diff --git a/docs/diagram/d4-1.png b/docs/diagram/d4-1.png new file mode 100644 index 0000000..d46c31e Binary files /dev/null and b/docs/diagram/d4-1.png differ diff --git a/docs/diagram/d4-2.png b/docs/diagram/d4-2.png new file mode 100644 index 0000000..02c5efc Binary files /dev/null and b/docs/diagram/d4-2.png differ diff --git a/docs/diagram/d4-3.png b/docs/diagram/d4-3.png new file mode 100644 index 0000000..68ffc11 Binary files /dev/null and b/docs/diagram/d4-3.png differ diff --git a/docs/diagram/d4-4.png b/docs/diagram/d4-4.png new file mode 100644 index 0000000..4c191d9 Binary files /dev/null and b/docs/diagram/d4-4.png differ diff --git a/docs/diagram/d4-5.png b/docs/diagram/d4-5.png new file mode 100644 index 0000000..556aea3 Binary files /dev/null and b/docs/diagram/d4-5.png differ diff --git a/docs/diagram/d4-worker-2.png b/docs/diagram/d4-worker-2.png new file mode 100644 index 0000000..3ca0410 Binary files /dev/null and b/docs/diagram/d4-worker-2.png differ diff --git a/docs/diagram/theconversation.pdf b/docs/diagram/theconversation.pdf new file mode 100644 index 0000000..5b69a7f Binary files /dev/null and b/docs/diagram/theconversation.pdf differ diff --git a/docs/workshop/0-introduction/d4-1.png b/docs/workshop/0-introduction/d4-1.png index d46c31e..d4a7bba 100644 Binary files a/docs/workshop/0-introduction/d4-1.png and b/docs/workshop/0-introduction/d4-1.png differ diff --git a/docs/workshop/0-introduction/d4-2.png b/docs/workshop/0-introduction/d4-2.png index 02c5efc..c1a6df4 100644 Binary files a/docs/workshop/0-introduction/d4-2.png and b/docs/workshop/0-introduction/d4-2.png differ diff --git a/docs/workshop/0-introduction/d4-3.png b/docs/workshop/0-introduction/d4-3.png index 68ffc11..c978527 100644 Binary files a/docs/workshop/0-introduction/d4-3.png and b/docs/workshop/0-introduction/d4-3.png differ diff --git a/docs/workshop/0-introduction/d4-4.png b/docs/workshop/0-introduction/d4-4.png index 4c191d9..b685bb5 100644 Binary files a/docs/workshop/0-introduction/d4-4.png and b/docs/workshop/0-introduction/d4-4.png differ diff --git a/docs/workshop/0-introduction/d4-5.png b/docs/workshop/0-introduction/d4-5.png index 556aea3..fedc227 100644 Binary files a/docs/workshop/0-introduction/d4-5.png and b/docs/workshop/0-introduction/d4-5.png differ diff --git a/docs/workshop/0-introduction/d4-introduction.pdf b/docs/workshop/0-introduction/d4-introduction.pdf index 91b747b..970f87b 100644 Binary files a/docs/workshop/0-introduction/d4-introduction.pdf and b/docs/workshop/0-introduction/d4-introduction.pdf differ diff --git a/docs/workshop/0-introduction/d4-introduction.tex b/docs/workshop/0-introduction/d4-introduction.tex index a803c00..d8559de 100644 --- a/docs/workshop/0-introduction/d4-introduction.tex +++ b/docs/workshop/0-introduction/d4-introduction.tex @@ -8,6 +8,8 @@ \usetikzlibrary{shapes,arrows} \usepackage{transparent} \usepackage{fancyvrb} +\usepackage{tabularx} +\usepackage{ulem} \usepackage{listings} \definecolor{main}{RGB}{47, 161, 219} %\definecolor{textcolor}{RGB}{128, 128, 128} @@ -15,10 +17,10 @@ \definecolor{textcolor}{RGB}{85, 87, 83} \title{D4 Project} \subtitle{Open and collaborative network monitoring} -\author{Alexandre Dulaunoy - Sami Mokaddem} +\author{TEAM CIRCL} \titlegraphic{\includegraphics[scale=0.20]{d4-logo.pdf}} -\institute{Team CIRCL \\ \url{https://www.d4-project.org/}} -\date{2019/03/29} +\institute{\url{https://www.d4-project.org/}} +\date{2019/09/23} \begin{document} \begin{frame} @@ -54,28 +56,99 @@ \begin{frame} \frametitle{(short) History} \begin{itemize} - \item D4 Project (co-funded under INEA CEF EU program) started - 1st November 2018 - \item D4 encapsulation protocol version 1 published - 1st December 2018 - \item v0.1 release of the D4 core\footnote{\url{https://www.github.com/D4-project/d4-core}} including a server and simple D4 C client - 21st January 2018 - \item First version of a golang D4 client\footnote{\url{https://www.github.com/D4-project/d4-goclient/}} running on ARM, MIPS, PPC and x86 - January 2018 + \item D4 Project (co-funded under INEA CEF EU program) started - \textbf{1st November 2018} + \item D4 encapsulation protocol version 1 published - \textbf{1st December 2018} + \item v0.1 release of the D4 core\footnote{\url{https://www.github.com/D4-project/d4-core}} including a server and simple D4 C client - \textbf{21st January 2019} + \item First version of a golang D4 client\footnote{\url{https://www.github.com/D4-project/d4-goclient/}} running on ARM, MIPS, PPC and x86 - \textbf{January 2019} + \item First Analyzers - \textbf{Spring 2019} + \item Client Generator - \textbf{Summer 2019} \end{itemize} \end{frame} + +\begin{frame} + \frametitle{(short) History} +\begin{center} +\resizebox{!}{100pt}{% + \begin{tabularx}{\linewidth}% + {>{\setlength\hsize{0.6\hsize}\raggedright}X% + >{\setlength\hsize{0.4\hsize}\raggedright}X} + +\hline +Release & Date \tabularnewline +\hline +AIL-framework-v1.5 & Apr. 26, 2019 \tabularnewline +... & \tabularnewline +AIL-framework-v2.1 & Aug. 14, 2019 \tabularnewline +analyzer-d4-balboa-v0.1 & Aug. 19, 2019 \tabularnewline +analyzer-d4-passivedns-v0.1 & Apr. 5, 2019 \tabularnewline +analyzer-d4-passivessl-0.1 & Apr. 25, 2019 \tabularnewline +analyzer-d4-pibs-v0.1 & Apr. 8, 2019 \tabularnewline +BGP-Ranking-1.0 & Apr. 25, 2019 \tabularnewline +BGP-Ranking-1.1 & Aug. 19, 2019 \tabularnewline +d4-core-v0.1 & Jan. 25, 2019 \tabularnewline +d4-core-v0.2 & Feb. 14, 2019 \tabularnewline +d4-core-v0.3 & Apr. 8, 2019 \tabularnewline +d4-goclient-v0.1 & Feb. 14, 2019 \tabularnewline +d4-goclient-v0.2 & Apr. 8, 2019 \tabularnewline +d4-sensor-generator-v0.1 & Aug. 22, 2019 \tabularnewline +d4-server-packer-0.1 & Apr. 25, 2019 \tabularnewline +IPASN-History-1.0 & Apr. 25, 2019 \tabularnewline +IPASN-History-1.1 & Aug. 19, 2019 \tabularnewline +sensor-d4-tls-fingerprinting-0.1 & Apr. 25, 2019 \tabularnewline +\hline + +\end{tabularx}% +} +\end{center} + +see \url{https://github.com/D4-Project} +\end{frame} + \begin{frame} \frametitle{D4 Overview} \includegraphics[scale=0.38]{../../diagram/d4-overview.png} \end{frame} \begin{frame} - \frametitle{Roadmap (next 2 months)} +\frametitle{D4 Overview - Connecting Sensor Networks} + \includegraphics[scale=0.46]{../../diagram/mixing-d4-1.pdf} + {\tiny \url{https://d4-project.org/2019/06/17/sharing-between-D4-sensors.html}} +\end{frame} + +\begin{frame} + \frametitle{What to do with it} \begin{itemize} - \item Passive DNS analyzer (alpha version released) - \item Passive SSL collector and analyzer - \item Backscatter DDoS traffic analyzer - \item {\bf Default server} (blackhole monitoring or Passive DNS collector) at CIRCL for organisations willing to contribute without running their own D4 server + \item Passive DNS collection + \item Passive SSL collection + \item AIL collection + \item Correlations, CTI + \item DDoS Detection \end{itemize} \end{frame} +\begin{frame} +\frametitle{D4 Overview: DDoS} + \includegraphics[width=\textwidth]{../../diagram/theconversation.pdf} + {\tiny \url{https://d4-project.org/2019/08/29/state-of-the-art-DDoS.html}} +\end{frame} + +\begin{frame} + \frametitle{Roadmap - output} + + CIRCL hosts a server instance for organisations willing to + contribute to a public dataset without running their own D4 server: + \begin{itemize} + \item [\checkmark] Blackhole DDoS + \item [\checkmark] Passive DNS + \item [\checkmark] Passive SSL + \item Gene\footnote{\url{https://github.com/0xrawsec/gene}} / WHIDS\footnote{\url{https://github.com/0xrawsec/whids}} (sysmon) + \item BGP mapping + \item egress filtering mapping + \item Radio-Spectrum monitoring: 802.11, BLE, \sout{GSM}, etc. + \end{itemize} +\end{frame} + \begin{frame} \frametitle{D4 encapsulation protocol} @@ -130,7 +203,7 @@ \end{frame} \begin{frame} - \frametitle{D4-core server} + \frametitle{D4 server} \begin{itemize} \item D4 core server\footnote{\url{https://github.com/D4-project/d4-core}} is a complete server to handle clients (sensors) including the decapsulation of the D4 protocol, control of sensor registrations, management of decoding protocols and dispatching to adequate decoders/analysers. \item D4 server is written in Python 3.6 and runs on standard GNU/Linux distribution. @@ -189,14 +262,9 @@ After the stream is processed depending of the type using dedicated worker. \end{itemize} \end{frame} -\begin{frame} - \frametitle{D4 server - type 254 - implementation} - \includegraphics[scale=0.3]{d4-worker-2.png} -\end{frame} - \begin{frame} \frametitle{D4 server - management interface} -The D4 server provides a web interface to manage D4 sensors, sessions and analyzer. +The D4 server provides a {\bf web interface} to manage D4 sensors, sessions and analyzer. \begin{itemize} \item Get Sensors status, errors and statistics \item Get all connected sensors @@ -209,32 +277,30 @@ The D4 server provides a web interface to manage D4 sensors, sessions and analyz \begin{frame} \frametitle{D4 server - main interface} - \includegraphics[scale=0.18]{d4-5.png} + \includegraphics[width=\textwidth]{./d4-5.png} \end{frame} \begin{frame} \frametitle{D4 server - server management} - \includegraphics[scale=0.18]{d4-2.png} + \includegraphics[width=\textwidth]{./d4-2.png} \end{frame} \begin{frame} \frametitle{D4 server - server management} - \includegraphics[scale=0.18]{d4-3.png} + \includegraphics[width=\textwidth]{./d4-3.png} \end{frame} \begin{frame} \frametitle{D4 server - sensor overview} - \includegraphics[scale=0.18]{d4-1.png} + \includegraphics[width=\textwidth]{./d4-1.png} \end{frame} \begin{frame} \frametitle{D4 server - sensor management} - \includegraphics[scale=0.18]{d4-4.png} + \includegraphics[width=\textwidth]{./d4-4.png} \end{frame} - - \begin{frame} \frametitle{} {\center Use-case: migrating a legacy network capture model into a D4 network sensor