...

Note: If you are using a GUI version of Ubuntu, you should disable networking by unchecking un-checking it in the relevant menu, in order to avoid interfaces swapping IP addresses!
Pass the network configuration with onos-netcfg and login to the onos CLI:

...

Now that the topology is running, through the mininet CLI you can connect to the hosts to check connectivity and also to the BGP speakers to modify the BGP control plane. To hijack the prefix of our the protected AS:

1. Connect to the BGP speaker named R3: 

...

R3> sdnip (this is the password)
R3> enable
R3# configuration terminal
R3(conf)# router bgp 65003
R3(conf-bgp)# network 40.0.0.0/8

Now the hijacker (AS65003) will attract all the traffic away from AS65001 (destined to 40.0.0.0/8); in parallel the ExaBGP speaker will send the BGP update of the hijack (among other updates seen by AS65004) to the ONOS instance (running artemis) which is going to detect the hijack.

Inside the logs you will see that the attack is actually detected and the de-aggregation deaggregation mechanism has successfully mitigated the attack (by announcing the more specific 40.0.0.0/9 and 40.128.0.0/9 from the BGP speaker of the protected AS).

After BGP converges and the control and data planes are consistent, the traffic of AS65001, destined to 40.0.0.0/8, returns to our the protected AS.

Demo video

...