README

$Id: README,v 1.2 2005/10/11 18:07:15 yuri Exp $

This directory contains two utilities used by LANDER project:

	http://www.isi.edu/ant/lander/

for removing user data from packet traces and anonymizing IP addresses
"dag_scrubber" and "scramble_ips".  

dag_scrubber - reads input packet tracefile in ERF format (produced by
  DAG capture cards) and does two things.  The first function is
  dubbed "scrubbing" and is designed to zero out or chop off (if at
  the end of the packet) all user data.  "User data" is a vague term;
  it's precise definition in the dag_scrubber context can be derived
  from the dag_scrubber decision tree described in the accompanying
  file "scrubber_decisiontree.txt".

  The second process, called "scrambling", performs cryptography-based
  prefix-preserving IP address anonymization for both IPv4 and IPv6
  addresses.  This algorithm was published by Jun Xu, Jinliang Fan,
  Mostafa Ammar, and Sue Moon in "Prefix-Preserving IP Address
  Anonymization: Measurement-based Security Evaluation and a New
  Cryptography-based Scheme":

	http://www.cc.gatech.edu/computing/Telecomm/cryptopan/icnp02.ps

  This code does not derive from the Crypto-PAn package, and is an
  independent implementation of the ideas described in the paper.

scramble_ips - allows the user to scramble some known IP addresses and
  find out their anonymized counterparts.  This is useful, for
  example, if your trace contains traffic to your server and you'd
  like to know the server's address to find traffic addressed to/from
  it in the scrambled trace.  Note that it should be very hard to find
  the reverse mapping (i.e. from scrambled to unscrambled addresses) if
  the key is not available.  If the key is available, the "reverse"-
  mode of this tool allows to recover original addresses (-r switch).


PLATFORMS

These utilities have been tested only on x86-based platforms running
GNU-Linux.  In particular, we've tested them on RedHat Entriprise
Linux AS release 3, Fedora Core 3, and Fedora Core 4.  Note, that we
HAVE NOT tested this code on any big-endian machines, although we see
no reason at present why it should not work on such machines.
 

BUILDING BINARIES

 1. Make sure you have installed PCAP and SSL libraries in
    standard places.  Without these libraries linking of the binaries
    will fail.
 2. Run make and pray.


 
