Using 2.4 GHZ wireless botnets to implement denial-of-service attacks

This article attempts to create a software and hardware complex that can work autonomously and demonstrates the ease of implementation of attacks on denial of service on wireless networks, which in turn emphasizes the need to provide comprehensive protection of wireless network

Web attack risk awareness with lessons learned from high interaction honeypots

Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2009Com a evolução da web 2.0, a maioria das empresas elabora negócios através da Internet usando aplicações web. Estas aplicações detêm dados importantes com requisitos cruciais como confidencialidade, integridade e disponibilidade. A perda destas propriedades influencia directamente o negócio colocando-o em risco. A percepção de risco providencia o necessário conhecimento de modo a agir para a sua mitigação. Nesta tese foi concretizada uma colecção de honeypots web de alta interacção utilizando diversas aplicações e sistemas operativos para analisar o comportamento do atacante. A utilização de ambientes de virtualização assim como ferramentas de monitorização de honeypots amplamente utilizadas providencia a informação forense necessária para ajudar a comunidade de investigação no estudo do modus operandi do atacante, armazenando os últimos exploits e ferramentas maliciosas, e a desenvolver as necessárias medidas de protecção que lidam com a maioria das técnicas de ataque. Utilizando a informação detalhada de ataque obtida com os honeypots web, o comportamento do atacante é classificado entre diferentes perfis de ataque para poderem ser analisadas as medidas de mitigação de risco que lidam com as perdas de negócio. Diferentes frameworks de segurança são analisadas para avaliar os benefícios que os conceitos básicos de segurança dos honeypots podem trazer na resposta aos requisitos de cada uma e a consequente mitigação de risco.With the evolution of web 2.0, the majority of enterprises deploy their business over the Internet using web applications. These applications carry important data with crucial requirements such as confidentiality, integrity and availability. The loss of those properties influences directly the business putting it at risk. Risk awareness provides the necessary know-how on how to act to achieve its mitigation. In this thesis a collection of high interaction web honeypots is deployed using multiple applications and diverse operating systems in order to analyse the attacker behaviour. The use of virtualization environments along with widely used honeypot monitoring tools provide the necessary forensic information that helps the research community to study the modus operandi of the attacker gathering the latest exploits and malicious tools and to develop adequate safeguards that deal with the majority of attacking techniques. Using the detailed attacking information gathered with the web honeypots, the attacking behaviour will be classified across different attacking profiles to analyse the necessary risk mitigation safeguards to deal with business losses. Different security frameworks commonly used by enterprises are analysed to evaluate the benefits of the honeypots security concepts in responding to each framework’s requirements and consequently mitigating the risk

Дослідження продуктивності безпроводових вбудованих систем

У тезах представлені результати тестування навантаження вбудованих апаратних платформ для рішень Internet of Things. Проаналізовано можливості обладнання. Операційні системи різних виробників були об'єднані в єдину класифікацію і для двох найпопулярніших операційних систем проведено тестування навантаження, яке проводилось на зовнішньому та внутрішньому адаптерах безпроводової мережі. Було розроблено власне програмне рішення на основі мови програмування Python. Кількість пристроїв безпроводового зв’язку становила від 7 до 14. Експериментальні результати будуть корисні при розгортанні безпроводової інфраструктури для невеликих комерційних та наукових безпроводових мереж

Home Network Protector - IoT Device

The Internet of Things (IoT) market is projected to grow to more than 80 billion connected devices by the year 2025 [1]. This surge in relevance opens numerous avenues to those with malicious intent to prey on the uninitiated. With the projected growth of IoT devices, this implies a more connected lifestyle for your everyday consumer. As more devices integrate into our daily lives, security of those devices becomes substantially more important. It all starts with the home network. Just as people feel secure from outside dangers from within their home, they should also have the same peace of mind for their devices on their home network. With our project, we aim to construct a robust network security device, with a plug and play model. Through firewalls and many Linux configurations, HNP is able to grant internet access by functioning as a router with iptables and functionality to protect from many possible penetrating techniques

A Misuse-Based Intrusion Detection System for ITU-T G.9959 Wireless Networks

Wireless Sensor Networks (WSNs) provide low-cost, low-power, and low-complexity systems tightly integrating control and communication. Protocols based on the ITU-T G.9959 recommendation specifying narrow-band sub-GHz communications have significant growth potential. The Z-Wave protocol is the most common implementation. Z-Wave developers are required to sign nondisclosure and confidentiality agreements, limiting the availability of tools to perform open source research. This work discovers vulnerabilities allowing the injection of rogue devices or hiding information in Z-Wave packets as a type of covert channel attack. Given existing vulnerabilities and exploitations, defensive countermeasures are needed. A Misuse-Based Intrusion Detection System (MBIDS) is engineered, capable of monitoring Z-Wave networks. Experiments are designed to test the detection accuracy of the system against attacks. Results from the experiments demonstrate the MBIDS accurately detects intrusions in a Z-Wave network with a mean misuse detection rate of 99%. Overall, this research contributes new Z-Wave exploitations and an MBIDS to detect rogue devices and packet injection attacks, enabling a more secure Z-Wave network

Investigation of open resolvers in DNS reflection DDoS attacks

Les serveurs du système de noms de domaine (DNS) représentent des éléments clés des réseaux Internet. Récemment, les attaquants ont profité de ce service pour lancer des attaques massives de déni de service distribué (DDoS) contre de nombreuses organisations [1, 2, 3]. Ceci est rendu possible grâce aux différentes vulnérabilités liées à la conception, implantation ou une mauvaise configuration du protocole DNS. Les attaques DDoS amplifiées par DNS sont des menaces dangereuses pour les utilisateurs d’Internet. L’objectif de cette étude est d’acquérir une meilleure compréhension des attaques DDoS amplifiées par DNS par l’investigation des résolveurs DNS ouverts à travers le monde. Dans ce contexte, il est nécessaire d’adopter une approche en phase précoce pour détecter les résolveurs DNS ouverts. Cela devient cruciale dans le processus d’enquête. Dans cette thèse, nous nous intéresserons à l’utilisation de résolveurs DNS ouverts dans les attaques DDoS amplifiées par DNS. Plus précisément, la principale contribution de notre recherche est la suivante : (i) Nous profilons les résolveurs DNS ouverts, ce qui implique : détecter les résolveurs ouverts, les localiser, détecter leur système d’exploitation et le type de leur connectivité, et étudier le but de leur vivacité. (ii) Nous effectuons une évaluation de la sécurité des résolveurs DNS ouverts et leurs vulnérabilités. De plus, nous discutons les fonctions de sécurité des résolveurs DNS, qui fournissent, par inadvertence, les attaquants par la capacité d’effectuer des attaques DDoS amplifiées par DNS. (iii) Nous présentons une analyse pour démontrer l’association des résolveurs DNS ouverts avec les menaces de logiciels malveillants.Domain Name System (DNS) servers represent key components of Internet networks. Recently, attackers have taken advantage of this service to launch massive Distributed Denial of Service (DDoS) attacks against numerous organizations [1, 2, 3]. This is made possible due to the various vulnerabilities linked to the design, implementation or misconfiguration of the DNS protocol. DNS reflection DDoS attacks are harmful threats for internet users. The goal of this study is to gain a better understanding of DNS reflection DDoS attacks through the investigation of DNS open resolvers around the world. In this context, there is a need for an early phase approach to detect and fingerprint DNS open resolvers. This becomes crucial in the process of investigation. In this thesis, we elaborate on the usage of DNS open resolvers in DNS reflection DDoS attacks. More precisely, the main contribution of our research is as follows : (i) We profile DNS open resolvers, which involves : detecting open resolvers, locating them, fingerprinting their operating system, fingerprinting the type of their connectivity, studying the purpose of their liveness. (ii) We conduct an assessment with respect to DNS open resolvers security and their vulnerabilities. Moreover, we discuss the security features that DNS open resolvers are equipped with, which inadvertently provide the capability to the attackers in order to carry out DNS reflection DDoS attacks. (iii) We present an analysis to demonstrate the association of DNS open resolvers with malware threats

Wormulator: Simulator for Rapidly Spreading Malware

This project addresses the need for an application level simulator to simulate Internet-wide phenomenon such as flash worms, botnets, Distributed Denial-of-Service attacks, etc. There are many network simulators intended for parallel and distributed simulation, but most are designed to simulate low level communication protocols such as TCP/IP. The desire to simulate rapidly spreading malware for research and teaching purposes lead us to explore the Spamulator, which was designed to simulate spam email on an Internet-wide scale. The Spamulator was developed by a team at the University of Calgary. It is a lightweight, application level simulator, which implements limited set of features of the Internet. In this project, the Spamulator is enhanced with the User Datagram Protocol (UDP) to simulate UDP worms. The modified version of the Spamulator is called the Wormulator. Wormulator tracks instantaneous network traffic, identifies and signals congestion throughout the network. The Wormulator is further enhanced with the use of POSIX threads instead of forking processes to create a distributed network of simulated servers. The resulting tool is called the “Enhanced Wormulator”. Finally, a random scanning UDP worm with behavior similar to the well known SQL Slammer worm is modeled to validate the results of our simulation. Results and data gathered from the simulation exhibit a qualitative resemblance to the realworld SQL Slammer worm. “Enhanced Wormulator”, which uses POSIX thread instead of forking a process, had a catalytic effect on the scalability factor of the simulation. The simulation was run on a network of 30,000 server nodes. Hence, we conclude that rapidly spreading malware can be effectively simulated using the Wormulator