Changes between Version 39 and Version 40 of GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu-portscanning


Ignore:
Timestamp:
10/30/17 20:36:47 (7 years ago)
Author:
Nabeel Akhtar
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu-portscanning

    v39 v40  
    2672673. Now we will generate traffic from the sources 1 (s1) to the destination node using iperf and see how it effects the CPU utilization at VNF1 and VNF2 running Snort IDS. Note that if we run multiple instances of iperf, we can generate significant load on the VNF instances. To run iperf client on a source, execute:
    268268
    269 ''' iperf -u -c destination -t 500 & '''
     269''' iperf -u -c destination -t 5000 & '''
    270270
    271271{{{
     
    274274 <tr>
    275275<td> <img src = "http://csr.bu.edu/rina/grw-bu2016/tutorial_files/image068.gif" > </td>
    276 <td>  <i>Note that you can run multiple instances of iperf by running <span style="background:#c0c0c0"> iperf -c destination -t 500 & </span> multiple times in s1 node. This flow lasts for 500 seconds. For this experiment, you may try to run 4-5 iperf instances to generate load of around 50% on both VNF1 and VNF2. To kill all the flows generated at a node, run <span style="background:#c0c0c0"> killall –v iperf </span> </i>
     276<td>  <i>Note that you can run multiple instances of iperf by running <span style="background:#c0c0c0"> iperf -c destination -t 5000 & </span> multiple times in s1 node. This flow lasts for 5000 seconds. For this experiment, you may try to run 4-5 iperf instances to generate load of around 50% on both VNF1 and VNF2. To kill all the flows generated at a node, run <span style="background:#c0c0c0"> killall –v iperf </span> </i>
    277277 </td></tr></table>
    278278}}}
     
    280280== (7) Generate Intrusion Traffic ==
    281281
    282 1. In a separate window for source, ping destination:
     2821. We will generate attack traffic from source 2 (s2), so only s2 is blocked by the system. In a separate window for source 2 (s2), ping destination:
    283283
    284284''' ping destination'''
     
    2882882. Download the Port Scan attack generator file.
    289289
    290 ''' wget !https://raw.githubusercontent.com/akhtarnabeel/public/master/AttackAnalyzer/PortScanAttack.sh '''
    291        
     290''' wget !https://raw.githubusercontent.com/akhtarnabeel/public/master/NFV-GENI/PortScanAttack.sh '''
     291
    292292
    293293change file permissions so you can run it
     
    312312{{{
    313313#!html
    314 <img src="https://raw.githubusercontent.com/akhtarnabeel/public/master/Figures/output.png" hspace=20>
     314<img src="https://github.com/akhtarnabeel/public/raw/master/NFV-GENI/Figures/output.png" hspace=20>
    315315 }}}
    316316
     
    323323{{{
    324324#!html
    325 <img src="https://raw.githubusercontent.com/akhtarnabeel/public/master/Figures/sample.png" style="width:500px;" hspace=20>
     325<img src="https://github.com/akhtarnabeel/public/raw/master/NFV-GENI/Figures/sample.png" style="width:500px;" hspace=20>
    326326 }}}
    327327
     
    330330
    331331== (8) Re-run experiment without load balancer ==
    332 
    333332
    334333We will re-run the experiment without load balancer to see the effects of load balancer. Ideally, you should quickly detect attack using load balancer.