Go to file
airkeyp c26341c225 chg: [export] Export script added 2019-09-26 15:47:43 +02:00
bin chg: [export] Export script added 2019-09-26 15:47:43 +02:00
etc chg: [launcher] Adding install and launcher scripts 2019-09-26 10:59:06 +02:00
lib chg: [export] Export script added 2019-09-26 15:47:43 +02:00
.gitignore chg: [export] Export script added 2019-09-26 15:47:43 +02:00
LICENSE.md chg: Initial commit 2019-09-18 15:17:24 +02:00
Pipfile fix: [analyzer] Local analyzer works 2019-09-25 08:14:42 +02:00
Pipfile.lock fix: [analyzer] Local analyzer works 2019-09-25 08:14:42 +02:00
README.md fix: [analyzer] Local analyzer works 2019-09-25 08:14:42 +02:00
analyzer_launch.sh chg: [launcher] Adding install and launcher scripts 2019-09-26 10:59:06 +02:00
install.sh chg: [export] Export script added 2019-09-26 15:47:43 +02:00
setup.py fix: [analyzer] Local analyzer works 2019-09-25 08:14:42 +02:00

README.md

ICMP Passive Analyzer - D4 IPA

Reads a pcap file and analyze icmp packets to detect potential DDoS attacks (guaranteed gluten free)

Installation

REQUIREMENTS:

  • This analyzer requires pipenv and redis 5.0 or above.
  • You need at least python3.6 or later to run this.

SETUP:
First, you need to install pipenv:

pip install pipenv

Then clone redis where you want it installed:

git clone https://github.com/antirez/redis.git
cd redis
git checkout 5.0
make
cd ..

You can finally clone this repo on your machine and simply setup the virtual environment with pipenv like so:

git clone https://github.com/D4-project/analyzer-d4-ipa.git
cd analyzer-d4-ipa
pipenv install

Usage

Start the redis server

Don't forget to set the DB directory in the redis.conf configuration. By default, the redis for IPA is running on TCP port 6405.

../redis/src/redis-server ./etc/redis.conf

Configure and start the D4 analyzer

cd ./etc
cp analyzer.conf.sample analyzer.conf

Edit analyzer.conf to match the UUID of the analyzer queue from your D4 server.

[global]
my-uuid = 6072e072-bfaa-4395-9bb1-cdb3b470d715
d4-server = 127.0.0.1:6380
# INFO|DEBUG
logging-level = INFO

Start the analyzer

cd ../bin
python3 run_ipa.py

If you have local pcaps stored in a dataset that you want to analyze, use -p argument and specify the absolute path of the dataset root folder.

python3 run_ipa.py -p /absolute/path/to/dataset/root