[umit-devel] Fwd: Regarding GSoc project- Packet Manipulator

Wed, 06 Apr 2011 03:53:33 -0700 

---------- Forwarded message ----------
From: Shrey Sharma <[email protected]>
Date: Wed, Apr 6, 2011 at 10:47 AM
Subject: Re: [umit-devel] Regarding GSoc project- Packet Manipulator
To: "Luis A. Bastiao Silva" <[email protected]>
Cc: [email protected]


Hey,
        This is regarding the project Packet Manipulator.It is said
"Interesting audits plugins could target/Routing (and related) protocols
such as:

   - VLAN truncking protocol (VTP) "


  But VTP operates in one of three modes:

   - *Server* – In this VTP mode you can create, remove, and modify VLANs.
   You can also set other configuration options like the VTP version and also
   turn on/off VTP pruning for the entire VTP domain. VTP servers advertise
   their VLAN configuration to other switches in the same VTP domain and
   synchronize their VLAN configuration with other switches based on messages
   received over trunk links. VTP server is the default mode. The VLANs
   information are stored on NVRAM and they are not lost after a reboot.
   - *Client* – VTP clients behave the same way as VTP servers, but you
   cannot create, change, or delete VLANs on the local device. Remember that
   even in VTP client mode, a switch will store the last known VTP
   information—including the configuration revision number. Don’t assume that a
   VTP client will start with a clean slate when it powers up.
   - *Transparent* – When you set the VTP mode to transparent, then the
   switches do not participate in VTP. A VTP transparent switch will not
   advertise its VLAN configuration and does not synchronize its VLAN
   configuration based on received messages. VLANS can be created, changed or
   deleted when in transparent mode. In VTP version 2, transparent switches do
   forward VTP messages that they receive out of their trunk ports.


So, which mode are we talking about.? What exactly do we have to do by
making a plug-in?Can you please explain elaborately so that I can plan for
the implementation of this plug-in?

Thanks,
Shrey Sharma
On Mon, Apr 4, 2011 at 4:43 AM, Luis A. Bastiao Silva <[email protected]>wrote:

> Hi,
>
> I think some of them could work fine, as plugins. But go ahead with the new
> audits.
>
> I think you expose a plan to integrate tools like that in your proposal.
>
> On Sun, Apr 3, 2011 at 9:36 PM, Shrey Sharma <[email protected]>wrote:
>
>> Hey,
>>        As it is mentioned in your "11.Packet-Manipulator" project it is
>> mentioned that "it should be nice to have interaction with other security
>> tools".
>>        I have some of them in mind which I am posting below:
>>
>>  1.Hping:*hping* is a free packet 
>> generator<http://en.wikipedia.org/wiki/Packet_generator> and
>> analyzer for the TCP/IP <http://en.wikipedia.org/wiki/TCP/IP> protocol
>> distributed by Salvatore Sanfilippo (also known as *Antirez*). Hping is
>> one of the *de facto* tools for security auditing and testing of
>> firewalls and networks, and was used to exploit the idle 
>> scan<http://en.wikipedia.org/wiki/Idle_scan> scanning
>> technique (also invented by the hping author), and now implemented in the 
>> Nmap
>> Security Scanner <http://en.wikipedia.org/wiki/Nmap>. The new version of
>> hping, hping3, is scriptable using the Tcl<http://en.wikipedia.org/wiki/Tcl> 
>> language
>> and implements an engine for string based, human readable description of
>> TCP/IP <http://en.wikipedia.org/wiki/TCP/IP> packets, so that the
>> programmer can write scripts related to low level 
>> TCP/IP<http://en.wikipedia.org/wiki/TCP/IP> packet
>> manipulation and analysis in very short time.
>>
>> 2.Ostinato:
>>
>>
>>    - Support for the most common standard protocols
>>       - Ethernet/802.3/LLC SNAP
>>       - VLAN (with QinQ)
>>       - ARP, IPv4, IPv6, IP-in-IP a.k.a IP Tunnelling (6over4, 4over6,
>>       4over4, 6over6)
>>       - TCP, UDP, ICMPv4, ICMPv6, IGMP, MLD
>>       - Any text based protocol (HTTP, SIP, RTSP, NNTP etc.)
>>       - More protocols in the works ...
>>    - Modify any field of any protocol (some protocols allow changing
>>    packet fields with every packet at run time e.g. changing IP/MAC 
>> addresses)
>>    - User provided Hex Dump - specify some or all bytes in a packet
>>    - User defined script to substitute for an unimplemented protocol
>>    (EXPERIMENTAL)
>>    - Stack protocols in any arbitrary order
>>    - Create and configure multiple streams
>>    - Configure stream rates, bursts, no. of packets
>>    - Single client can control and configure multiple ports on multiple
>>    computers generating traffic
>>    - Exclusive control of a port to prevent the OS from sending stray
>>    packets provides a controlled testing environment
>>    - Statistics Window shows realtime port receive/transmit statistics
>>    and rates
>>    - Capture packets and view them (needs Wireshark to view the captured
>>    packets)
>>
>>
>> 3.Yersinia
>>
>> *Yersinia* - is a network 
>> security/hacking<http://en.wikipedia.org/wiki/Hacker_(computer_security)> 
>> tool
>> for Unix <http://en.wikipedia.org/wiki/Unix>-like operating systems,
>> designed to take advantage of some weakness in different network protocols.
>> Yersinia is considered a valuable and widely used security tools. As of 2008
>> Yersinia is still under development with a latest stable version number
>> 0.7.1.
>>
>> Attacks for the following network protocols are implemented:
>>
>>    - Spanning Tree 
>> Protocol<http://en.wikipedia.org/wiki/Spanning_Tree_Protocol>
>>     (STP)
>>    - Cisco Discovery 
>> Protocol<http://en.wikipedia.org/wiki/Cisco_Discovery_Protocol>
>>     (CDP)
>>    - Dynamic Trunking 
>> Protocol<http://en.wikipedia.org/wiki/Dynamic_Trunking_Protocol>
>>     (DTP)
>>    - Dynamic Host Configuration 
>> Protocol<http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol>
>>     (DHCP)
>>    - Hot Standby Router 
>> Protocol<http://en.wikipedia.org/wiki/Hot_Standby_Router_Protocol>
>>     (HSRP)
>>    - IEEE 802.1Q <http://en.wikipedia.org/wiki/IEEE_802.1Q>
>>    - IEEE 802.1X <http://en.wikipedia.org/wiki/IEEE_802.1X>
>>    - Cisco Inter-Switch 
>> Link<http://en.wikipedia.org/wiki/Cisco_Inter-Switch_Link>
>>     (ISL)
>>    - VLAN Trunking 
>> Protocol<http://en.wikipedia.org/wiki/VLAN_Trunking_Protocol>
>>     (VTP)
>>
>>
>> ******These even include some of the protocols we are trying to implement
>> in the project*********
>> Please notify me if any of them is useful in context of the project
>> "Packet Manipulator "
>>
>> Thnx....
>>
>> -Shrey
>>
>>
>>    - On Mon, Apr 4, 2011 at 12:25 AM, Shrey Sharma <
>>    [email protected]> wrote:
>>
>> And I have one more question....
>>> In the project named Packet Manipulator-new audit
>>> what does "change the protocols behavior based on MITM audits" means ...I
>>> mean do we have to work to prevent such attacks ??
>>>
>>> -Shrey
>>>
>>> On Mon, Apr 4, 2011 at 12:21 AM, Shrey Sharma 
>>> <[email protected]>wrote:
>>>
>>>> Hey i was jst experimenting with my Nmap and i found that it doesn’t
>>>> identify the windows platform precisely ...i.e. it says that it could be
>>>> windows 7,windows vista, windows 2000..
>>>>
>>>> but it doesn’t identify that exactly which version is being used.So , I
>>>> have come up with an idea, Please read it and tell me if it can work..
>>>>
>>>>
>>>> “Less tactful attempts at OS identification can be made by
>>>>
>>>> launching known exploits for a given OS type against a target host, in
>>>>
>>>> chronological order. The theory is that exploits are patched as they are
>>>>
>>>> discovered so by starting with the oldest known exploit against a given
>>>> host
>>>>
>>>> and working forward should yield a point at which an attack succeeds,
>>>> which
>>>>
>>>> should thereby identify the revision of OS in use. As an example,
>>>> Microsoft
>>>>
>>>> Windows 95, 98 and NT4 are difficult to distinguish supposedly because
>>>> the
>>>>
>>>> IP stack code was only marginally revised between OS versions. Starting
>>>>
>>>> with a basic WinNuke attack and moving forward to more complex attacks
>>>> such as Teardrop can eventually yield a vulnerability that points to the
>>>> type and/or hotfix revision that is missing from the OS, thus indicating 
>>>> the
>>>> current patch level”
>>>>
>>>> Waiting Eagerly,
>>>> -Shrey
>>>>
>>>> On Sat, Apr 2, 2011 at 5:40 PM, Luis A. Bastiao Silva <
>>>> [email protected]> wrote:
>>>>
>>>>> Ah, now I notice, did you need any help to start running Audit
>>>>> Framework?
>>>>>
>>>>>
>>>>> On Fri, Apr 1, 2011 at 5:24 PM, Luis A. Bastiao Silva <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Shrey,
>>>>>>
>>>>>> You should start by doing a proposal.
>>>>>>
>>>>>> Start filling the template:
>>>>>>
>>>>>> http://www.google-melange.com/gsoc/org/home/google/gsoc2011/umit
>>>>>>
>>>>>> Then, submit, and you can edit on the fly. I can paste a few comments.
>>>>>> Start by filling it.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Apr 1, 2011 at 4:52 PM, Shrey Sharma <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> Can you please suggest me how can I submit a patch on 11 - Packet
>>>>>>> Manipulator - new audits ?
>>>>>>> *and how can I improve my chances to get selected for this project.
>>>>>>> *
>>>>>>>
>>>>>>> On Fri, Apr 1, 2011 at 9:03 PM, Luis A. Bastiao Silva <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> Hi Shrey,
>>>>>>>>
>>>>>>>> On Fri, Apr 1, 2011 at 3:55 PM, Shrey Sharma <
>>>>>>>> [email protected]> wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>>            Hi,
>>>>>>>>>                  My name is Shrey Sharma.I am really very excited
>>>>>>>>> about *P**acket Manipulator .*
>>>>>>>>> *                 *I am a B.tech Student of Indian Institute of
>>>>>>>>> Technology(IIT),Kharagpur majoring in Computer Science.
>>>>>>>>>                  I have a huge interest in the field of networks. I
>>>>>>>>> have also volunteered as the system administrator  in my Computer 
>>>>>>>>> Science
>>>>>>>>> Department .
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks for introduction. It has a great value for us, because we are
>>>>>>>> an open souce organization focused on network security, audit, 
>>>>>>>> monitoring ..
>>>>>>>> :)
>>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>>           Skills:
>>>>>>>>>               I know Python,but didn't do any major project in it.
>>>>>>>>>               I am currently learning about the network protocols.
>>>>>>>>>               Recently, attended a workshop on Hacking and Digital
>>>>>>>>> Securities organized by Kyrion Digital 
>>>>>>>>> Securities<http://www.kyrion.in/>
>>>>>>>>>
>>>>>>>>>            It would be really great if you could suggest me any
>>>>>>>>> work that I can do to increase my chances to work in this project.
>>>>>>>>>            I have gone through all the links but it would be great
>>>>>>>>> if you can send further details of this project.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Related ideas:
>>>>>>>> http://www.umitproject.org/?active=gsoc&mode=ideas#6
>>>>>>>> http://www.umitproject.org/?active=gsoc&mode=ideas#7
>>>>>>>> http://www.umitproject.org/?active=gsoc&mode=ideas#11
>>>>>>>>
>>>>>>>> You can also propose your own idea to improve PacketManipulator.
>>>>>>>>
>>>>>>>> Information about Packet Manipulator:
>>>>>>>> http://trac.umitproject.org/wiki/PacketManipulator
>>>>>>>>
>>>>>>>> Information about Audit Framework (PacketManipulator framework)
>>>>>>>> http://trac.umitproject.org/wiki/AuditFramework
>>>>>>>>
>>>>>>>> Submit your proposal:
>>>>>>>> http://www.google-melange.com/gsoc/org/google/gsoc2011/umit
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Just let us know if you need further information.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Eagerly Waiting for your reply,
>>>>>>>>> Shrey Sharma
>>>>>>>>> Department of Computer Science
>>>>>>>>> IIT Kharagpur
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>> Create and publish websites with WebMatrix
>>>>>>>>> Use the most popular FREE web apps or write code yourself;
>>>>>>>>> WebMatrix provides all the features you need to develop and
>>>>>>>>> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Umit-devel mailing list
>>>>>>>>> [email protected]
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/umit-devel
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> Best Regards,
>>>>>>>> --
>>>>>>>> Luís A. Bastião Silva
>>>>>>>> Skype: koplabs
>>>>>>>> http://www.bastiao.org
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Luís A. Bastião Silva
>>>>>> Skype: koplabs
>>>>>> http://www.bastiao.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Luís A. Bastião Silva
>>>>> Skype: koplabs
>>>>> http://www.bastiao.org
>>>>>
>>>>>
>>>>
>>>
>>
> If you have any doubts, just let us know.
>
>
> Best Regards,
> --
> Luís A. Bastião Silva
> Skype: koplabs
> http://www.bastiao.org
>
>



-- 
Luís A. Bastião Silva
Skype: koplabs
http://www.bastiao.org

------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Umit-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/umit-devel

Reply via email to