NS-2 Module for the
Proactive Roaming HoneyPots
An approach to mitigate denial-of-service attack
NETSEC project, Computer Science Dept., University of Pittsburgh
Introduction
We proposes a scheme, referred to as the Roaming Honeypots, to mitigate
the effects of denial of service (DoS) attacks. The scheme is based on
the concept of ``replicated elusive service'', which through server
roaming, causes the service to physically migrate from one physical
location to another. The scheme, however, introduces the roaming of the
honeypots that are not supposed to recieve any legitimate traffic, thus
act as a trap for malicious attackers.
We have created ns2 (ns 2.26) modules to evaluate our scheme. The
modules include a Ftp Client, a Ftp Server, an Authenticator, an
Attacker and a migrate TCP socket.
Furthur details of the design and implementation can be seen in the
following papers:
 |
C. Sangpachatanaruk, S. M. Khattab, T. Znati,
R. Melhem, and D. Mosse', Design and Analysis of a Replicated Elusive
Server Scheme for Mitigating Denial of Service Attacks, To Appear in
Journal of Systems and Software, Elsevier. [ps] |
| |
C. Sangpachatanaruk, S. M. Khattab, T. Znati,
R. Melhem, and D. Mosse', A Simulation Study of the Proactive Server
Roaming for Mitigating Denial of Service Attacks, Proceedings of the 36th
Annual Simulation Symposium 2003 (ANSS'03), March 2003. [ps|pdf] |
How to compile
1. Download the src code (netsec-cspitt.tar.gz)
from our web site.
2. Untar the src to the directory that is recognized by ns2.
3. Modify Makefile of ns2 to include all cc objects.
i.e. if the src codes are in "netsec" directory
OBJ_CC = \
...
netsec/mtcp.o netsec/mftp_client.o netsec/mftp_server.o \
netsec/mauth.o netsec/mattac.o \
$(OBJ_STL)
4. Make one more time.
5. Run the test script (test_roaming_honeypots.tcl)
> ns test_roaming_honeypots.tcl -help
to see options
Read the comment in the script to understand how it
works.
Furthur question can be direct to
netsec@cs.pitt.edu