WHAT: "Unconstrained Profiling of Internet Endpoints via Information on the Web" In order to better manage and protect their networks, operators in the Security Operations Center of an ISP may need to discover more about an IP address. Operators will often look that IP address up on Google to establish what else it has been doing on the Internet. If, for example, the operator can establish that the IP address attacking its network with a DDoS flood has also been blacklisted by a reputation blacklist in the past for either being a spammer or a bot-infected host, then it provides further evidence about the origins of the flood. This can be important in understanding the intent behind an attack. However, such Google searches can be laborious and frustrating, as canvassing the results is a monumental task. A more efficient approach is needed, by organizing all information about IP addresses found on the Web via keywords that denote their use. Using this approach, operators will have all pertinent information at their fingertips. In this presentation, "Unconstrained Profiling of Internet Endpoints via Information on the Web," Narus introduces a novel approach for profiling and classifying endpoints (i.e. IP addresses). This technique can be used by service providers to classify network traffic for traffic management. We implemented and deployed a Google-based profiling tool, which accurately characterizes endpoint behavior by collecting and strategically combining information freely available on the Web. We will show how classification of endpoints can assist in categorizing traffic into classes such as Web, peer-to-peer, gaming, chat, etc. Furthermore, this method can even identify semantically richer categories such as for chat. In that case, we can even identify MSN chat vs. Yahoo! messenger. This traffic classification works even under scenarios of high packet sampling, and is port-agnostic. Finally, using this approach, we perform unconstrained endpoint profiling at a global scale, for clients in four different world regions (Asia, South and North America, and Europe). We provide the first-of-its kind endpoint analysis that reveals fascinating similarities and differences in application usage among these regions. WHO: Supranamaya Ranjan, Narus Ionut Trestian, Northwestern University WHEN: Tuesday, October 14, 2008 5-5:30 p.m. PT WHERE: North American Network Operators' Group (NANOG) Millenium Biltmore Hotel, Los Angeles Biltmore Bowl RoomAbout Narus Narus is the leader in real-time traffic intelligence for large IP networks, and is the only company that provides security, intercept and traffic management solutions within a single, flexible system. With Narus, service providers, governments and large enterprises around the world can immediately detect, analyze, mitigate and target any unwanted, unwarranted or malicious traffic. Narus provides its customers with complete, real-time insight into all of their IP traffic from the network to the applications. Combined with the ability to enable numerous actions, Narus customers have the ability to take the most appropriate actions quickly. Narus' system protects and manages the largest IP networks around the world including AT&T, KT (Korea), KDDI (Japan), Telecom Egypt, Reliance (India), Saudi Telecom, US Cellular and Pakistan Telecom Authority. Narus is headquartered in Mountain View, California with regional offices around the world. For more information, please visit www.narus.com.
Contact Information: CONTACTS: Narus, Inc. Lucia Mikasa +1-650-230-9311 BOCA Communications Kathleen Shanahan +1-415-570-1405