Le Monde (the translated version here) reports that the web site of the French Embassy in China has been inaccessible for a few days. The cause is an apparently DDoS. The attack seems to be a consequence of the political tensions between China and France as result of the meeting of the french president Sarkozy with the Dalai Lama in Poland.
Today I was asking in how to monitor TCP connections on NS-2. Then I decided to blog about the topic.
First you need a TCP agent and maybe with a FTP or some sort of application (I suppose that you already have some nodes):
#Setup a TCP connection set tcp1 [new Agent/TCP]
$tcp1 set class_ 2
#Attach tcp to node n0 $ns attach-agent $n0
$tcp1 set sink [new Agent/TCPSink]
#Attach a sink to node
n1 $ns attach-agent $n1 $sink $ns connect $tcp1 $sink
$tcp1 set fid_ 1
#Setup a FTP over TCP connection
set ftp0 [new Application/FTP]
#Link tcp agent with FTP application
$ftp0 attach-agent
$tcp1 $ftp0 set type_ FTP
Now, create a procedure to print some TCP information
proc update_tcpinfo {} {
global ns file_out time_step
set now [$ns now]
set window [$tcp set cwnd_]
set avgwind [$tcp set awnd_]
set rtt [$tcp set rtt_]
set acks [$tcp set ack_]
Then you have window, avgwind, rtt and acks that you can print out to screen or to a file (an output file or may be the tracefile, I would recommend a separate trace file).
puts $file_out "$now $window $avgwind $rtt $acks"
And call the procedure every time_step
$ns at [expr $now + $time_step] "update_tcpinfo" }
To declare your outfile just do it as the trace and nam files are normally initiated:
#Open flow file set file_out [open flow_trace.txt w]
And do not forget to close it:
#Define a 'finish' procedure
proc finish {} {
global ns nf tf file_out
$ns flush-trace
#Close the NAM trace file
close $nf
#Close the Trace file
close $tf
#Close outputs file
close $file_out
#Execute NAM on the trace file, uncomment the next line to exec NAM automatically
#exec nam out.nam & exit 0
}
Call the procedure and run the simulation
$ns at 0.5 "updatetcpinfo" #Call the finish procedure after 5 seconds of simulation time $ns at 5 "finish" #Run the simulation $ns run
This is only pseudo code and it could have some errors. I prepared a working file that can be found here:
Well, I started to play with the new YouTube feature to add captions to your video. I think that my video of the DoS attack simulation is better explained with captions. This is the same video that I have used in some of my research work and paper presentations.
I do not why but the embedded video did not show the captions, so the link is here.
This has been around the twitter world and it is funny and serious. Some days ago Revision 3, a new media company that distribute their content via Internet was under a DDoS attack. They just released in their blog that the attack came by no other than MediaDefender. MediaDefender is a dark company paid by content distributors in order to disrupt, hack and to do other non ethical activities with the flag of "Anti-piracy". It results that Revision 3 uses bittorrent, a very common P2P tool to distribute ITS OWN content.
Many questions raise with these actions. What was Mediadefense doing against Revision3? Are legal their actions? What are the MediaDefender's criteria to "disrupt" torrent sources?
I honestly hope that Revision 3 take some legal action against this attack. I think that is enough with the danger that website owners face today with attacks from botnets, it is not good to add more attack sources such as this type of companies.
I just realized that my research page it is a little bit difficult to manage and that I was using my wiki like a blog. So I will do some changes. Among them I plan to integrate and use more web 2.0 technologies, e.g. I will add my papers in CiteUlike, I will manage my links in Del.icio.us with tags, I will post some news using twitter and Yahoo Pipes and so on. Probably I even will start using Google Sites to host the pages instead of the university infrastructure.
According to Jean-Michel Louboutin, Executive Director of Interpol Police the main security risk in the Olympic Games is the physical security of the visitors (and Chinese people as well). I agree with that, however I think that in the interview with PCWorld he subestimate the effect of a DDoS attack. The Chinese Internet infrastructure might be stronger against a DDoS than Estonian, but in a synchronized attack some services such as news reports or the Internet communication of visitors may be compromised. It is true that according to MessageLabs the infamous botnet "Storm" seems to shrunk; although these are good news (and less DoS could be launch) we are not sure if the small size of Storm is due to better security practices or just that another group of hackers has taken control of the botnet.
I read a comment in the Bruce Schneier's Blog about security: Never say "never", "this is impossible", "this will not happen". I honestly wish to be wrong, but I am sure that it will be more than one attack against the olimpyc infrastructure and at least one will success.
This post in spanish
I recently started to run a big simulation (68 agents and nodes) in NS-2 to test my intrusion detection algorithm using reinforcement learning. When I ran the simulation for more than x time, it started freezing the host and it ended killing the process. I look for errors in the code and nothing. I freed some disk space thinking that it could be that the log files were using all the available space. It worked a little until I ran the configuration x + y time.
I suspect about memory use and I increase the memory in the host machine (I was using vmware, so it was easy) with good results. However, as I increased the simulation time the solution became and endless cycle (that will end in no more memory available in the machine hosting the vmware). I started looking for problems in how I was using the memory in my code. I found some links about how to debug memory allocations in NS. I must say that I could not make them work, any way the links are here:
NS-2 debugging tips
dmalloc
Of course I sent an e-mail to the ns-users e-mail list, and as always it was useless (it seems that anybody likes to answer smart questions and newbies always post dumb ones -that no body replies either -). After reading the ns-manual again, I found that I could (or I must I am not sure) free the packets that I used. It is that I developed a new type of agent. The interaction and information shared between agents is of course through special packets that I define.
So, the call is:
Packet::free(pkt);
I call it in the method that receives the packet just after reading the packet data that I need:
void RL_MAgent::recv(Packet* pkt, Handler*)
{
// Access the IP packet
hdr_ip *iph = hdr_ip::access(pkt);
// Access the RL header for the received packet:
hdr_rl* hdr = hdr_rl::access(pkt);
double stime = hdr->send_time_;
int ptype_ = hdr->p_type_;
int nodeid_ = hdr->node_id_;
int src = iph->saddr();
int dest = iph->daddr();
int srcport = iph->sport();
float now_ = Scheduler::instance().clock();
Packet::free(pkt);
if (ptype_ == T_START)
{ ...
As result, my simulation only needs around of a steady 10MB of memory to run.
