg=main}
\setbeamercolor{frametitle}{parent={titlelike}}
\setbeamercolor{footline}{fg=background, bg=main}
\setbeamercolor{block title}{bg=main!80!background, fg=background}
\setbeamercolor{block body}{bg=main!10!background, fg=main}
\setbeamercolor{block title alerted}{bg=alert, fg=background}
\setbeamercolor{block body alerted}{bg=alert!10!background, fg=main}
\setbeamercolor{block title example}{bg=example, fg=background}
\setbeamercolor{block body example}{bg=example!10!background, fg=main}
\setbeamercolor{itemize item}{fg=main}
\setbeamercolor{itemize subitem}{fg=main}
\setbeamercolor{enumerate item}{fg=main!70!black}
\setbeamercolor{enumerate subitem}{fg=main!70!black}
\setbeamercolor{description item}{fg=main!70!black}
\setbeamercolor{description subitem}{fg=main!70!black}
\setbeamercolor{caption name}{fg=textcolor}
\setbeamercolor{section in toc}{fg=textcolor}
\setbeamercolor{subsection in toc}{fg=textcolor}
\setbeamercolor{section number projected}{bg=textcolor}
\setbeamercolor{subsection number projected}{bg=textcolor}
\setbeamercolor{bibliography item}{fg=main}
\setbeamercolor{bibliography entry author}{fg=main!70!black}
\setbeamercolor{bibliography entry title}{fg=main}
\setbeamercolor{bibliography entry location}{fg=main}
\setbeamercolor{bibliography entry note}{fg=main}
\mode<all>

47
docs/support_tools/ipasn_bgpanking/beamerfontthemefocus.sty Normal file
View File

@ -0,0 +1,47 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
% SET FONTS. -------------------------------------------------------------------
\setbeamerfont{title}{size=\huge, shape=\bfseries}
\setbeamerfont{subtitle}{size=\Large, parent=structure}
\setbeamerfont{author}{size=\scriptsize}
\setbeamerfont{institute}{size=\normalsize}
\setbeamerfont{date}{size=\scriptsize}
\setbeamerfont{sectiontitle}{size=\huge, series=\scshape\bfseries}
\setbeamerfont{frametitle}{size=\Large, shape=\scshape}
\setbeamerfont{footline}{size=\scriptsize}
\setbeamerfont{focusframe}{size=\huge, shape=\scshape}
\setbeamerfont{description item}{shape=\bfseries}
\setbeamerfont{caption name}{shape=\bfseries}
\setbeamerfont{bibliography item}{size=\small, shape=\scshape}
\setbeamerfont{bibliography entry author}{size=\small, shape=\scshape}
\setbeamerfont{bibliography entry title}{size=\small, series=\scshape\bfseries}
\setbeamerfont{bibliography entry location}{size=\small, shape=\scshape\normalfont}
\setbeamerfont{bibliography entry note}{size=\small, shape=\scshape\normalfont}
\mode<all>

117
docs/support_tools/ipasn_bgpanking/beamerinnerthemefocus.sty Normal file
View File

@ -0,0 +1,117 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
\RequirePackage{tikz}
% CUSTOMIZE STRUCTURE ELEMENTS. ------------------------------------------------
\setbeamertemplate{blocks}[default]
\setbeamertemplate{section in toc}[square]
\setbeamertemplate{subsection in toc}[square]
\setbeamertemplate{itemize items}[square]
\setbeamertemplate{itemize subitem}[triangle]
% STRUCTURE FRAME TEMPLATE DEFINITIONS. ----------------------------------------
% Title page.
\defbeamertemplate*{title page}{focus}{%
{\usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
\begin{tikzpicture}[overlay, remember picture]
\fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
\end{tikzpicture}}
\vspace{-1.65\baselineskip}
\begin{minipage}[b][0.35\paperheight]{\textwidth}
\vspace{\baselineskip}
\usebeamerfont{title}
\usebeamercolor[fg]{frametitle}
\inserttitle
\end{minipage}
\begin{minipage}[t][0.1\paperheight]{\textwidth}
\usebeamerfont{subtitle}
\usebeamercolor[fg]{frametitle}
\insertsubtitle
\end{minipage}
% Set the title graphic in a zero-height box, so that
% the position of other elements is not affected.
{\vfuzz=9999pt\vbox to 0pt {
\raggedleft
\inserttitlegraphic
}}
\vspace*{\baselineskip}
\begin{minipage}[t]{\textwidth}
\usebeamerfont{institute}
\insertinstitute
\end{minipage}
\vspace*{\baselineskip}
\begin{minipage}[t]{\textwidth}
\usebeamerfont{date}{\insertdate}
\end{minipage}
\vspace*{\baselineskip}
\vspace*{\baselineskip}
\vspace*{\baselineskip}
\vspace*{\baselineskip}
\begin{minipage}[t]{\textwidth}
\usebeamerfont{author}
\insertauthor
\end{minipage}
\vspace*{5\baselineskip}
\addtocounter{framenumber}{-1}
}
% Section page.
\defbeamertemplate*{section page}{focus}{%
{%
\usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
\begin{tikzpicture}[overlay, remember picture]
\fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
\end{tikzpicture}%
}
\vspace{-2\baselineskip}
\begin{minipage}[b][0.45\paperheight]{\textwidth}
\usebeamerfont{sectiontitle}
\usebeamercolor[fg]{frametitle}
\let\hyperlink\@secondoftwo\insertsection
\end{minipage}
\begin{minipage}[t][0.55\paperheight]{\textwidth}
\end{minipage}
}
\AtBeginSection{%
\begin{frame}[plain, noframenumbering]{}
\sectionpage
\end{frame}%
}
\mode<all>

255
docs/support_tools/ipasn_bgpanking/beamerouterthemefocus.sty Normal file
View File

@ -0,0 +1,255 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
\RequirePackage{appendixnumberbeamer}% Don't number appendix frames.
\RequirePackage{etoolbox}% \BeforeBeginEnvironment
\RequirePackage{tikz}
% FRAMETITLE TEMPLATES. --------------------------------------------------------
\defbeamertemplate*{frametitle}{focus}{%
% If not title page.
\ifnum\value{framenumber}>0%
\vspace{-1pt}%
\begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm]{frametitle}%
\strut\insertframetitle\strut%
\end{beamercolorbox}%
\fi%
}
% Plain header.
\defbeamertemplate{frametitle}{plain}{%
% If not title page.
\ifnum\value{framenumber}>0%
\vspace{-1pt}%
\begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm,ignorebg]{frametitle}%
\strut%
\end{beamercolorbox}%
\fi%
}
% FOOTLINE TEMPLATES. ----------------------------------------------------------
% Lenghts for the progress bar footline.
\newlength{\focus@pbar@height}% Progress bar height.
\newlength{\focus@pbar@leftoffset}
\newlength{\focus@pbar@rightoffset}
\defbeamertemplate*{footline}{progressbar}{%
% If not appendix.
\ifnum\mainend<0% From package appendixnumberbeamer.
%
\settowidth{\focus@pbar@leftoffset}{1}%
\addtolength{\focus@pbar@leftoffset}{1.5em}%
%
\settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
\addtolength{\focus@pbar@rightoffset}{1.5em}%
%
% If not title page.
\ifnum\c@framenumber>0%
\ifnum\c@framenumber<\inserttotalframenumber%
\begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]\usebeamerfont{footline}
\pgfmathsetmacro{\focus@pbar@progress}%
{(\paperwidth-\focus@pbar@leftoffset-\focus@pbar@rightoffset)*(\insertframenumber/\inserttotalframenumber)}
\clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\fill[footline.bg] (0,0) rectangle ++(\the\focus@pbar@leftoffset,\the\focus@pbar@height);
\fill[footline.bg] (\the\focus@pbar@leftoffset,0) rectangle ++(\focus@pbar@progress pt,\the\focus@pbar@height)
++(0,{-0.5*\the\focus@pbar@height}) node[anchor=east, text=footline.fg] {\strut\insertframenumber};
\fill[footline.bg] (\paperwidth,0) rectangle ++(-\the\focus@pbar@rightoffset,\the\focus@pbar@height)
++(0,{-0.5*\the\focus@pbar@height}) node[anchor=west, text=footline.fg] {\strut\inserttotalframenumber};
\end{tikzpicture}%
\else%
\begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
\clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
\node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
\node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
\end{tikzpicture}%
\fi%
\fi%
\fi%
}
% Full bar footline.
\defbeamertemplate{footline}{fullbar}{%
% If not appendix.
\ifnum\mainend<0% From package appendixnumberbeamer.
%
\settowidth{\focus@pbar@leftoffset}{1}%
\addtolength{\focus@pbar@leftoffset}{1.5em}%
%
\settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
\addtolength{\focus@pbar@rightoffset}{1.5em}%
%
% If not title page.
\ifnum\c@framenumber>0%
\begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
\clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
\node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
\node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
\end{tikzpicture}%
\fi%
\fi%
}
% Empty footline.
\defbeamertemplate{footline}{none}{}
\DeclareOptionBeamer{numbering}{\def\beamer@focus@numbering{#1}}
\ExecuteOptionsBeamer{numbering=progressbar}
\ProcessOptionsBeamer
\def\beamer@focus@numberingprogressbar{progressbar}
\def\beamer@focus@numberingfullbar{fullbar}
\def\beamer@focus@numberingnone{none}
% BACKGROUND CANVAS TEMPLATES. -------------------------------------------------
\defbeamertemplate*{background canvas}{focus}{%
\begin{tikzpicture}
\clip (0,0) rectangle ++(\paperwidth,\paperheight);
\fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
\end{tikzpicture}%
}
\defbeamertemplate{background canvas}{focusplain}{%
\begin{tikzpicture}
\clip (0,0) rectangle ++(\paperwidth,\paperheight);
\fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
\end{tikzpicture}%
}
\defbeamertemplate{background canvas}{focusframe}{%
\begin{tikzpicture}
\clip (0,0) rectangle ++(\paperwidth,\paperheight);
\fill[frametitle.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
\end{tikzpicture}%
}
% HOOKS FOR CREATING FRAMES. ---------------------------------------------------
\BeforeBeginEnvironment{frame}{%
\setbeamertemplate{background canvas}[focus]%
\setbeamertemplate{frametitle}[focus]%
%
% Reset footline height and determine it for the current slide.
\setlength{\focus@pbar@height}{0cm}%
\focus@calculatefootheight%
%
% If not appendix.
\ifnum\mainend<0 % From package appendixnumberbeamer.
\settoheight{\focus@pbar@height}{\usebeamerfont{footline}1234567890/}%
\addtolength{\focus@pbar@height}{6pt}%
%
\ifx\beamer@focus@numbering\beamer@focus@numberingprogressbar%
\setbeamertemplate{footline}[progressbar]%
\else%
\ifx\beamer@focus@numbering\beamer@focus@numberingfullbar%
\setbeamertemplate{footline}[fullbar]%
\fi%
\fi%
%
\focus@calculatefootheight%
\fi%
}
% Enable noframenumbering option.
\define@key{beamerframe}{noframenumbering}[true]{%
\setbeamertemplate{footline}[none]%
\setlength{\focus@pbar@height}{0cm}%
\focus@calculatefootheight%
%
\addtocounter{framenumber}{-1}%
}
% Enable plain option.
\define@key{beamerframe}{plain}[true]{%
\setbeamertemplate{background canvas}[focusplain]%
\setbeamertemplate{frametitle}[plain]%
%
\setbeamertemplate{footline}[none]%
}
% Full vertical centering
% (from https://tex.stackexchange.com/questions/247826/beamer-full-vertical-centering).
\define@key{beamerframe}{c}[true]{%
\beamer@frametopskip=0pt plus 1fill\relax%
\beamer@framebottomskip=0pt plus 1fill\relax%
\beamer@frametopskipautobreak=0pt plus 0.4\paperheight\relax%
\beamer@framebottomskipautobreak=0pt plus 0.6\paperheight\relax%
\def\beamer@initfirstlineunskip{}%
}
% Enable focus option.
\providebool{focus@standout}
\define@key{beamerframe}{focus}[true]{%
\booltrue{focus@standout}%
\begingroup%
\setkeys{beamerframe}{noframenumbering}%
\setbeamertemplate{background canvas}[focusframe]%
\setbeamertemplate{frametitle}[plain]%
%
\setkeys{beamerframe}{c}%
\centering%
\usebeamerfont{focusframe}%
\usebeamercolor[fg]{frametitle}%
}
\apptocmd{\beamer@reseteecodes}
{%
\ifbool{focus@standout}%
{%
\endgroup%
\boolfalse{focus@standout}%
}{}%
}{}{}
% Recalculate the footline's size and refresh other parameters.
% Partially copied from the definition of \beamer@calculateheadfoot.
\def\focus@calculatefootheight{%
\footheight=\focus@pbar@height%
\advance\footheight by 4pt%
\sidebarheight=\paperheight%
\advance\sidebarheight by-\headheight%
\advance\sidebarheight by\headdp%
\advance\sidebarheight by-\footheight%
\advance\sidebarheight by 4pt%
\footskip=\footheight%
\textheight=\paperheight%
\advance\textheight by-\footheight%
\advance\textheight by-\headheight%
\@colht\textheight%
\@colroom\textheight%
\vsize\textheight%
}
\mode<all>

60
docs/support_tools/ipasn_bgpanking/beamerthemefocus.sty Normal file
View File

@ -0,0 +1,60 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\NeedsTeXFormat{LaTeX2e}
\ProvidesPackage{beamerthemefocus}[2018/08/09 v2.2 Focus Beamer theme]
\mode<presentation>
% THEME OPTIONS. ---------------------------------------------------------------
\DeclareOptionBeamer{numbering}{%
\PassOptionsToPackage{numbering=#1}{beamerouterthemefocus}
}
\newif\if@focus@loadfirafonts
\@focus@loadfirafontstrue
\DeclareOptionBeamer{nofirafonts}{\@focus@loadfirafontsfalse}
\ProcessOptionsBeamer
% LOAD EXTERNAL PACKAGES. ------------------------------------------------------
\if@focus@loadfirafonts
\RequirePackage[T1]{fontenc}
\PassOptionsToPackage{type1}{FiraSans}
\PassOptionsToPackage{type1}{FiraMono}
\RequirePackage{FiraSans}
\RequirePackage{FiraMono}
\fi
\usecolortheme{focus}
\usefonttheme{focus}
\useinnertheme{focus}
\useoutertheme{focus}
\setbeamertemplate{navigation symbols}{}
% SET MARGINS. -----------------------------------------------------------------
\setbeamersize{text margin left=0.75cm, text margin right=0.75cm}
\setlength{\leftmargini}{0.75cm}
\mode<all>

BIN
docs/support_tools/ipasn_bgpanking/d4-logo.pdf Normal file
View File

Binary file not shown.

BIN
docs/support_tools/ipasn_bgpanking/ipasn_bgpranking.pdf Normal file
View File

Binary file not shown.

138
docs/support_tools/ipasn_bgpanking/ipasn_bgpranking.tex Normal file
View File

@ -0,0 +1,138 @@
% Full instructions available at:
% https://github.com/elauksap/focus-beamertheme
\documentclass{beamer}
\usetheme[numbering=progressbar]{focus}
\usepackage{tikz}
\usetikzlibrary{positioning}
\usetikzlibrary{shapes,arrows}
\usepackage{transparent}
\usepackage{fancyvrb}
\usepackage{listings}
\usepackage[utf8]{inputenc}
\definecolor{main}{RGB}{47, 161, 219}
%\definecolor{textcolor}{RGB}{128, 128, 128}
\definecolor{background}{RGB}{240, 247, 255}
\definecolor{textcolor}{RGB}{85, 87, 83}
\title{D4 Project}
\subtitle{IPASN History and BGPRanking}
\author{Raphaël Vinot}
\titlegraphic{\includegraphics[scale=0.20]{d4-logo.pdf}}
\institute{Team CIRCL \\ \url{https://www.d4-project.org/}}
\date{20190328}
\begin{document}
\begin{frame}
\maketitle
\end{frame}
\begin{frame}
\frametitle{IPASN History - Problem statement}
\begin{itemize}
\item Rapidly figuring out the owner of a specific IP address is a common problem
\item Resolving that relationship for a massive amount of IP addresses at scale is a medium hard problem
\item Doing so for a specific day in the past is somewhat more difficult
\item Comparing the resolution across sources is pretty painful
\item Doing all that together is pretty much a pain
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{IPASN History - Objective}
\begin{itemize}
\item Fast, scalable, flexible framework to load multiple data sources of BGP announcements
\item Flexible configuration of the size of the history to keep in memory
\item Fire and forget model
\item Simple REST API
\item Even simpler Python client and API
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{IPASN History - (short) History}
\begin{itemize}
\item D4 Project (co-funded under INEA CEF EU program) started - 1st November 2018
\item A PoC of IPASN History was initially developed in 2012-2013 and only supported IPv4
\item Was used in production for BGP Ranking over many years
\item The current version was released initially in November 2018 after a complete rewrite
\item The support of multiple data source was added in March 2019
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{IPASN History - Current status}
\begin{itemize}
\item Supports Caida and RIPE as data sources
\item Supports requests for IPv4 and IPv6
\item Python3 module
\item Simple REST API
\item Used in production in the new version of BGP Ranking
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{BGP Ranking - Problem statement}
\begin{itemize}
\item There are 10th of thousands of actors on the internet owning IP Addresses
\item Many of them own a very small amount of IP addresses (/24)
\item They change name, purposes and owner relatively often
\item Their security practises are poor, if they ever exist
\item They are plain malicious and have no legitimate purpose
\item One way to find these malicious providers is to map them to lists of known malicious IPs
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{BGP Ranking - Objective}
\begin{itemize}
\item Daily ranking of internet providers by maliciousness
\item History of said rankings over a long period of time
\item Fire and forget model
\item Simple REST API
\item Even simpler Python client and API
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{BGP Ranking - (short) History}
\begin{itemize}
\item D4 Project (co-funded under INEA CEF EU program) started - 1st November 2018
\item A PoC of BGP Ranking was initially developed in the early 2010s and only supported IPv4
\item The current version was released initially in November 2018 after a complete rewrite
\item The integration with IPASN HIstory was finalized in February 2019
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{IPASN History - Current status}
\begin{itemize}
\item The public instance automatically loads a couple dozen of publicly available lists of known malicious IPs
\item Supports the ShadowServer data (requires an account from Shadow Server)
\item Supports IPv4 and IPv6 lists
\item Python3 module
\item Simple REST API
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{IPASN History \& BGP Ranking}
\begin{itemize}
\item IPASN History source code: \url{https://github.com/D4-project/IPASN-History}
\item IPASN History Query interface over BGP Ranking: \url{https://bgpranking-ng.circl.lu/ipasn}
\item BGP Ranking source code: \url{https://github.com/D4-project/BGP-Ranking}
\item BGP Ranking interface: \url{https://bgpranking-ng.circl.lu/}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Get in touch if you want to join the project, host a sensor or contribute}
\begin{itemize}
\item Collaboration can include research partnership, sharing of collected streams or improving the software.
\item Contact: info@circl.lu
\item \url{https://github.com/D4-Project} - \url{https://twitter.com/d4_project}
\end{itemize}
\end{frame}
\end{document}

9
docs/workshop/0-introduction/d4-introduction.tex
View File

@ -63,7 +63,7 @@
\begin{frame} \begin{frame}
\frametitle{D4 Overview} \frametitle{D4 Overview}
\includegraphics[scale=0.38]{d4-overview.pdf} \includegraphics[scale=0.38]{../../diagram/d4-overview.png}
\end{frame} \end{frame}
\begin{frame} \begin{frame}
@ -175,7 +175,7 @@ After the stream is processed depending of the type using dedicated worker.
\begin{frame} \begin{frame}
\frametitle{D4 server - type 254 worker handler} \frametitle{D4 server - type 254 worker handler}
\begin{itemize} \begin{itemize}
\item Worker 2 \item Worker custom type (called Worker 2)
\begin{itemize} \begin{itemize}
\item Get type 2 data from a stream \item Get type 2 data from a stream
\item Reconstruct Json \item Reconstruct Json
@ -189,6 +189,11 @@ After the stream is processed depending of the type using dedicated worker.
\end{itemize} \end{itemize}
\end{frame} \end{frame}
\begin{frame}
\frametitle{D4 server - type 254 - implementation}
\includegraphics[scale=0.3]{d4-worker-2.png}
\end{frame}
\begin{frame} \begin{frame}
\frametitle{D4 server - management interface} \frametitle{D4 server - management interface}
The D4 server provides a web interface to manage D4 sensors, sessions and analyzer. The D4 server provides a web interface to manage D4 sensors, sessions and analyzer.

BIN
docs/workshop/0-introduction/d4-worker-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 146 KiB

91
docs/workshop/2-passive-ssl/d4-passivessl.tex
View File

@ -9,6 +9,7 @@
\usepackage{transparent} \usepackage{transparent}
\usepackage{fancyvrb} \usepackage{fancyvrb}
\usepackage{listings} \usepackage{listings}
\usepackage{csquotes}
\definecolor{main}{RGB}{47, 161, 219} \definecolor{main}{RGB}{47, 161, 219}
%\definecolor{textcolor}{RGB}{128, 128, 128} %\definecolor{textcolor}{RGB}{128, 128, 128}
\definecolor{background}{RGB}{240, 247, 255} \definecolor{background}{RGB}{240, 247, 255}
@ -36,11 +37,12 @@
\frametitle{A passive SSL fingerprinter} \frametitle{A passive SSL fingerprinter}
CSIRT's rationale for collecting TLS handshakes: CSIRT's rationale for collecting TLS handshakes:
\begin{itemize} \begin{itemize}
\item Pivot on additional data points \item pivot on additional data points,
\item Find owners of IP addresses \item find owners of IP addresses,
\item Detect usage of CIDR blocks \item detect usage of CIDR blocks,
\item Detect vulnerable systems \item detect vulnerable systems,
\item Detect compromised services \item detect compromised services,
\item detect Key material reuse.
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -49,21 +51,26 @@
History of links between: History of links between:
\begin{itemize} \begin{itemize}
\item x509 certificates (And therefore their fields) \item x509 certificates (And therefore their fields),
\item Ports \item ports,
\item IP address \item IP address,
\item Client (ja3) \item client (ja3),
\item Server (ja3s) \item server (ja3s),
\end{itemize} \end{itemize}
\begin{displayquote}
``JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.''\footnote{https://github.com/salesforce/ja3}
\end{displayquote}
\end{frame} \end{frame}
\begin{frame} \begin{frame}
\frametitle{Problem statement} \frametitle{Problem statement}
\begin{itemize} \begin{itemize}
\item CIRCL already offers a similar service based on SSLDump \item CIRCL already offers a similar service based on SSLDump\footnote{https://www.circl.lu/services/passive-ssl/},
\item SSLDump needs some love - maintaining it is hard \item SSLDump needs some love - maintaining it is hard,
\item Alternatives do not span the entire TLS Handshake (Salesforce's ja3) \item SSLDump needs some love - extending it even harder,
\item TCP reassembly is not an easy problem to solve (Cloudfare uses tshark) \item nlternatives do not span the entire TLS Handshake (Salesforce's
ja3\footnote{https://github.com/salesforce/ja3}),
\item TCP reassembly is not an easy problem to solve (Cloudfare's uses tshark\footnote{https://github.com/cloudflare/mitmengine}),
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -71,15 +78,15 @@
\frametitle{sensor-d4-tls-fingerprinting} \frametitle{sensor-d4-tls-fingerprinting}
Main features: Main features:
\begin{itemize} \begin{itemize}
\item Take over SSLDump's duty \item take over SSLDump's duty,
\item written in Golang \item written in Golang
\item uses Go packet for tcp reassembly and spans whole handshake \item uses Go packet for tcp reassembly and spans whole TLS handshake
\item ja3, ja3s, certificates, ip src / dst, port src / dst, TLSH \item ja3, ja3s, certificates, ip src / dst, port src / dst, TLSH
\end{itemize} \end{itemize}
Current caveats: Current caveats:
\begin{itemize} \begin{itemize}
\item Support for TLS 1.3 pending \item Support for TLS 1.3 pending
\item Reassembly requires RAM \item Reassembly consumes a lot of RAM
\end{itemize} \end{itemize}
\end{frame} \end{frame}
@ -106,7 +113,7 @@
\end{frame} \end{frame}
\begin{frame} \begin{frame}
\frametitle{sensor-d4-tls-fingerprinting - collectoin} \frametitle{sensor-d4-tls-fingerprinting - collection}
\input{d4-tlsf.tex} \input{d4-tlsf.tex}
@ -131,17 +138,55 @@ Depends on libpcap.
\end{frame} \end{frame}
\begin{frame} \begin{frame}[fragile]
\frametitle{sensor-d4-tls-fingerprinting - d4 client} \frametitle{sensor-d4-tls-fingerprinting - d4 client}
\input{pipe.tex} Required setting:
\vspace{.8cm} \begin{itemize}
D4 server requires a meta-header in order to accept this data: \item type should be set to 2 or 254
\item metaheader.json should state type: ja3-jl
\end{itemize}
\input{metaheader.json} \input{metaheader.json}
\vspace{.5cm}
\input{pipe.tex}
In the present setting the sensor will:
\begin{itemize}
\item describe every TLS Sessions,
\item marshal this description in JSON format
\item ship this description to D4 server
\end{itemize}
\end{frame} \end{frame}
\begin{frame} \begin{frame}[fragile]
\frametitle{sensor-d4-tls-fingerprinting - d4 worker} \frametitle{sensor-d4-tls-fingerprinting - d4 worker}
\input{worker.tex} \input{worker.tex}
\begin{itemize}
\item processes each reassembled JSON description,
\item extracts x509 certificates and write to disk,
\item writes JSON description to disk,
\item push the files paths to the analyzer.
\end{itemize}
\end{frame}
\begin{frame}[fragile]
\frametitle{sensor-d4-tls-fingerprinting - d4 analyzer}
(Proof of Concept)
\begin{itemize}
\item LPOP a redis list populated by the worker
\item dumbly push JSON description into a postgres database
\end{itemize}
\end{frame}
\begin{frame}[fragile]
\frametitle{sensor-d4-tls-fingerprinting - d4 passivessl API}
(Proof of Concept)
Exposes a REST API to query the collected data:
\begin{itemize}
\item /index : returns, the full DB :)
\item /ja3/ : returns, all TLS sessions with a given JA3 Signature
\item /ja3s/ : returns, all TLS sessions with a given JA3S Signature
\end{itemize}
\end{frame} \end{frame}

2
docs/workshop/2-passive-ssl/pipe.tex
View File

@ -1,3 +1,3 @@
\begin{lstlisting} \begin{lstlisting}
./d4-tlsf-amd64 ... | ./d4-amd64 -c conf.folder ./d4-tlsf-amd64 -i eth0 | ./d4-amd64 -c conf.crq
\end{lstlisting} \end{lstlisting}

11
docs/workshop/2-passive-ssl/worker.tex Normal file
View File

@ -0,0 +1,11 @@
\begin{lstlisting}
def __init__(self, uuid, json_file):
super().__init__(uuid, json_file)
self.set_rotate_file_mode(False)
def process_data(self, data):
self.reconstruct_data(data)
def handle_reconstructed_data(self, data):
...
\end{lstlisting}

71
docs/workshop/4-passive-dns/beamercolorthemefocus.sty Normal file
View File

@ -0,0 +1,71 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
% DEFINE COLORS. ---------------------------------------------------------------
\definecolor{main}{RGB}{64, 64, 64}
\definecolor{background}{RGB}{239, 239, 239}
\definecolor{alert}{RGB}{180, 0, 0}
\definecolor{example}{RGB}{0, 110, 0}
% SET COLORS. ------------------------------------------------------------------
\setbeamercolor{normal text}{fg=textcolor, bg=background}
\setbeamercolor{alerted text}{fg=alert}
\setbeamercolor{example text}{fg=example}
\setbeamercolor{titlelike}{fg=background, bg=main}
\setbeamercolor{frametitle}{parent={titlelike}}
\setbeamercolor{footline}{fg=background, bg=main}
\setbeamercolor{block title}{bg=main!80!background, fg=background}
\setbeamercolor{block body}{bg=main!10!background, fg=main}
\setbeamercolor{block title alerted}{bg=alert, fg=background}
\setbeamercolor{block body alerted}{bg=alert!10!background, fg=main}
\setbeamercolor{block title example}{bg=example, fg=background}
\setbeamercolor{block body example}{bg=example!10!background, fg=main}
\setbeamercolor{itemize item}{fg=main}
\setbeamercolor{itemize subitem}{fg=main}
\setbeamercolor{enumerate item}{fg=main!70!black}
\setbeamercolor{enumerate subitem}{fg=main!70!black}
\setbeamercolor{description item}{fg=main!70!black}
\setbeamercolor{description subitem}{fg=main!70!black}
\setbeamercolor{caption name}{fg=textcolor}
\setbeamercolor{section in toc}{fg=textcolor}
\setbeamercolor{subsection in toc}{fg=textcolor}
\setbeamercolor{section number projected}{bg=textcolor}
\setbeamercolor{subsection number projected}{bg=textcolor}
\setbeamercolor{bibliography item}{fg=main}
\setbeamercolor{bibliography entry author}{fg=main!70!black}
\setbeamercolor{bibliography entry title}{fg=main}
\setbeamercolor{bibliography entry location}{fg=main}
\setbeamercolor{bibliography entry note}{fg=main}
\mode<all>

47
docs/workshop/4-passive-dns/beamerfontthemefocus.sty Normal file
View File

@ -0,0 +1,47 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
% SET FONTS. -------------------------------------------------------------------
\setbeamerfont{title}{size=\huge, shape=\bfseries}
\setbeamerfont{subtitle}{size=\Large, parent=structure}
\setbeamerfont{author}{size=\scriptsize}
\setbeamerfont{institute}{size=\normalsize}
\setbeamerfont{date}{size=\scriptsize}
\setbeamerfont{sectiontitle}{size=\huge, series=\scshape\bfseries}
\setbeamerfont{frametitle}{size=\Large, shape=\scshape}
\setbeamerfont{footline}{size=\scriptsize}
\setbeamerfont{focusframe}{size=\huge, shape=\scshape}
\setbeamerfont{description item}{shape=\bfseries}
\setbeamerfont{caption name}{shape=\bfseries}
\setbeamerfont{bibliography item}{size=\small, shape=\scshape}
\setbeamerfont{bibliography entry author}{size=\small, shape=\scshape}
\setbeamerfont{bibliography entry title}{size=\small, series=\scshape\bfseries}
\setbeamerfont{bibliography entry location}{size=\small, shape=\scshape\normalfont}
\setbeamerfont{bibliography entry note}{size=\small, shape=\scshape\normalfont}
\mode<all>

117
docs/workshop/4-passive-dns/beamerinnerthemefocus.sty Normal file
View File

@ -0,0 +1,117 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
\RequirePackage{tikz}
% CUSTOMIZE STRUCTURE ELEMENTS. ------------------------------------------------
\setbeamertemplate{blocks}[default]
\setbeamertemplate{section in toc}[square]
\setbeamertemplate{subsection in toc}[square]
\setbeamertemplate{itemize items}[square]
\setbeamertemplate{itemize subitem}[triangle]
% STRUCTURE FRAME TEMPLATE DEFINITIONS. ----------------------------------------
% Title page.
\defbeamertemplate*{title page}{focus}{%
{\usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
\begin{tikzpicture}[overlay, remember picture]
\fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
\end{tikzpicture}}
\vspace{-1.65\baselineskip}
\begin{minipage}[b][0.35\paperheight]{\textwidth}
\vspace{\baselineskip}
\usebeamerfont{title}
\usebeamercolor[fg]{frametitle}
\inserttitle
\end{minipage}
\begin{minipage}[t][0.1\paperheight]{\textwidth}
\usebeamerfont{subtitle}
\usebeamercolor[fg]{frametitle}
\insertsubtitle
\end{minipage}
% Set the title graphic in a zero-height box, so that
% the position of other elements is not affected.
{\vfuzz=9999pt\vbox to 0pt {
\raggedleft
\inserttitlegraphic
}}
\vspace*{\baselineskip}
\begin{minipage}[t]{\textwidth}
\usebeamerfont{institute}
\insertinstitute
\end{minipage}
\vspace*{\baselineskip}
\begin{minipage}[t]{\textwidth}
\usebeamerfont{date}{\insertdate}
\end{minipage}
\vspace*{\baselineskip}
\vspace*{\baselineskip}
\vspace*{\baselineskip}
\vspace*{\baselineskip}
\begin{minipage}[t]{\textwidth}
\usebeamerfont{author}
\insertauthor
\end{minipage}
\vspace*{5\baselineskip}
\addtocounter{framenumber}{-1}
}
% Section page.
\defbeamertemplate*{section page}{focus}{%
{%
\usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
\begin{tikzpicture}[overlay, remember picture]
\fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
\end{tikzpicture}%
}
\vspace{-2\baselineskip}
\begin{minipage}[b][0.45\paperheight]{\textwidth}
\usebeamerfont{sectiontitle}
\usebeamercolor[fg]{frametitle}
\let\hyperlink\@secondoftwo\insertsection
\end{minipage}
\begin{minipage}[t][0.55\paperheight]{\textwidth}
\end{minipage}
}
\AtBeginSection{%
\begin{frame}[plain, noframenumbering]{}
\sectionpage
\end{frame}%
}
\mode<all>

255
docs/workshop/4-passive-dns/beamerouterthemefocus.sty Normal file
View File

@ -0,0 +1,255 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
\RequirePackage{appendixnumberbeamer}% Don't number appendix frames.
\RequirePackage{etoolbox}% \BeforeBeginEnvironment
\RequirePackage{tikz}
% FRAMETITLE TEMPLATES. --------------------------------------------------------
\defbeamertemplate*{frametitle}{focus}{%
% If not title page.
\ifnum\value{framenumber}>0%
\vspace{-1pt}%
\begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm]{frametitle}%
\strut\insertframetitle\strut%
\end{beamercolorbox}%
\fi%
}
% Plain header.
\defbeamertemplate{frametitle}{plain}{%
% If not title page.
\ifnum\value{framenumber}>0%
\vspace{-1pt}%
\begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm,ignorebg]{frametitle}%
\strut%
\end{beamercolorbox}%
\fi%
}
% FOOTLINE TEMPLATES. ----------------------------------------------------------
% Lenghts for the progress bar footline.
\newlength{\focus@pbar@height}% Progress bar height.
\newlength{\focus@pbar@leftoffset}
\newlength{\focus@pbar@rightoffset}
\defbeamertemplate*{footline}{progressbar}{%
% If not appendix.
\ifnum\mainend<0% From package appendixnumberbeamer.
%
\settowidth{\focus@pbar@leftoffset}{1}%
\addtolength{\focus@pbar@leftoffset}{1.5em}%
%
\settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
\addtolength{\focus@pbar@rightoffset}{1.5em}%
%
% If not title page.
\ifnum\c@framenumber>0%
\ifnum\c@framenumber<\inserttotalframenumber%
\begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]\usebeamerfont{footline}
\pgfmathsetmacro{\focus@pbar@progress}%
{(\paperwidth-\focus@pbar@leftoffset-\focus@pbar@rightoffset)*(\insertframenumber/\inserttotalframenumber)}
\clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\fill[footline.bg] (0,0) rectangle ++(\the\focus@pbar@leftoffset,\the\focus@pbar@height);
\fill[footline.bg] (\the\focus@pbar@leftoffset,0) rectangle ++(\focus@pbar@progress pt,\the\focus@pbar@height)
++(0,{-0.5*\the\focus@pbar@height}) node[anchor=east, text=footline.fg] {\strut\insertframenumber};
\fill[footline.bg] (\paperwidth,0) rectangle ++(-\the\focus@pbar@rightoffset,\the\focus@pbar@height)
++(0,{-0.5*\the\focus@pbar@height}) node[anchor=west, text=footline.fg] {\strut\inserttotalframenumber};
\end{tikzpicture}%
\else%
\begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
\clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
\node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
\node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
\end{tikzpicture}%
\fi%
\fi%
\fi%
}
% Full bar footline.
\defbeamertemplate{footline}{fullbar}{%
% If not appendix.
\ifnum\mainend<0% From package appendixnumberbeamer.
%
\settowidth{\focus@pbar@leftoffset}{1}%
\addtolength{\focus@pbar@leftoffset}{1.5em}%
%
\settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
\addtolength{\focus@pbar@rightoffset}{1.5em}%
%
% If not title page.
\ifnum\c@framenumber>0%
\begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
\clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
\node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
\node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
\end{tikzpicture}%
\fi%
\fi%
}
% Empty footline.
\defbeamertemplate{footline}{none}{}
\DeclareOptionBeamer{numbering}{\def\beamer@focus@numbering{#1}}
\ExecuteOptionsBeamer{numbering=progressbar}
\ProcessOptionsBeamer
\def\beamer@focus@numberingprogressbar{progressbar}
\def\beamer@focus@numberingfullbar{fullbar}
\def\beamer@focus@numberingnone{none}
% BACKGROUND CANVAS TEMPLATES. -------------------------------------------------
\defbeamertemplate*{background canvas}{focus}{%
\begin{tikzpicture}
\clip (0,0) rectangle ++(\paperwidth,\paperheight);
\fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
\end{tikzpicture}%
}
\defbeamertemplate{background canvas}{focusplain}{%
\begin{tikzpicture}
\clip (0,0) rectangle ++(\paperwidth,\paperheight);
\fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
\end{tikzpicture}%
}
\defbeamertemplate{background canvas}{focusframe}{%
\begin{tikzpicture}
\clip (0,0) rectangle ++(\paperwidth,\paperheight);
\fill[frametitle.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
\end{tikzpicture}%
}
% HOOKS FOR CREATING FRAMES. ---------------------------------------------------
\BeforeBeginEnvironment{frame}{%
\setbeamertemplate{background canvas}[focus]%
\setbeamertemplate{frametitle}[focus]%
%
% Reset footline height and determine it for the current slide.
\setlength{\focus@pbar@height}{0cm}%
\focus@calculatefootheight%
%
% If not appendix.
\ifnum\mainend<0 % From package appendixnumberbeamer.
\settoheight{\focus@pbar@height}{\usebeamerfont{footline}1234567890/}%
\addtolength{\focus@pbar@height}{6pt}%
%
\ifx\beamer@focus@numbering\beamer@focus@numberingprogressbar%
\setbeamertemplate{footline}[progressbar]%
\else%
\ifx\beamer@focus@numbering\beamer@focus@numberingfullbar%
\setbeamertemplate{footline}[fullbar]%
\fi%
\fi%
%
\focus@calculatefootheight%
\fi%
}
% Enable noframenumbering option.
\define@key{beamerframe}{noframenumbering}[true]{%
\setbeamertemplate{footline}[none]%
\setlength{\focus@pbar@height}{0cm}%
\focus@calculatefootheight%
%
\addtocounter{framenumber}{-1}%
}
% Enable plain option.
\define@key{beamerframe}{plain}[true]{%
\setbeamertemplate{background canvas}[focusplain]%
\setbeamertemplate{frametitle}[plain]%
%
\setbeamertemplate{footline}[none]%
}
% Full vertical centering
% (from https://tex.stackexchange.com/questions/247826/beamer-full-vertical-centering).
\define@key{beamerframe}{c}[true]{%
\beamer@frametopskip=0pt plus 1fill\relax%
\beamer@framebottomskip=0pt plus 1fill\relax%
\beamer@frametopskipautobreak=0pt plus 0.4\paperheight\relax%
\beamer@framebottomskipautobreak=0pt plus 0.6\paperheight\relax%
\def\beamer@initfirstlineunskip{}%
}
% Enable focus option.
\providebool{focus@standout}
\define@key{beamerframe}{focus}[true]{%
\booltrue{focus@standout}%
\begingroup%
\setkeys{beamerframe}{noframenumbering}%
\setbeamertemplate{background canvas}[focusframe]%
\setbeamertemplate{frametitle}[plain]%
%
\setkeys{beamerframe}{c}%
\centering%
\usebeamerfont{focusframe}%
\usebeamercolor[fg]{frametitle}%
}
\apptocmd{\beamer@reseteecodes}
{%
\ifbool{focus@standout}%
{%
\endgroup%
\boolfalse{focus@standout}%
}{}%
}{}{}
% Recalculate the footline's size and refresh other parameters.
% Partially copied from the definition of \beamer@calculateheadfoot.
\def\focus@calculatefootheight{%
\footheight=\focus@pbar@height%
\advance\footheight by 4pt%
\sidebarheight=\paperheight%
\advance\sidebarheight by-\headheight%
\advance\sidebarheight by\headdp%
\advance\sidebarheight by-\footheight%
\advance\sidebarheight by 4pt%
\footskip=\footheight%
\textheight=\paperheight%
\advance\textheight by-\footheight%
\advance\textheight by-\headheight%
\@colht\textheight%
\@colroom\textheight%
\vsize\textheight%
}
\mode<all>

60
docs/workshop/4-passive-dns/beamerthemefocus.sty Normal file
View File

@ -0,0 +1,60 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\NeedsTeXFormat{LaTeX2e}
\ProvidesPackage{beamerthemefocus}[2018/08/09 v2.2 Focus Beamer theme]
\mode<presentation>
% THEME OPTIONS. ---------------------------------------------------------------
\DeclareOptionBeamer{numbering}{%
\PassOptionsToPackage{numbering=#1}{beamerouterthemefocus}
}
\newif\if@focus@loadfirafonts
\@focus@loadfirafontstrue
\DeclareOptionBeamer{nofirafonts}{\@focus@loadfirafontsfalse}
\ProcessOptionsBeamer
% LOAD EXTERNAL PACKAGES. ------------------------------------------------------
\if@focus@loadfirafonts
\RequirePackage[T1]{fontenc}
\PassOptionsToPackage{type1}{FiraSans}
\PassOptionsToPackage{type1}{FiraMono}
\RequirePackage{FiraSans}
\RequirePackage{FiraMono}
\fi
\usecolortheme{focus}
\usefonttheme{focus}
\useinnertheme{focus}
\useoutertheme{focus}
\setbeamertemplate{navigation symbols}{}
% SET MARGINS. -----------------------------------------------------------------
\setbeamersize{text margin left=0.75cm, text margin right=0.75cm}
\setlength{\leftmargini}{0.75cm}
\mode<all>

BIN
docs/workshop/4-passive-dns/d4-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 63 KiB

BIN
docs/workshop/4-passive-dns/d4-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 85 KiB

BIN
docs/workshop/4-passive-dns/d4-3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

BIN
docs/workshop/4-passive-dns/d4-4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 79 KiB

BIN
docs/workshop/4-passive-dns/d4-5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

3
docs/workshop/4-passive-dns/d4-client.tex Normal file
View File

@ -0,0 +1,3 @@
\begin{lstlisting}
tcpdump -n -s0 -w - | ./d4 -c ./conf | socat - OPENSSL-CONNECT:$D4-SERVER-IP-ADDRESS:$PORT,verify=1
\end{lstlisting}

BIN
docs/workshop/4-passive-dns/d4-introduction.pdf Normal file
View File

Binary file not shown.

184
docs/workshop/4-passive-dns/d4-introduction.tex Normal file
View File

@ -0,0 +1,184 @@
\documentclass{beamer}
\usetheme[numbering=progressbar]{focus}
\usepackage{tikz}
\usetikzlibrary{positioning}
\usetikzlibrary{shapes,arrows}
\usepackage{transparent}
\usepackage{fancyvrb}
\usepackage{listings}
\definecolor{main}{RGB}{47, 161, 219}
%\definecolor{textcolor}{RGB}{128, 128, 128}
\definecolor{background}{RGB}{240, 247, 255}
\definecolor{textcolor}{RGB}{85, 87, 83}
\title{Improving Passive DNS collection}
\subtitle{with D4 Project}
\author{Alexandre Dulaunoy}
\titlegraphic{\includegraphics[scale=0.20]{d4-logo.pdf}}
\institute{Team CIRCL \\ \url{https://www.d4-project.org/}}
\date{2019/03/29}
\begin{document}
\begin{frame}
\maketitle
\end{frame}
\begin{frame}
\frametitle{Problem statement}
\begin{itemize}
\item CIRCL (and other CSIRTs) have their own passive DNS\footnote{\url{https://www.circl.lu/services/passive-dns/}} collection mechanisms
\item Current {\bf collection models} are affected with DoH\footnote{DNS over HTTPS} and centralised DNS services
\item DNS answers collection is a tedious process
\item {\bf Sharing Passive DNS stream} between organisation is challenging due to privacy
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Potential Strategy}
\begin{itemize}
\item Improve {\bf Passive DNS collection diversity} by being closer to the source and limit impact of DoH (e.g. at the OS resolver level)
\item Increasing diversity and {\bf mixing models} before sharing/storing Passive DNS records
\item Simplify process and tools to install for {\bf Passive DNS collection by relying on D4 sensors} instead of custom mechanisms
\item Provide a distributed infrastructure for mixing streams and filtering out the sharing to the validated partners
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{First release}
\begin{itemize}
\item analyzer-d4-passivedns\footnote{\url{https://github.com/D4-project/analyzer-d4-passivedns}} is an analyzer for a D4 network sensor. The analyser can process data produced by D4 sensors (in passivedns CSV format\footnote{\url{https://github.com/gamelinux/passivedns}})
\item Ingest these into a {\bf Passive DNS server} which can be queried later to search for the Passive DNS records
\item The lookup server (using on redis-compatible backend) is a Passive DNS REST server compliant to the Common Output Format\footnote{\url{https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-04}}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{D4 Overview}
\includegraphics[scale=0.38]{d4-overview.pdf}
\end{frame}
\begin{frame}[t]{Common Output Format}
\begin{itemize}
\item {\bf Consistent naming of fields across Passive DNS software} based on the most common Passive DNS implementations
\item Minimal set of fields to be supported
\item Minimal set of optional fields to be supported
\item Way to add "additional" fields via a simple registry mechanism (IANA-like)
\item Simple and easily parsable format
\item A gentle reminder regarding privacy aspects of Passive DNS
\end{itemize}
\end{frame}
\begin{frame}[t,fragile]{Sample output www.terena.org}
\lstdefinelanguage{JavaScript}{
keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break},
keywordstyle=\color{blue}\bfseries,
ndkeywords={class, export, boolean, throw, implements, import, this},
ndkeywordstyle=\color{darkgray}\bfseries,
identifierstyle=\color{black},
sensitive=false,
comment=[l]{//},
morecomment=[s]{/*}{*/},
commentstyle=\color{purple}\ttfamily,
stringstyle=\color{red}\ttfamily,
morestring=[b]',
morestring=[b]"
}
\lstset{
language=JavaScript,
backgroundcolor=\color{lightgray},
extendedchars=true,
basicstyle=\footnotesize\ttfamily,
showstringspaces=false,
showspaces=false,
numbers=left,
numberstyle=\footnotesize,
numbersep=9pt,
tabsize=2,
breaklines=true,
showtabs=false,
captionpos=b
}
\lstset{breaklines=true, language=JavaScript}
\begin{lstlisting}
{"count": 868, "time_first": 1298398002, "rrtype": "A", "rrname": "www.terena.org", "rdata": "192.87.30.6", "time_last": 1383124252}
{"count": 89, "time_first": 1383729690, "rrtype": "CNAME", "rrname": "www.terena.org", "rdata": "godzilla.terena.org", "time_last": 1391517643}
{"count": 110, "time_first": 1298398002, "rrtype": "AAAA", "rrname": "www.terena.org", "rdata": "2001:610:148:dead::6", "time_last": 136670845}
\end{lstlisting}
\end{frame}
\begin{frame}[t]{Mandatory fields}
\begin{itemize}
\item \textbf{rrname} : name of the queried resource records
\begin{itemize}
\item JSON String
\end{itemize}
\item \textbf{rrtype} : resource record type
\begin{itemize}
\item JSON String (interpreted type of resource type if known)
\end{itemize}
\item \textbf{rdata} : resource records of the query(ied) resource(s)
\begin{itemize}
\item JSON String or an array of string if more than one unique triple
\end{itemize}
\item \textbf{time\_first} : first time that the resource record triple (rrname, rrtype, rdata) was seen
\item \textbf{time\_last} : last time that the resource record triple (rrname, rrtype, rdata) was seen
\begin{itemize}
\item JSON Number (epoch value) UTC TZ
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}[t]{Optional fields}
\begin{itemize}
\item \textbf{count} : how many authoritative DNS answers were received by the Passive DNS collector
\begin{itemize}
\item JSON Number
\end{itemize}
\item \textbf{bailiwick} : closest enclosing zone delegated to a nameserver served in the zone of the resource records
\begin{itemize}
\item JSON String
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}[t]{Additionals fields}
\begin{itemize}
\item \textbf{sensor\_id} : Passive DNS sensor information
\begin{itemize}
\item JSON String
\end{itemize}
\item \textbf{zone\_time\_first} : specific first/last time seen when imported from a master file
\item \textbf{zone\_time\_last}
\begin{itemize}
\item JSON Number
\end{itemize}
\item Additional fields can be requested via \url{https://github.com/adulau/pdns-qof/wiki/Additional-Fields}
\end{itemize}
\end{frame}
\begin{frame}[t]{Future}
\begin{itemize}
\item {\bf Mixing models for passive DNS stream} (for privacy) in next version of D4 core server
\item Interconnecting private D4 sensor networks with other D4 sensor networks (sharing to partners filtered stream)
\item Previewing dataset collected in D4 sensor network and providing {\bf open data stream} (if contributor agrees to share under specific conditions)
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Get in touch if you want to join/support the project, host a passive dns sensor or contribute}
\begin{itemize}
\item Collaboration can include research partnership, sharing of collected streams or improving the software.
\item Contact: info@circl.lu
\item \url{https://github.com/D4-Project} - \url{https://twitter.com/d4_project}
\end{itemize}
\end{frame}
\end{document}

BIN
docs/workshop/4-passive-dns/d4-logo.pdf Normal file
View File

Binary file not shown.

BIN
docs/workshop/4-passive-dns/d4-overview.pdf Normal file
View File

Binary file not shown.

BIN
docs/workshop/4-passive-dns/d4-protocol-encapsulation.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 174 KiB

12
docs/workshop/4-passive-dns/flags.tex Normal file
View File

@ -0,0 +1,12 @@
\lstset{%
backgroundcolor=\color{gray!25},
basicstyle=\ttfamily,
breaklines=true,
columns=fullflexible
}
\begin{lstlisting}
tshark -n -r capture-20170916110006.cap.gz -T fields -e frame.time_epoch -e ip.src -e tcp.flags
1505552542.807286000 x.45.177.71 0x00000010
1505552547.514922000 x.45.177.71 0x00000010
\end{lstlisting}

10
docs/workshop/4-passive-dns/meta.tex Normal file
View File

@ -0,0 +1,10 @@
\begin{lstlisting}
{
"type": "ja3-jl",
"encoding": "utf-8",
"tags": [
"tlp:white"
],
"misp:org": "5b642239-4db4-4580-adf4-4ebd950d210f"
}
\end{lstlisting}

3
docs/workshop/4-passive-dns/pibs.tex Normal file
View File

@ -0,0 +1,3 @@
\begin{lstlisting}
./pibs -b -r pcap_file.cap
\end{lstlisting}

31
docs/workshop/4-passive-dns/server.notes Normal file
View File

@ -0,0 +1,31 @@
Welcome to the d4-core wiki!
## Server
- Support TLS connection
- Unpack header
- Verify client secret key (HMAC)
- check blocklist
- Filter by types
(Only accept one connection by type-UUID - except: type 254)
- Discard incorrect data
- Save data in a Redis Stream (unique for each session)
## Worker Manager (one by type)
- Check if a new session is created and valid data are saved in a Redis stream
- Launch a new Worker for each session
## Worker
- Get data for a stream
- Reconstruct data
- Save data on disk (with file rotation)
- Sava data in Redis. Create a queue for a D4-Analyzer
## Flask server
- Get Sensors status, errors and statistics
- Get all connected sensors
- Manage Sensors (stream size limit, secret key, ...)
- Manage Accepted types
- UUID/IP blocklist
- Create Analyzer Queues

4
docs/workshop/4-passive-dns/tcpdump.tex Normal file
View File

@ -0,0 +1,4 @@
\begin{lstlisting}
tcpdump -l -s 65535 -n -i vr0 -w - '( not port $PORT and not host $HOST )' | socat - OPENSSL-CONNECT:$COLLECTOR:$PORT,cert=/etc/openssl/client.pem,cafile=/etc/openssl/ca.crt,verify=1
\end{lstlisting}