Changes between Version 5 and Version 6 of GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu-ping

Timestamp:

11/01/17 12:45:31 (6 years ago)

Author:

Nabeel Akhtar

Comment:

--

GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu-ping

@@ -215 +215 @@
 ''' Note: keep the RINA application processes, PI controller process and PI-based Ryu controller process from the previous 3 steps running in the background. '''
 
-1. We need to first install our own Snort rule on Snort, so that it can detect the intrusion traffic specified in our rule. 
-
- To install our own rule and configure Snort, in separate windows for VNF1 and VNF2, execute the following commands: 
-    
-    - ''' cd ~ '''
-    - ''' wget !http://csr.bu.edu/rina/grw-bu2016/nfv_ryu/snort/config_snort.sh '''
+1. We need to first configure Snort so that we can use our rules, or snort’s build-in rules to detect the intrusion traffic. 
+To configure Snort, in separate windows for VNF1 and VNF2, execute the following commands 
+
+For VNF1:
+    - ''' cd ~/VNF1/SnortSetup ''' 
     - ''' chmod 755 config_snort.sh '''
-    -  ''' ./config_snort.sh '''
-
-Here we use a simple rule where all ICMP traffic to the ''destination'' node is considered as intrusion traffic, and the rule is specified as follows:  
-
-''' alert icmp any any -> 10.10.1.5 any (msg:"ICMP traffic found to Destination";sid:1000001;) ''' 
-
-in the file ''' /etc/snort/rules/my.rules'''. 
-
-
-2. We then run Snort IDS on VNF1 and VNF2. In separate windows for VNF1 and VNF2, execute the following command:
+    - ''' ./config_snort.sh '''
+
+For VNF2:
+    - ''' cd ~/VNF2/SnortSetup ''' 
+    - ''' chmod 755 config_snort.sh '''
+    - ''' ./config_snort.sh '''
+
+2. We will use a simple rule where all the ICMP traffic to the ''destination'' node is considered as intrusion traffic. To add the rule, open '' /etc/snort/rules/my.rules '' and add the rule specified below
+To open file:
+    - ''' nano /etc/snort/rules/my.rules '''
+
+Add the following rule to '' my.rules ''
+    - ''' alert icmp any any -> 10.10.1.5 any (msg:"ICMP traffic found to Destination";sid:1000001;) ''' 
+
+3. We then run Snort IDS on VNF1 and VNF2. In separate windows for VNF1 and VNF2, execute the following command:
 
    - ''' sudo /usr/local/bin/snort -A full -dev -c /etc/snort/snort.conf -i eth1''' 
 
-   ''' Note: exit from previous instances of snort if they are still running from earlier experiments before you run this instance of snort. '''
+   ''' Note: exit from previous instances of Snort if they are still running from earlier experiments before you run this instance of Snort. '''
   
-   ''' Note: this command is different from [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2], where the file ''/etc/snort/snort.conf '' specifies which rule files to load. '''
-
-When Snort detects intrusion traffic, it will save the alert messages into the file '' /var/log/snort/alert''. The RINA distributed application keeps reading this alert file, and pass any intrusion information to the Ryu controller which will block the intrusion traffic. 
-
-''' Note: If you want to re-run this experiment, make sure to remove both files: '' /var/log/snort/alert'' on both VNF nodes, and ''/tmp/attacker.txt'' on the controller node. '''
+   ''' Note: this command is different from [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2]. Here we specify the file ''/etc/snort/snort.conf '' to indicate which rule files to load. '''
+
+When Snort detects intrusion traffic, it will save the alert messages into the file '' /var/log/snort/alert''. The RINA distributed application keeps reading this alert file, and passes any intrusion information to the Ryu controller which will block the intrusion traffic. 
+
 
 ==  (5) Generate Regular and Intrusion Traffic ==