The idea of this project is to use blockchain for signaling DDoS attacks in a cooperative and distributed network defense.
Things used in this project
Story
Hello, guys! This project is being developed as part of my Ph.D. research to evaluate my proposal through a prototypical experiment. My research is currently focused on developing a novel solution based on blockchain to support the signaling of DDoS attacks across multiple domains in a distributed defense.
After an initial prototype implementing different network domains on the same host, the second step was to extend the prototype to a truly distributed approach. At this point came the idea of using these boards to develop the project. Although remaining on a smaller scale, the prototype allows evaluating with a more practical view different aspects of the system (mainly related to performance).
Although the software/applications used in the project are specific to the problem I am trying to solve, I believe that the description of the hardware/how to set up a cluster can be useful for other applications. However, let me know if you want to find out more details on the project.
Motivation
Many centralized DDoS defense systems lack hardware resources or software capabilities to detect and mitigate attacks by themselves, and as DDoS attacks become progressively sophisticated and coordinated, the defense from such attacks likewise needs distribution and coordination. Thus, coordinated and distributed defense efforts have become an attractive alternative to extend the defense capabilities of a single system.
Description
The idea of this project is to use blockchain and software-defined networking to provide such collaborative defense reducing the complexity of existing distributed protocols and architectures for gossiping DDoS attacks information. While blockchain simplifies existing approaches with an out-of-the-box distributed infrastructure to broadcast addresses without the need to build specialized registries or other distribution mechanisms/protocols, software-defined networks can optimize the management of flows in response to attacks.
Hardware
- 18x Tinkerboards
- 18x USB Cables (A – Micro)
- 6x Sandisk MicroSD 32 Gb Class 10 (controllers on top)
- 12x Sandisk MicroSD 16 Gb Class 10
- 3x 1Gb – D-link switch
- 3x 1Gb – MikroTik RB750Gr
- 3x 100/10 Mb – ZodiacFX SDN/OpenFlow switch
- 1x 1Gb – MikroTik RB962UiGS-5HACT2HNT (Wireless access + mgmt)
- 3x Aukey PA-T11 (6 ports USB power supply – no problems so far)
- 3x AC Infinity Quiet Dual Fan 80mm (USB powered)
- 8x Multi-pi stackable case (+ some extra screws+spacers)
- 20x Ethernet cables 30cm CAT6
- 1x Gb PoE injector (to reduce the number of power cables)
- 18x Pimoroni Blinkt LEDs (wanted to use as a visual load indicator)
- 18x GPIO extender 90 degrees (to use with the Blinkt)
As I am using gigabit switches (and worse, the fast Ethernet SDN switch to interconnect the domains), thus I have a network bottleneck. For my application, it is not a huge issue, but if you want to build a cluster exploring the full capabilities of the tinkerboard Ethernet card, consider a 10 Gbps switch.
Two crucial points are the power supply and the cooling fans.
Power Supply
A fundamental choice is the Power Supply Unit (PSU) and how you will power the tinkerboards (micro USB or GPIO). Although there are some reports of instability while powering via micro USB, I choose this option because it is the simplest. However, you need to choose a good PSU and good cables. So far I had no problems using the Aukey charger (6 outports, two with 3A and four with 2.4A).
Temperature
The tinkerboard produce lots of heat, and it gets worse when they are stacked. After seeing many reports of overheating issues, I used the AC Infinity fans (inspired by an RPi cluster project), and I also had no heating issues so far.
Images
It is still an ongoing project, and many improvements are needed, but here are some images:
It is not possible to mine Ethereum due to the RAM (at least 4 Gb is required). Thus I used two laptops connected to the management network.
Credits: https://github.com/marcorosa/CnC-Botnet-in-Python
Traffic data monitored by the controllers is sent to an InfluxDB endpoint in the laptop which displays the stats in Grafana. The drop in inter-domain outbound traffic shows the attack blocking.
Schematics
This article has been published from the source link without modifications to the text. Only the headline has been changed.