README file for Panoptis
Constantinos A. Kotsokalis || ckotso@grnet.gr

1. What is Panoptis?

Panoptis is a project aiming at detecting and stopping DoS and DDoS attacks
that bring the Internet to each knees every day. It tries to do that by
processing Cisco(R) NetFlow(TM) data.


2. What do I need to use it?

First, you need a router that exports NetFlow(TM) data. Versions 1, 5 and
8 are supported, although version 8 has not been tested AT ALL. You also
need a server to accept data and process it.

In order to compile the software you need a C++ compiler (tested only with
g++ for the time being) and the CommonC++ library, found at
http://www.gnu.org/software/commonc++/CommonC++.html
At the moment the software has been linked against CommonC++ 1.9.5 as
well as the CVS version, and has been tested with these versions only.

The only operating system supported at the moment is GNU/Linux. There
has been a great amount of effort to port the software to Solaris (2.7),
but it has failed so far. Another thing to note is that the peer module
(thread) is deactivated for the time being, since it has not been tested.
Hopefully it will be available in the next version.

Before you can use the software, you must also have read SNMP access to
your router. That is only needed by the speeds.py script that collects
some initial information (the .py extention should already make you think
you'll need the Python programming language installed -- that's true :))


3. Ok I'm all set, now what?

First, compile the software:
# ./configure
# make

Note that after the configure script has finished, you'll have to edit
the Makefile to link against libxml, if you have linked CommonC++ against
it (that is if you have not used the --disable-xml switch when
configuring CommonC++).

*DON'T* ``make install'', the code to handle that is not there yet -- it's
a little spot that needs to be fixed and will be soon.

Then, change to the "panoptis" directory and run the speeds.py script
like this:
# ./speeds.py myrouter-address.my-isp.com ifspeed.txt

After that edit the configuration file. Information on its format is
available in the sample file provided with this release (config.txt).
Then, edit the mail.py script and change the SMTP_SERVER, FROM_ADDR,
TO_ADDR and BASE_URL variables according to your configuration.

You're now ready to go. For Bourne shell type:
# ./panoptis -c config.txt -s ifspeed.txt > panoptis.log 2>&1 &
For csh/tcsh type:
# ./panoptis -c config.txt -s ifspeed.txt >& panoptis.log &

All the output is directed to panoptis.log.
In order to use the web interface, copy the pview.py script to your
cgi-bin directory, and edit it to change the REMOTE_HOST variable (you'll
see it at the beginning of the script).

Bear in mind that this is a beta release, and it might not work
as expected or may yeld errors. You can always contact me 
(ckotso@grnet.gr) and let me know of such errors or other strange
behavior.


