IRIS

Service Function Chaining (SFC) allows the delivery of advanced end-to-end services composed of one or more network functions. IPv6 Segment Routing (SRv6) is a network architecture based on source routing, where a list of segments isattached to packets to enforce different path from the shortest one. SRv6 supports SFC by assigning each network function a segment and combining these segments into a segment list.In order to fully leverage the SRv6 network programming capabilities, network functions are required to be SR-aware. In this paper, we present our implementation of SR-Snort, a SR-aware intrusion detection system (IDS) and intrusion prevention system (IPS). We extended the open-source implementation of Snort, so it can apply the configured rules to the inner packet of SR traffic. SR-Snort can handle both inner IPv4 and inner IPv6traffic. It can work in either IDS or IPS mode.

Abdelsalam, A., Salsano, S., Clad, F., Camarillo, P., Filsfils, C. (2018). SR-Snort: IPv6 Segment Routing Aware IDS/IPS. In 2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). IEEE [10.1109/NFV-SDN.2018.8725797].

SR-Snort: IPv6 Segment Routing Aware IDS/IPS

Salsano S.;
2018-01-01

Abstract

Service Function Chaining (SFC) allows the delivery of advanced end-to-end services composed of one or more network functions. IPv6 Segment Routing (SRv6) is a network architecture based on source routing, where a list of segments isattached to packets to enforce different path from the shortest one. SRv6 supports SFC by assigning each network function a segment and combining these segments into a segment list.In order to fully leverage the SRv6 network programming capabilities, network functions are required to be SR-aware. In this paper, we present our implementation of SR-Snort, a SR-aware intrusion detection system (IDS) and intrusion prevention system (IPS). We extended the open-source implementation of Snort, so it can apply the configured rules to the inner packet of SR traffic. SR-Snort can handle both inner IPv4 and inner IPv6traffic. It can work in either IDS or IPS mode.
2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)
Rilevanza internazionale
2018
Settore ING-INF/03 - TELECOMUNICAZIONI
English
Intervento a convegno
Abdelsalam, A., Salsano, S., Clad, F., Camarillo, P., Filsfils, C. (2018). SR-Snort: IPv6 Segment Routing Aware IDS/IPS. In 2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). IEEE [10.1109/NFV-SDN.2018.8725797].
Abdelsalam, A; Salsano, S; Clad, F; Camarillo, P; Filsfils, C
02 - Intervento a convegno
File in questo prodotto:
File Dimensione Formato  
18-sr-snort-demo.pdf

accesso aperto

Licenza: Copyright dell'editore
Dimensione 441.48 kB
Formato Adobe PDF
Visualizza/Apri
441.48 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2108/216137
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? 1
social impact