| The ISEAGE environment is an advanced test-bed designed to allow researchers to play out real attacks against real machines without endangering any outside networks. Along with this test-bed comes the need for tools to utilize the environment and to help advance and grow the overall ISEAGE system. An important tool to have in any such test-bed environment such as ISEAGE is the ability to replay traffic from previous sessions. More specifically it is important to have the ability to replay attack traffic. It is this need that created the Intrusion Collector and Emulator (ICE).; ICE is a system comprised of three main components; Snort, MySQL, and a custom piece of software called the Replayer. These three pieces come together to form a cohesive unit that allows users to capture and store attack traffic for later study and use. The Replayer can then retrieve any and all of the attacks and replay them. This gives researchers using ISEAGE a valuable tool that will allow them to capture attacks from various real world sites using Snort, and then study their effects on machines and networks as they replay those same attacks in safety on the ISEAGE network. |
