detecting and blocking DoS/DDoS attacks

Constantinos A. Kotsokalis ckotso at grnet.gr
Tue Mar 5 17:32:52 UTC 2002


Hello everyone,
   I recently finished the latest beta release of a tool to detect (and 
possibly block) DoS/DDoS attacks. There are a few problems that I am 
trying to resolve, but all in all it seems to work. The tool is released 
under the GPL (i.e. it is free to use and modify the source code) and is 
available at:

http://prdownloads.sourceforge.net/panoptis/panoptis-0.1b4.tar.gz

Any contribution to the code, or functionality tests, will be of great 
value. Please note that the input is provided by Cisco routers exporting 
NetFlow data. At the moment, versions 1 and 5 have been tested. Support 
for version 8 is included, but not tested at all. The tool also allows 
for the creation of a detector mesh, in order to achieve trace-back in 
the case of spoofed IP addresses. Another thing to keep in mind is that 
it is written in C++ (so you will need a C++ compiler), it has been 
tested on Linux and it needs the GNU CommonC++ library (available at 
http://sourceforge.net/projects/cplusplus ).

Please understand that this is a beta release, so not everything might 
work as it should; However, enough testing will lead to a stable release 
which will help all of us get rid of script kiddies bringing our 
networks to their knees.

Thanks,
   Costas

-- 
Constantinos A. Kotsokalis || ckotso at grnet.gr
Greek Research and Technology Network
Tel: +30 10 7474243 || Fax: +30 10 7474490




More information about the NANOG mailing list