[45951] in North American Network Operators' Group
detecting and blocking DoS/DDoS attacks
daemon@ATHENA.MIT.EDU (Constantinos A. Kotsokalis)
Tue Mar 5 12:35:42 2002
Message-ID: <3C850144.3040507@grnet.gr>
Date: Tue, 05 Mar 2002 19:32:52 +0200
From: "Constantinos A. Kotsokalis" <ckotso@grnet.gr>
MIME-Version: 1.0
To: nanog@merit.edu
Content-Type: text/plain; charset=ISO-8859-7; format=flowed
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Hello everyone,
I recently finished the latest beta release of a tool to detect (and
possibly block) DoS/DDoS attacks. There are a few problems that I am
trying to resolve, but all in all it seems to work. The tool is released
under the GPL (i.e. it is free to use and modify the source code) and is
available at:
http://prdownloads.sourceforge.net/panoptis/panoptis-0.1b4.tar.gz
Any contribution to the code, or functionality tests, will be of great
value. Please note that the input is provided by Cisco routers exporting
NetFlow data. At the moment, versions 1 and 5 have been tested. Support
for version 8 is included, but not tested at all. The tool also allows
for the creation of a detector mesh, in order to achieve trace-back in
the case of spoofed IP addresses. Another thing to keep in mind is that
it is written in C++ (so you will need a C++ compiler), it has been
tested on Linux and it needs the GNU CommonC++ library (available at
http://sourceforge.net/projects/cplusplus ).
Please understand that this is a beta release, so not everything might
work as it should; However, enough testing will lead to a stable release
which will help all of us get rid of script kiddies bringing our
networks to their knees.
Thanks,
Costas
--
Constantinos A. Kotsokalis || ckotso@grnet.gr
Greek Research and Technology Network
Tel: +30 10 7474243 || Fax: +30 10 7474490
