GitHub - siddhantj/Denial-of-Service-Attacks: http://www.isi.edu/~hussain/TEACH/project.html

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
Makefile		Makefile
README		README
endhost.c		endhost.c
endhost.h		endhost.h
router.c		router.c
router.h		router.h
traffana.c		traffana.c
traffana.h		traffana.h

Repository files navigation

COMPILATION INSTRUCTION

1) First extract the file from traceback.tar.gz
tar zxvf traceback.tar.gz

2) All the executables traffana, endhost and router will be produced.

3) Before you start attacking the victim( traffana) first ping node1(Eg. node4(A)---node3(R)---node2(R)---node1(V) is the topology). So you can find out the interface to attack on the victim. ping node1 will give ip address AND do ifconfig to find out the interface to which the IP belongs. The traffana should start with the same interface

4) Similarily,ping the router nodes to find out the interfaces(ping node2 AND ping node3) and hence their IP addresses. Put these addresses in the router file which contains the list of routers.

Run the tools in the following order

I) At the endhost side( where traffana is running) type the command:
./endhost -r router_file -t 50000 -u 60000 -s 10

II) At the router type the following command:
./router -t 50000 -u 60000 -e 2 -p 0.4

3) To run traffana with attack detection, please use z -5 as parameter so that u can get the correct result.
./traffana -i eth -T 2 -v -z 5 -p 1000 -s 3
Other parameters like -b and -f will not play role in detecting attack(when not included). Interface is the one which you get using "ping node1"

4) Now orchestrate the attack on the victim on that interface(ping node1 and find interface like we did above). The endhost will send start marking messages and after router receives this message, it will start marking packets. After sthresh packets are received by endhost, it will start the path construction and print the path and terminate. You need to terminate the router nodes yourself using Ctrl + C. After doing this, you can view the router log files generated.

NOTE: If you want to rerun a code for different test cases(topologies) then you need to delete the hostname.attackinfo which are generated by the endhost(Router file should not be deleted as its not generated.). This is
because the endhost checks whether the attackinfo file has been generated by traffana or not. If it did then attack has taken place and endhost need to send start marking messages.