Fun with FCC part 15 - PowerPoint PPT Presentation

About This Presentation
Title:

Fun with FCC part 15

Description:

41 s. Fun with FCC part 15. Home speaker system on 107.3 ... By Kestrel, Terence, Lorette, and Bill Cheswick. 41 s. Emulating large intranets with honeyd ... – PowerPoint PPT presentation

Number of Views:61
Avg rating:3.0/5.0
Slides: 42
Provided by: billch
Category:
Tags: fcc | fun | kestrel | part

less

Transcript and Presenter's Notes

Title: Fun with FCC part 15


1
Fun with FCC part 15
  • Home speaker system on 107.3
  • (and thats not easy in the NYC/PHL area)

2
Emulating large intranets with honeyd
  • Bill Cheswick
  • ches_at_lumeta.com

3
This talk was going to be boring
4
Another Reason Why I Like the Window Seat
  • Bill Cheswick

5
Mapping the Internet and Intranets
  • Steve Branigan, Hal Burch, Bill Cheswick
  • ches_at_lumeta.com

6
(No Transcript)
7
How To Take the Internet Down for a week
  • Bill Cheswick
  • ltstartup-namegt
  • ches_at_bell-labs.com
  • ches_at_cheswick.com

8
Our digital house
  • By Kestrel, Terence, Lorette, and Bill Cheswick

9
Emulating large intranets with honeyd
  • Bill Cheswick
  • ches_at_lumeta.com

10
(No Transcript)
11
(No Transcript)
12
Free at last!
  • Nagata
  • Varley
  • Etc.

13
Anything large enough to be called an intranet
isout of control
14
Lumeta
  • Spun off from Bell Labs in Sept. 2000
  • B round funding last June
  • Building a hang glider

15
Inside the Kimono
16
(No Transcript)
17
(No Transcript)
18
(No Transcript)
19
(No Transcript)
20
(No Transcript)
21
(No Transcript)
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
(No Transcript)
26
Some intranet statisticsfrom Lumeta clients
27
But how do we debug our software?
  • We used to use Lucents network back when I was
    working at Bell Labs
  • We have a very light touch on our clients
    networks, and they like it that way
  • The Bank of Zork (NASDAQ BOZO) doesnt want us
    practicing on their network

28
Simulation vs emulation
  • Simulators run packet flows over imaginary
    networks
  • Often run to test routing and queuing algorithms
  • Emulator wants to appear to be the network

29
What does a chief scientist do?
  • Primarily a prima donna
  • Certainly not in development
  • Travel too much to keep deadline promises
  • Never was good at all-nighters
  • Find a project that would be nice, but nobody is
    waiting for
  • QA was a fine place to look

30
Honeyd
  • Written by Niels Provos at citi.umich.edu
  • Name unrelated to, and vexes, Peter Honeyman,
    also of citi.umich.edu
  • Designed to emulate one or more computers in a
    single host to lure and confuse hackers
  • Responds using nmap and other host fingerprinting
    databases
  • User scripts available to emulate specific web
    and other network server software

31
Honeyd
  • Designed to emulate one or more computers in a
    single host to lure and confuse hackers
  • User scripts available to emulate specific web
    and other network server software
  • Microsoft IIS web server
  • A number of text-based services are emulated in
    available scripts

32
Honeyd
  • Host fingerprint identification based on probe
    databases
  • Nmap
  • xprobe

33
My Honeyd project
  • Make honeyd configuration scripts that build our
    clients networks from the data we obtain
  • Add UDP servers for
  • DNS (name service)
  • SNMP (Simple Network Management Protocol)

34
Uses
  • Perfect test network for QA
  • Unchanging.diff the pages
  • Build pathological network configurations
  • Training
  • Sales demos
  • Could this be a product?

35
My honeyd scripts
  • Generates entire network description for honeyd
    based on our client data
  • You want a 50,000 node network based on real
    data? No problem. 300,000 nodes? OK
  • DNS emulates name server lookups
  • Routers respond with SNMP data

36
How good is the emulation?
  • Handles pings and traceroutes with no problem
  • Handles stealth hosts, routers that dont issue
    TTL exceeded messages
  • Even does a fair job of simulating latencies
  • Emulator for SNMP and DNS queries
  • This is good enough for us we dont collect
    other data at present
  • Real networks change as you test them.

37
Real
38
Simulated
39
Certainly not perfect
  • There isnt nearly as much state in our network
    emulation as there is in a real network
  • CPU time becomes an issue, and the emulator is
    not efficient at the moment
  • Moores law is a big help here
  • Host fingerprinting could make the network much
    more convincing
  • We are working on it
  • Could just fake it

40
Future work
  • Many incremental improvements to network
    simulations
  • Honeyd performance improvements
  • Might release a large cleansed network
    configuration for research purposes

41
Emulating large intranets with honeyd
  • Bill Cheswick
  • ches_at_lumeta.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Fun with FCC part 15" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!