Changes between Version 8 and Version 9 of GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu-portscanning
- Timestamp:
- 10/30/17 17:30:39 (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu-portscanning
v8 v9 242 242 When Snort detects intrusion traffic, it will save the alert messages into the file '' /var/log/snort/alert''. The RINA distributed application keeps reading this alert file, and pass any intrusion information to the Ryu controller which will block the intrusion traffic. 243 243 244 ''' Note: If you want to re-run this experiment, make sure to remove /tmp/attacker.txt and /tmp/snortalertfiles on the controller node. '''244 ''' Note: If you want to re-run this experiment, make sure to remove ''/tmp/attacker.txt'' and ''/tmp/snortalert'' files on the controller node. ''' 245 245 246 246 == (5) Run Attack Analyzer == 247 247 248 Attack Analyzer reads the snort alerts saved on Controller node and makes decisions about which IP addresses to block. Attack analyzer is the “brain” on the attack control system. It reads the file '' /tmp/snortalerts '', which is generated by RINA on controller node and outputs /tmp/attacker.txtfile which has IP address of all the nodes that Attack Analyzer decides to block based on snort alerts.248 Attack Analyzer reads the snort alerts saved on Controller node and makes decisions about which IP addresses to block. Attack analyzer is the “brain” on the attack control system. It reads the file ''/tmp/snortalerts'', which is generated by RINA on controller node and outputs ''/tmp/attacker.txt'' file which has IP address of all the nodes that Attack Analyzer decides to block based on snort alerts. 249 249 250 250