DDoSDB system embedded in a virtual machine. As depicted, the system has 3 components: dissector, database, and converter.
- Download the Virtual Machine
- Run the Virtual Machine using the software Virtual Box
- Connect to the IP using your browser: http://localhost/
- Generate fingerprints using
Dissector
(in the VM this is located at ~/.ddosdb/ddos_dissector/ddos_dissector.py) - List the fingerprints generated on Web Interface (click on the Overview button at the start page)
user | pass |
---|---|
ddosdb | ddosdbddosdb |
root | use sudo |
The VM has all the services running and ready to go. You should be able to connect to the Web server simply using the IP address of the VM in your browser.
Note: The Virtual Machine is configured to get IP address from DHCP (bridge mode). You can define the IP address manually, if you prefer. Be sure you can reach it from the host system.
Use the following credentials to access the Web Interface. You can add more users following the instructions.
user | pass | type |
---|---|---|
ddosdb | ddosdbddosdb | admin user (for adding other users) |
upload | uploadupload | user with upload rights (for dissector) |
Web interface user adminstration [add new users and grant permissions]
htttp:/localhost/admin
Directory structure:
- DDoSDB root directory:
/opt/
- DDDoSDB website settings (django):
/opt/ddosdb/website/
configuration file: /opt/ddosdb/website/settings_local.py
main directives:
# Which hosts are allowed to access the Web interface
# ALLOWED_HOSTS = ['ddosdb.org', 'localhost', '127.0.0.1']
# This allows all hosts to connect to the Web interface
ALLOWED_HOSTS = ['*']
# Raw path to fingerprint and attack vector data
# pcap and json are stored here
RAW_PATH = "/opt/ddosdb-data/"
# Location where HTML are stored
STATIC_ROOT = '/opt/ddosdb-static/'
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'ddosdb',
'USER': 'ddosdb',
'PASSWORD': 'ddosdb',
'HOST': 'localhost'
}
}
Dissector is reponsable for process a .pcap
file and extract its characteristics. We provided a set of DDoS attacks in .pcap
format in the repository. Follow the steps bellow to process your first file.
- Download the last version of software
git clone https://github.com/ddos-clearing-house/ddos_dissector
- Use the provided pcap samples to generate fingerprints and update to the repository
python3 ddos_dissector_cli.py --input ./../pcap_samples/sample2.pcap --log /tmp/log.txt
- filename: /home/ddosdb/ddos_dissector/src/settings.py
POOL_SIZE = 4
# IP address used to submit the fingerprints
DDOSDB_URL = "http://10.0.0.10/"
# Username for DDoSDB for uploading the attack vector and fingerprint
USERNAME = "ddosdb"
# Password for DDoSDB for uploading the attack vector and fingerprint
PASSWORD = "071739440782b7c6581241607acca8b7"
The converter translates the processed fingerprints to mitigation rules. The system provides one converter convert_iptables
that converts fingerprints to firewall IPtables.
The following animation shows the process.