Changes between Version 41 and Version 42 of GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu-portscanning


Ignore:
Timestamp:
10/30/17 21:10:56 (6 years ago)
Author:
Nabeel Akhtar
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu-portscanning

    v41 v42  
    315315
    316316
    317 Soon after starting ping message, nmap is used to attack destination. We can use ping output to measure how long it took to detect the attack, by counting the number of successful pings. Here is sample output
     317Soon after starting ping message, nmap is used to attack destination.
     318
     319
     3204. As soon as the attack is detected, you will see the IP address appearing on the window for AttackAnalyzer.py. All traffic from this IP address is blocked by AttackAnalyzer. At this point, you can stop the ''PortScanAttack.sh '' file by typing Ctrl+C.
     321
     322
     323
     3245. We can use ping output file (ping.log) to measure how long it took to detect the attack. Since each ping request are made 0.2 seconds apart, we can count the number of successful pings. To open ping.log file, type
     325
     326''' cat ping.log '''
     327
     328
     329Here is sample output
    318330
    319331
     
    325337
    326338Here you can see that only first 13 out of total 422 ping request went through. Since each ping request is made at 0.2 seconds apart, it took 0.2x13 = 2.6 seconds to detect and block the attacker.
     339
     340
    327341
    328342== (8) Re-run experiment without load balancer ==