Re: [umit-devel] SVN repository scheme
Hi Friends,
On Thu, Nov 26, 2009 at 11:58 AM, Adriano Marques wrote:
> Hello Francesco,
>
> Thanks for your initiative!
>
> I agree with your proposal, just check the svnmerge issue, and how to
> fix it and instead of umit, put umit-ns, umit-web, etc. We have to
> agree also in a naming convention for projects in the repo
>
> I think that umit-ns, umit-web, umit-qs, etc. should be ok for
> projects related to the Network Scanner project. There should be no
> umit directory anywhere, as umit is now the name of the organization,
> not the name of any of our softwares. I think that lower case dash
> separated names are the best way to go. What do you guys think?
I think RadialNet branch could be on umit-rn, and Zion under umit-zion
or just zion, I'm not sure about this last one.
> Kind Regards,
>
> On Thu, Nov 26, 2009 at 7:55 AM, Francesco Piccinno
> wrote:
>> I'm sending a mail here so anyone could read and comment on it.
>> The directory structure of the svn repo is pretty unclear and
>> disorganized. We have a only trunk directory for umit source code and
>> a branch containing various stuff like UMPA, UmitWeb, PM, etc. What I
>> want to do is to move everything in a proper location in order to have
>> a standard svn directory scheme, with product/{trunk,branches,tags}.
>>
>> At the end we should something like
>>
>> /umit
>> |-- trunk
>> |-- tags
>> `-- branches
>>
>> /UmitWeb
>> |-- trunk
>> |-- tags
>> `-- branches
>>
>> In this way we should get a clear svn repo following the SVN
>> convention and less headaches.
>>
>> --
>> Best regards,
>> Francesco Piccinno
>>
>> --
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>> trial. Simplify your report design, integration and deployment - and focus on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now. http://p.sf.net/sfu/bobj-july
>> ___
>> Umit-devel mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/umit-devel
>>
>
>
>
> --
> Adriano Monteiro Marques
>
> http://adriano-marques.blogspot.com
> http://www.umitproject.org
> http://www.pythonbenelux.org
>
> "Don't stay in bed, unless you can make money in bed." - George Burns
>
> --
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> ___
> Umit-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/umit-devel
>
--
João Medeiros
--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
___
Umit-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/umit-devel
Re: [umit-devel] UMPA and myself
Congratulations! So, and now, what are the next steps? :) On Thu, Nov 26, 2009 at 2:17 PM, Bartosz SKOWRON wrote: > Hi folks, > > since 2pm today, I am graduated in Computer Science. As most of you > may know, my master thesis was related to Umit Project and I would > like to thank everyone for giving me this opportunity. Especially > thanks to Adriano, Luis, Guilherme, Joao and Francesco! > > For those who would like to read my thesis (it's written in english) > here is a link to PDF: http://szwed.asi.pwr.wroc.pl/~xsx/thesis.pdf > > -- > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > ___ > Umit-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/umit-devel > -- João Medeiros -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
Re: [umit-devel] SVN repository scheme
Hello Adriano, On Thu, Nov 26, 2009 at 4:42 PM, Adriano Monteiro Marques wrote: > Hello Joao, > > Em 26/11/2009, às 15:05, [email protected] escreveu: > >> Hi Friends, >> >> On Thu, Nov 26, 2009 at 11:58 AM, Adriano Marques >> wrote: >>> >>> Hello Francesco, >>> >>> Thanks for your initiative! >>> >>> I agree with your proposal, just check the svnmerge issue, and how to >>> fix it and instead of umit, put umit-ns, umit-web, etc. We have to >>> agree also in a naming convention for projects in the repo >>> >>> I think that umit-ns, umit-web, umit-qs, etc. should be ok for >>> projects related to the Network Scanner project. There should be no >>> umit directory anywhere, as umit is now the name of the organization, >>> not the name of any of our softwares. I think that lower case dash >>> separated names are the best way to go. What do you guys think? >> >> I think RadialNet branch could be on umit-rn, and Zion under umit-zion >> or just zion, I'm not sure about this last one. > > I think zion is the best, as zion integration into umit (umit-zion) will be > inside umit-ns, don't you think? I'm agree. >> >>> Kind Regards, >>> >>> On Thu, Nov 26, 2009 at 7:55 AM, Francesco Piccinno >>> wrote: >>>> >>>> I'm sending a mail here so anyone could read and comment on it. >>>> The directory structure of the svn repo is pretty unclear and >>>> disorganized. We have a only trunk directory for umit source code and >>>> a branch containing various stuff like UMPA, UmitWeb, PM, etc. What I >>>> want to do is to move everything in a proper location in order to have >>>> a standard svn directory scheme, with product/{trunk,branches,tags}. >>>> >>>> At the end we should something like >>>> >>>> /umit >>>> |-- trunk >>>> |-- tags >>>> `-- branches >>>> >>>> /UmitWeb >>>> |-- trunk >>>> |-- tags >>>> `-- branches >>>> >>>> In this way we should get a clear svn repo following the SVN >>>> convention and less headaches. >>>> >>>> -- >>>> Best regards, >>>> Francesco Piccinno >>>> >>>> >>>> -- >>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >>>> 30-Day >>>> trial. Simplify your report design, integration and deployment - and >>>> focus on >>>> what you do best, core application coding. Discover what's new with >>>> Crystal Reports now. http://p.sf.net/sfu/bobj-july >>>> ___ >>>> Umit-devel mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/umit-devel >>>> >>> >>> >>> >>> -- >>> Adriano Monteiro Marques >>> >>> http://adriano-marques.blogspot.com >>> http://www.umitproject.org >>> http://www.pythonbenelux.org >>> >>> "Don't stay in bed, unless you can make money in bed." - George Burns >>> >>> >>> -- >>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >>> 30-Day >>> trial. Simplify your report design, integration and deployment - and >>> focus on >>> what you do best, core application coding. Discover what's new with >>> Crystal Reports now. http://p.sf.net/sfu/bobj-july >>> ___ >>> Umit-devel mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/umit-devel >>> >> >> >> >> -- >> João Medeiros > > --- > Adriano Monteiro Marques > > http://www.thoughtspad.com > http://www.umitproject.org > http://blog.umitproject.org > http://www.pythonbenelux.org > > "Don't stay in bed, unless you can make money in bed." - George Burns > > -- João Medeiros -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
Re: [umit-devel] SVN repository scheme
One more vote to dashes. On Tue, Jun 15, 2010 at 8:11 AM, Bartosz SKOWRON wrote: > On Mon, Jun 14, 2010 at 9:36 PM, Adriano Monteiro Marques > wrote: > > > I think that it won't break. We're talking about path names not variable > names, but it is good that you raised this concern. Do you guys think of any > other possible incompatibility of using dash instead? > > Actually I like dash more than underscores. They look more natural for > repository trees and other open source projects use dashes. > > > -- > ThinkGeek and WIRED's GeekDad team up for the Ultimate > GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the > lucky parental unit. See the prize list and enter to win: > http://p.sf.net/sfu/thinkgeek-promo > ___ > Umit-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/umit-devel > -- João Medeiros -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo___ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
Re: [umit-devel] branches assigment
Hi all, On Sun, Jun 20, 2010 at 8:52 AM, Luis A. Bastiao Silva wrote: > Hi, > > Following in line. > > On Fri, Jun 18, 2010 at 3:21 PM, Bartosz SKOWRON wrote: >> >> Hi! >> >> As Adriano informed we did a lot of changes in our repository >> structure. I'm glad to see it. However we have a lot of branches, and >> I believe some of them should be simple killed. >> >> Here is what I know. Please give comments, I would like to tidy it up. >> >> indep_features >> IndependentFeatures > > Both branches are dead. Adriano do you confirm it? Can we remove it? > >> >> 2 branches with similar names. AFAIR Luis was the author of >> IndependentFeatures as his GSoC work. What is the first branch? Is it >> alive? Are we going to merge it to the trunk? >> >> InterfaceEditor - isn't already merged? > > Yes. Removed. > >> >> NetworkInventory - #316 >> nmapparser - someone is going to finish it? > > Yes. Keep it alive for now. > >> >> NmapWrapper - outdated? do we need it? >> >> NSEFacilitator - Diogo is merging it to the trunk >> PreferencesWindow - Diogo is merging it to the trunk >> QuickScan - Diogo is merging it to the trunk? > > Yeap. > >> >> radialnet - isn't already merged? > > yes. Just missing it: http://trac.umitproject.org/ticket/384. Can we remove? There are three open tickets [0,1,2], and we kept the branch to don't stress the trunk with RadialNet changes. But, we can remove the branch and reassign the tickets, what you think? >> >> UmitBluetooth - Devtar? Shu? > > Not merged yet! - Devtar is the guy. > >> >> umitdb - outdated? do we need it? isn't already merged into umit/db ? >> UmitPlugins - in use >> UmitTestSuite - outdated? do we need it? > > Some tests need to be merged in trunk. > >> >> hildon --- what is it? >> >> Do we need all this builds for Linux distributions? What does it >> really contain? Builds of what? Network scanner? >> archlinux-pkgbuild >> gentoo_ebuild >> macosx > > Need to merge > >> >> slax-umit-livecd >> ubuntu > > Merged and removed. >> >> We can simple kill completely unused branches, and revive them if it's >> needed. >> >> >> -- >> ThinkGeek and WIRED's GeekDad team up for the Ultimate >> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the >> lucky parental unit. See the prize list and enter to win: >> http://p.sf.net/sfu/thinkgeek-promo >> ___ >> Umit-devel mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/umit-devel > > > Best Regards, > -- > Luís A. Bastião Silva > > -- > ThinkGeek and WIRED's GeekDad team up for the Ultimate > GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the > lucky parental unit. See the prize list and enter to win: > http://p.sf.net/sfu/thinkgeek-promo > ___ > Umit-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/umit-devel > > [0] http://trac.umitproject.org/ticket/115 [1] http://trac.umitproject.org/ticket/206 [2] http://trac.umitproject.org/ticket/384 -- João Medeiros -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ___ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
Re: [umit-devel] GSoC2011 - Packet Tracker Platform
Dear Kay, When I was reading your e-mail I have some ideas that I wish to share with you... On Thu, Mar 24, 2011 at 6:45 AM, Luis A. Bastiao Silva wrote: > Hello Kay, > On Thu, Mar 24, 2011 at 7:08 AM, Kay wrote: >> >> Hi, all >> I am a master student of computer science in University of Science and >> Technology of China and want to participate in GSoC 2011. The focus of my >> lab program lies in building parallel NIDS on multi-core platforms, and >> based on the lab experimens I built a high-performance parallel HTTP parser >> which can achieve at least 5Gbps line rate in a harsh environment. > > Thanks for introduce yourself. It should be a cool research area, for sure! It sounds someone is able to write a possible new Umit application... What you guys think about a personal NIDS (using UMPA)? >> The HTTP parser I built is aimed at measuring network latencies(match the >> request and response to get the time difference). I am experienced with C >> and specialized in network domain knowledge. Frankly speaking, I know Python >> a little and only wrote a few small programs with it. But I think I can >> learn it quickly and use it in the development. It seems you are friend of statistical analysis. So, let me point out one idea: - It is possible to that my machine is being attacked by a port-scan? - Even if the only information I have is the port's time access? > Indeed. If you already know C, enhance Python will not be an issue. > >> >> So I want to do some work in the network domain and found the "5. Packet >> Tracker Platform" suitable for me. The "Jitter based" and >> "Dipacket Inspection: inspect packet contents (e.g. HTTP contents)" is >> related to my previous project. > > Sure. This idea is over network-domain, mainly focuses into > packet analyses. > >> >> However, I found this idea is not that specific. Maybe because my lack of >> domain knowledge or poor in English, I don't quite understand the "Detect >> packets with debit (e.g. more/less than 100Kb/s)" >> >> Can someone give me detailed information about this idea and where I >> should begin with to learn something or make some contributions now? > > Yes, of course. > > Read http://trac.umitproject.org/wiki/PacketManipulator > Checkout source of PacketManipulator > > svn co http://svn.umitproject.org/svnroot/umit/packet-manipulator/trunk > PacketManipulator > > Read http://trac.umitproject.org/wiki/AuditFramework and related links > > In this idea, it expected to has a real-time statistic depend on the amount > of sniffed packets. > > Packets > Multicast/Broadcast packets > IPv4/IPv6 > Bytes > Fragments > Detect retransmissions/error packets > Count of packets by protocol > etc. > > Such information should presented in the GUI of PacketManipulator (for > instance, expand Host Table into Packet Manipulator GUI). > Also, the end-user should be able to configure an alarm/event, e.g. when > detect a specific packet from/to a destination. Such details, should be > exploit into the proposal. More tips: > > Define a threshold of utilization > Define latency threshold > > Finally, to present a GSoC proposal take a look: > > http://www.umitproject.org/?active=gsoc&mode=ideas&lang=en > http://www.umitproject.org/?active=gsoc&mode=tips&lang=en > http://www.google-melange.com/gsoc/org/show/google/gsoc2011/umit > > I'm look forward to discussing more details about this proposal. If you have > any doubts, do not hesitate to contact us for further details. > > >> Thanks a lot! >> --Kay >> >> >> -- >> Enable your software for Intel(R) Active Management Technology to meet the >> growing manageability and security demands of your customers. Businesses >> are taking advantage of Intel(R) vPro (TM) technology - will your software >> be a part of the solution? Download the Intel(R) Manageability Checker >> today! http://p.sf.net/sfu/intel-dev2devmar >> ___ >> Umit-devel mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/umit-devel >> > > > Best Regards, > -- > Luís A. Bastião Silva > Skype: koplabs > http://www.bastiao.org > > -- > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > ___ > Umit-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/umit-devel -- Att, João Medeiros -- Enable your software for Intel(R) Active Management Technology to meet t
Re: [umit-devel] GSoC 2011 "Network Scanner and Network Inventory for Mobile Devices"
Dear Thiago, On Tue, Mar 22, 2011 at 11:21 PM, Luis A. Bastiao Silva wrote: > Hi Thiago, > > > On Wed, Mar 23, 2011 at 2:05 AM, Thiago Genez wrote: >> >> Hi, >> >> I am Msc. Candidate in Computer Science at State University of Campinas in >> Brazil. I have some knowledge of android and security/networing stuff. So, I >> was looking for organization that have ideas with android and I really liked >> this one: Network Scanner and Network Inventory for Mobile Devices Welcome! > We're glad to see your interest in Umit Project. > >> >> I'm very interested in work on this project, and some features is: >> >> To track the hosts I think to scanning the model OSI layers. The layer 2, >> I will discovery the MAC address (Bluetooth and Wi-FI), the layer 3 I will >> discovery the IP number and the layer 4, the ports number (TCP and UDP) What about use 3G services too? I think the idea is also to have a general port scanner on hand, and 3G is widely used nowadays. > Yes, do not forget IPv6. > >> >> I`m planning to give the user the options to scan all the ports of a >> certain host or delimit a range of ports due to decrease the scan time That is good. Another important question is how quick will be packet sending interval? There is a lot of firewalls and small NIDS that can (will) block you if you just scan as fast as you want. >> I have some ideas of the user interface. I can expose to you as soon as I >> get time to draw a prototype. I`ll try to do it early next week. > > Take a look on Network Scanner/Inventory, okay? > >> >> Keep scanning the network all the time to track the devices status waste >> too much battery, I`m planning to permit the user to choose an interval for >> the application to do a re-scan, like every 5, 20, 60 seconds > > That's a good idea, indeed. Such device has a low battery, so you have to > take care of compute intensive ok? Minutes is reasonable. ;) >> >> It's not clear for me what did you mean and you say states? Is it host >> information? > > Basically state is can be: up/down/unknown. If the machine is online or > offline. Make sense? > >> >> PS: I was trying to answer a thread on this same subject, but my access on >> the mailing list is read-only. > > No worries. > >> >> Thanks in advance, >> cheers >> -- >> Thiago A. L. Genez: >> - Msc. Candidate in Computer Science at LRC/IC >> - University of Campinas (UNICAMP) >> >> >> >> -- >> Enable your software for Intel(R) Active Management Technology to meet the >> growing manageability and security demands of your customers. Businesses >> are taking advantage of Intel(R) vPro (TM) technology - will your software >> be a part of the solution? Download the Intel(R) Manageability Checker >> today! http://p.sf.net/sfu/intel-dev2devmar >> ___ >> Umit-devel mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/umit-devel >> > > Please, do not hesitate to contact us if you need further information. > > Best Regards, > -- > Luís A. Bastião Silva > Skype: koplabs > http://www.bastiao.org > > -- > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > ___ > Umit-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/umit-devel -- Att, João Medeiros -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
Re: [umit-devel] GSoc 2011 : Network Inventory: new generation
Hi Brijesh, Regarding the Interactive visualization of network nodes on Web Network Scanner, I have the following comments. On Sun, Mar 27, 2011 at 8:33 AM, Brijesh Patel wrote: > Hi, > > I'm a GSoc 2011 aspirant, and currently pursuing my B.Tech course at > Dhirubhai Ambani Institute Of information and Communication Technology > (DA-IICT) – India. My main stream of course is computer networks and network > protocols. I have worked on and implemented proxy server and P2P search > engine as my projects, but none of them in python. I have gained little > familiarity with python as of my Computer Graphics course. That is a start for the idea 4 (Interactive visualization of network nodes on Web Network Scanner). > So I can say > that, I am not a regular coder in Python. My main interest is in networks > and so I found your ideas “Network Inventory: new generation” and > “Interactive visualization of network nodes on Web Network Scanner “ > suitable for my summer venture. I'd like to increase my knowledge regarding > these projects so that I can prepare myself to make some contribution in the > field I'm interested in :). I recently took a look at UMIT scanner and > Network Inventory features and functionalities, but not yet the code. Do some trace route scan also and take a look at the topology tab. For some preview you may see the Nmap documentation of it http://nmap.org/book/zenmap-topology.html > I > suppose UMIT Web Scanner is not yet into running stage, I only looked at > template.html. I may be wrong. > > I'm probably late for making the first contact with UMIT community, but I'm > looking forward to stay in contact from now on. You are very welcome, go ahead! -- Att, João Medeiros > Regards, > > Brijesh Patel > > > -- > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > ___ > Umit-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/umit-devel -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
Re: [umit-devel] GSoC2011 - Packet Tracker Platform
t, indeed. The topics that you point out are a good start. And you >>>> can >>>> check material that João has shared with you. :) >>>> >>>>> >>>>> Thanks. >>>>> --Kay >>>>> >>>>> >>>>> On Fri, Mar 25, 2011 at 10:06 AM, Luis A. Bastiao Silva >>>>> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> On Fri, Mar 25, 2011 at 1:36 AM, Kay wrote: >>>>>>> >>>>>>> Thanks for your suggestion. >>>>>>> About the port-scan, how about this way: Pick a few sets of ports >>>>>>> randomly at a certain interval(for instance, 30s), calculate their >>>>>>> access >>>>>>> time difference. If most of the results are less than a certain >>>>>>> value(3s), >>>>>>> and the access time are all within the latest interval >>>>>>> (current_time-interval ~ current_time). We can report this as an event >>>>>>> of >>>>>>> port-scan which happens in the last interval. >>>>>> >>>>>> It's a basic approach. Certainly, you're on the right way. >>>>>> Nevertheless, there are several papers discussing the subject. I'm going >>>>>> to >>>>>> point out one of them: >>>>>> http://www.aloul.net/Papers/faloul_iwcmc08.pdf >>>>>> @ignotus21 (João): Do you have any own theory for such feature? >>>>>> >>>>>>> >>>>>>> I have took a look at the UMPA, it's really a good work =) I think >>>>>>> you mean that I can use it to sniff packets and analysis the captured >>>>>>> packets to detect intrusion. >>>>>> >>>>>> Yes, also you can use Audit Framework. There are several passive >>>>>> audits. So IDS should be a new one. Take a look: >>>>>> http://trac.umitproject.org/wiki/AuditFramework >>>>>> and >>>>>> http://trac.umitproject.org/browser/packet-manipulator/trunk/audits <- >>>>>> Passive + Active >>>>>> >>>>>> >>>>>>> >>>>>>> I am not quite familiar with statistical analysis. What I have been >>>>>>> focused on is the multi-core architecture and how to accelerate network >>>>>>> processing on it. I'd like to know exactly what functions should have >>>>>>> in a >>>>>>> personal NIDS so that I can evaluate if I have the ability to work on >>>>>>> this >>>>>>> project. Port-scan detection, DDoS detection, or something else? >>>>>> >>>>>> Indeed, it is a good idea. >>>>>> Port-scan detectiong and DDoS has a huge spectrum. For instance, >>>>>> detect malware on networks, software that polls servers, etc. >>>>>> It will be nice also to know what attacker is looking for: >>>>>> Services/Services Information/OS Fingerprints. >>>>>> >>>>>>> >>>>>>> Best regards, >>>>>>> --Kay >>>>>>> >>>>>>> >>>>>>> On Thu, Mar 24, 2011 at 7:49 PM, [email protected] >>>>>>> wrote: >>>>>>>> >>>>>>>> Dear Kay, >>>>>>>> >>>>>>>> When I was reading your e-mail I have some ideas that I wish to >>>>>>>> share >>>>>>>> with you... >>>>>>>> >>>>>>>> On Thu, Mar 24, 2011 at 6:45 AM, Luis A. Bastiao Silva >>>>>>>> wrote: >>>>>>>> > Hello Kay, >>>>>>>> > On Thu, Mar 24, 2011 at 7:08 AM, Kay wrote: >>>>>>>> >> >>>>>>>> >> Hi, all >>>>>>>> >> I am a master student of computer science in University of >>>>>>>> >> Science and >>>>>>>> >> Technology of China and want to participate in GSoC 2011. The >>>>>>>> >> focus of my >>>>>>>> >> lab program lies in building parallel NIDS on multi-core >>>>>>>> >>
Re: [umit-devel] Gsoc: Network Scanner and Network Inventory for Mobile Devices
Hi Thiago, On Sun, Mar 27, 2011 at 11:38 PM, Thiago Genez wrote: > Hello, > I have some doubts to implements this project. The Umit code is developed in > python and the core of nmap is developed in lua. Nmap code is in C/C++. Lua is used by Nmap Script Engine. > So, I found this project > that enable run this kind of script inside the android > (http://code.google.com/p/android-scripting/). So I am thinking about: I > have to implement the Network Scanner and Network Inventory using Java > language or try to migrate the nmap and umit to android plataform. Porting maybe is not a good solution. For example, Nmap consumes a considerable network and processing resources. What you thing about design and implement a port scan "thinking on" mobile devices? > PS: I have saw that android plataform have the tcpdump and ping softwares > that will help to scanner the network > Best regards > -- > Thiago A. L. Genez: > - Msc. Candidate in Computer Science at Institute of Computing (IC) > - State University of Campinas (Unicamp) > > > -- > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > ___ > Umit-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/umit-devel -- Att, João Medeiros -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
Re: [umit-devel] Gsoc: Network Scanner and Network Inventory for Mobile Devices
Hi Bartosz, On Mon, Mar 28, 2011 at 10:03 PM, Bartosz SKOWRON wrote: > On Mon, Mar 28, 2011 at 2:41 PM, [email protected] > wrote: > >> Porting maybe is not a good solution. For example, Nmap consumes a >> considerable network and processing resources. What you thing about >> design and implement a port scan "thinking on" mobile devices? > > What do you mean by "thinking on"? I understand that the first question when developing a tool for an embedded device is: how the resources are available? As I said Nmap may consume a considerable processing resources. I understand that this is something should be considered in the design of a mobile network scanner. -- Att, João Medeiros -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
Re: [umit-devel] GSoC2011 - Packet Tracker Platform
Hi Kay, It is good see your proposal evolving. I just read your proposal and want to share some ideas. On Wed, Mar 30, 2011 at 4:54 AM, Kay wrote: > Hi, all > A have prepared a draft proposal about the project I am going to do. I write > them on the Google doc. > The project details : > https://docs.google.com/document/d/1r1plWP8B5FcVD5wolVTX7wQaNIMsTTOzO7GVHCvolws/edit?hl=zh_CN&authkey=CImv4YYN > The full proposal based on the template: > https://docs.google.com/document/d/1pjfcenqN74dZZGN1ZSDO2LYwjPAiFhAPFS69UzWThsc/edit?hl=zh_CN&authkey=CIjK59ML > Thanks for your review and suggestions. > --Kay First, you define that your solution will be a extensible framework. That is really good! So, actually, how this extension will be possible, using an script language (in python itself)? Or, you plan something more restrict like grammar rules and regular expression applied on the format message of network protocols? Regarding the port-scan detection there is this list of some introductory references: - http://www.phrack.org/issues.html?issue=53&id=13#article - http://nms.csail.mit.edu/papers/portscan-oakland04.pdf - http://cseweb.ucsd.edu/~clbailey/PortScans.pdf Reading them, and the references on it, will probably open your eyes in the finding of an good algorithm. > On Mon, Mar 28, 2011 at 8:11 PM, [email protected] > wrote: >> >> Hi, >> >> Nice see your dedication. >> >> On Sun, Mar 27, 2011 at 11:26 PM, Kay wrote: >> > There are so many mathematics in João's slide which I am not quite good >> > at >> > =.= . You mean there will be no readymade information in UMIT as the >> > input >> > of IDS, so I need to implement the algorithm all by myself. >> >> UMPA is, among other things, a sniffer, so is not a big deal write >> something as a input of your program/algorithm. >> >> The approach described in the slides is something more robust than >> simple window approach. There is long term time factor also. Consider >> a port-scan which I can configure to send one packet after an interval >> T, and the IDS tool has a time window W < T. Will be a nice thought >> find out the implications. :) >> >> By the way, the approach you are building should be on feature, that >> can be improved over time. >> >> > I think it will be a waste of time and space to store the access time of >> > each port (65535). An IDS can estimate whether ports are accessed in a >> > relatively small time interval and do not need the accurate access time. >> > By reading the papers, I found that the bitmap method is a general >> > approach >> > in network monitoring. >> > The port scan, there can be a port bitmap. This will only take a >> > 8KB (65535bit / 8 = 8KB) memory. When a port is accessed in a received >> > packet, its corresponding bit is set to 1. In a time interval(take 10s >> > for >> > an example), we count the bits which are set to 1. If the number is >> > larger >> > than a certain value(such as 1000?). We can report this as a port-scan >> > event, because no regular traffic will access so many ports in such a >> > small >> > time slot. After the time slot, the bitmap is set to zero again. >> > The Sync-attack. I think there is an excellent paper in counting number >> > of >> > active flows with bitmap and can be used in this detection. >> > >> > http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.105.7004&rep=rep1&type=pdf >> > By estimating the number of active flows in a time interval, we can >> > report >> > it as a sync-attack when the number become particularly large. >> > Any suggestions? Thanks. >> >> My suggestion is to start write your proposal. An web page or a shared >> google document. So we can discuss with a common text. >> >> > --Kay >> > >> > >> > On Mon, Mar 28, 2011 at 6:21 AM, Luis A. Bastiao Silva >> > >> > wrote: >> >> >> >> Hi Kay, >> >> >> >> On Sun, Mar 27, 2011 at 2:57 PM, Kay wrote: >> >>> >> >>> Hi, >> >>> I have been reading papers about port scan detection and sync-attack >> >>> detection these days. I am trying to find an algorithm which can >> >>> report >> >>> attack ASAP but not aimed at detecting the scanner/attacker. Is this >> >>> the >> >>> right way? >> >> >> >> Yes, of course. It is a good way to start. >> >> >> >>> &
Re: [umit-devel] Regarding GSoc project- Packet Manipulator
Hi Shrey, On Sun, Apr 3, 2011 at 8:09 PM, Luis A. Bastiao Silva wrote: > It means change behavior of protocols. The firewall can block the traffic, > and audit, based on questions, answer with different answer, not the > expected ones. > For instance, do a request to an HTTP server. Then, the MITM audit can > change the answer of HTTP Server, to fuzzing the client, and test it. It is > change the behavior of protocol. Make sense? > > On Sun, Apr 3, 2011 at 7:55 PM, Shrey Sharma > wrote: >> >> And I have one more question >> In the project named Packet Manipulator-new audit >> what does "change the protocols behavior based on MITM audits" means ...I >> mean do we have to work to prevent such attacks ?? >> -Shrey >> >> On Mon, Apr 4, 2011 at 12:21 AM, Shrey Sharma >> wrote: >>> >>> Hey i was jst experimenting with my Nmap and i found that it doesn’t >>> identify the windows platform precisely ...i.e. it says that it could be >>> windows 7,windows vista, windows 2000.. >>> >>> but it doesn’t identify that exactly which version is being used.So , I >>> have come up with an idea, Please read it and tell me if it can work.. >>> >>> “Less tactful attempts at OS identification can be made by >>> >>> launching known exploits for a given OS type against a target host, in >>> >>> chronological order. The theory is that exploits are patched as they are >>> >>> discovered so by starting with the oldest known exploit against a given >>> host >>> >>> and working forward should yield a point at which an attack succeeds, >>> which >>> >>> should thereby identify the revision of OS in use. As an example, >>> Microsoft >>> >>> Windows 95, 98 and NT4 are difficult to distinguish supposedly because >>> the >>> >>> IP stack code was only marginally revised between OS versions. Starting >>> >>> with a basic WinNuke attack and moving forward to more complex attacks >>> such as Teardrop can eventually yield a vulnerability that points to the >>> type and/or hotfix revision that is missing from the OS, thus indicating the >>> current patch level” This exploit chronology method is indeed useful. But, sometimes (I think almost always) you don't want to damage the target machine or be identified by a NIDS. So, I agree it can be used, but this approach is something associated to "the end justifies the means". That is a new tool being developed in Umit that can recognize this OSes (see the proposal at http://www.dca.ufrn.br/~joaomedeiros/gsoc/2009/proposal/node1.html, specially Figure 2). Zion use just valid packets and is very difficult to be identify by a NIDS (in my tests it never happened). So, I think you can contribute developing Zion to achieve this very objective. >>> Waiting Eagerly, >>> -Shrey >>> On Sat, Apr 2, 2011 at 5:40 PM, Luis A. Bastiao Silva >>> wrote: Ah, now I notice, did you need any help to start running Audit Framework? On Fri, Apr 1, 2011 at 5:24 PM, Luis A. Bastiao Silva wrote: > > Shrey, > You should start by doing a proposal. > Start filling the template: > http://www.google-melange.com/gsoc/org/home/google/gsoc2011/umit > Then, submit, and you can edit on the fly. I can paste a few comments. > Start by filling it. > > > On Fri, Apr 1, 2011 at 4:52 PM, Shrey Sharma > wrote: >> >> Can you please suggest me how can I submit a patch on 11 - Packet >> Manipulator - new audits ? >> and how can I improve my chances to get selected for this project. >> >> On Fri, Apr 1, 2011 at 9:03 PM, Luis A. Bastiao Silva >> wrote: >>> >>> Hi Shrey, >>> >>> On Fri, Apr 1, 2011 at 3:55 PM, Shrey Sharma >>> wrote: Hi, My name is Shrey Sharma.I am really very excited about Packet Manipulator . I am a B.tech Student of Indian Institute of Technology(IIT),Kharagpur majoring in Computer Science. I have a huge interest in the field of networks. I have also volunteered as the system administrator in my Computer Science Department . >>> >>> Thanks for introduction. It has a great value for us, because we are >>> an open souce organization focused on network security, audit, >>> monitoring .. >>> :) >>> Skills: I know Python,but didn't do any major project in it. I am currently learning about the network protocols. Recently, attended a workshop on Hacking and Digital Securities organized by Kyrion Digital Securities It would be really great if you could suggest me any work that I can do to increase my chances to work in this project. I have gone through all the links but it would be great if you can send further details of this project. >>> >>> Related ideas: >
