RATd

The RATd daemon performs the reconstruction procedure described in subsection 1.1.2. It must be installed in all network routers. This tool was tested in Debian Sarge 3.1 Linux system, but it should work well in all Unix-like operating systems. This program uses the libpcap library. The libpcap package is available at:

http://www.tcpdump.org.

You have to install it before continue. To download, compile and install the RATd daemon the user must type the following at the prompt:

$ wget http://www.gta.ufrj.br/rat/software/ratd-VERSION.tar.gz
$ tar xzvf ratd-VERSION.tar.gz
$ cd ratd-VERSION
$ ./configure
$ make

NOTE: Next step may require super-user (root) privileges, depending on local system configuration.

$ make install

Where VERSION is the RATd version number. The initial version is 1.0. For more details, please read the ``INSTALL'' file of the distribution.

To configure the RATd daemon, do the following:

$ mkdir /ratd
$ vi /ratd/neighborhood.dat

You have to edit the ``/ratd/neighborhood.dat'' file. Insert the IP addresses of each neighbor network interface. One IP address per line. This configuration must be done in all network routers.

To run the program in an intermediate node, just type as root:

$ ratd --intermediate_node

To run the program in the initial node (victim), just type as root:

$ ratd --initial_node

If an attack to the victim occurs, the attack route will be saved in an file in the ``/ratd'' directory. In this directory there is also the log file.