Panoptis: A project to detect and block DoS/DDoS attacks

A couple of words...

...before we get on to the details: Panoptis has not been developed for three years now. The ideas are still valid so it should work, more or less. Just don't expect fancy interfaces -- it is quite rough around the edges. As much as I would love to, I do not have the time to continue working on this fabulous project. I'm glad enough that I found the chance, after three years, to update it so that it compiles and runs on more recent systems. I am always open to any comments though, so don't hesitate to drop me a line if you have to ask or say something.

What is Panoptis?

Panoptis is a project started some time ago, with the aim to stop the Denial of Service and Distributed Denial of Service attacks that have been torturing the Internet for the last few years. It is based on real-time processing of Cisco (R) NetFlow (TM) data, since this seems to be the most efficient approach as it is router-centric, allowing for automated central response without intervention from the affected organizations' network administrators.

Current status

Panoptis is now in a beta stage, and released under the GNU Public License.

At the moment, Panoptis detects the attacks (it is quite successful at that), and uses the script to notify the administrators through email that an attack has started (or ended). It also connects to potential peers to notify them.

You can download the source code (0.1.4 release) and compile/run it. There is also a SourceForge project page over here. If an attack takes place but panoptis outputs nothing, email me and let me know (if you are using it along with other packages like cflowd and can provide me with any diagrams and other data, that would be really great). Also, let me know if panoptis reports an attack but there's really no attack going on.

"You can't really stop DoS/DDoS attacks"

*WE* can :) There is code already added to Panoptis, that aims at creating a mesh of detectors that cooperate to trace-back attacks. The code is neither activated, nor tested yet, but it is a priority for the short-term future.

Project hosted by SourceForge
SourceForge Logo
Costas Kotsokalis
Mon Nov 27 09:08:50 PST 2006