Intrusion Prevention System to dynamically add firewall rules to block malicious traffic detected by IDS system implemented on Software Defined Networl (SDN). Alternatively, the malicious traffic can be redirected to a Honeypot Server. OpenFlow protocol used for SDN. Snort used for IDS (Intrusion Detection System).
Hi there sir,
Hope you are at your best, I am a studying graduation (Masters) of information security at a well know university in Pakistan and working on SDNs and their integration with Honeypots. So far, I have deployed a GenIII virtual honeynet with honeywall configured, tested it, works pretty well and generating logs. On the other hand, I have deployed a Floodlight Controller, tested it with mininet and it works fine as well. Now I have to integrate both of them and perform on the fly traffic classification to redirect the malicious traffic on to the Honeynet. I just went through your project and understood that it is something that I need. First of all, I request your permission to use and understand your project, secondly, could you please guide me about how to use the code.. I launched the topology as stated, mirrored the port of H4 on snort running on H5. But when I try to run the code on H5 "ips_honey" to redirect the traffic towards H3. It does not work. Am i doing anything wrong? Please guide me.
I would really appreciate any help from your side and would be much thankful to you.