Changes between Version 7 and Version 8 of GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu-ping


Ignore:
Timestamp:
11/01/17 12:51:45 (6 years ago)
Author:
Nabeel Akhtar
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu-ping

    v7 v8  
    246246When Snort detects intrusion traffic, it will save the alert messages into the file '' /var/log/snort/alert''. The RINA distributed application keeps reading this alert file, and passes any intrusion information to the Ryu controller which will block the intrusion traffic.
    247247
    248 
    249 ==  (5) Generate Regular and Intrusion Traffic ==
     248== (5) Run Attack Analyzer ==
     249
     250The Attack Analyzer reads the Snort alerts saved on the Controller node and makes decisions about which IP addresses to block. The Attack analyzer is the “brain” on the attack control system. It reads the file ''/tmp/snortalert'', which is generated by RINA on controller node and outputs ''/tmp/attacker.txt'' file which has the IP addresses of all the nodes that the Attack Analyzer decides to block based on Snort alerts.
     251
     252Open a separate window for the Controller, and run the attack analyzer. [[BR]]
     253
     254''' cd ~/Control/AttackAnalyzer/ '''
     255
     256''' python !AttackAnalyzer.py -f /tmp/snortalert ''' [[BR]]
     257
     258''' Note: If you want to re-run this experiment, make sure to remove ''/tmp/attacker.txt'' and ''/tmp/snortalert'' files on the controller node. '''
     259
     260
     261==  (6) Generate Regular and Intrusion Traffic ==
    250262
    2512631. In a separate window for destination, start the netcat server by running: