1 / 41

Fun with FCC part 15

Fun with FCC part 15. Home speaker system on 107.3 (and that’s not easy in the NYC/PHL area). Emulating large intranets with honeyd. Bill Cheswick ches@lumeta.com. This talk was going to be boring…. Another Reason Why I Like the Window Seat. Bill Cheswick.

hamish
Download Presentation

Fun with FCC part 15

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Fun with FCC part 15 Home speaker system on 107.3 (and that’s not easy in the NYC/PHL area)

  2. Emulating large intranets with honeyd Bill Cheswick ches@lumeta.com

  3. This talk was going to be boring…

  4. Another Reason Why I Like the Window Seat Bill Cheswick

  5. Mapping the Internet and Intranets Steve Branigan, Hal Burch, Bill Cheswick ches@lumeta.com

  6. How To Take the Internet Down for a week Bill Cheswick <startup-name> ches@bell-labs.com ches@cheswick.com

  7. Our digital house By Kestrel, Terence, Lorette, and Bill Cheswick

  8. Emulating large intranets with honeyd Bill Cheswick ches@lumeta.com

  9. Free at last! • Nagata • Varley • Etc.

  10. Anything large enough to be called an “intranet” isout of control

  11. Lumeta • Spun off from Bell Labs in Sept. 2000 • B round funding last June • Building a hang glider…

  12. Inside the Kimono…

  13. Some intranet statisticsfrom Lumeta clients

  14. But how do we debug our software? • We used to use Lucent’s network back when I was working at Bell Labs • We have a very light touch on our clients’ networks, and they like it that way • The Bank of Zork (NASDAQ: BOZO) doesn’t want us practicing on their network

  15. Simulation vs emulation • Simulators run packet flows over imaginary networks • Often run to test routing and queuing algorithms • Emulator wants to appear to be the network

  16. What does a chief scientist do? • Primarily a prima donna • Certainly not in development • Travel too much to keep deadline promises • Never was good at all-nighters • Find a project that would be nice, but nobody is waiting for • QA was a fine place to look

  17. Honeyd • Written by Niels Provos at citi.umich.edu • Name unrelated to, and vexes, Peter Honeyman, also of citi.umich.edu • Designed to emulate one or more computers in a single host to lure and confuse hackers • Responds using nmap and other host fingerprinting databases • User scripts available to emulate specific web and other network server software

  18. Honeyd • Designed to emulate one or more computers in a single host to lure and confuse hackers • User scripts available to emulate specific web and other network server software • Microsoft IIS web server • A number of text-based services are emulated in available scripts

  19. Honeyd • Host fingerprint identification based on probe databases • Nmap • xprobe

  20. My Honeyd project • Make honeyd configuration scripts that build our clients’ networks from the data we obtain • Add UDP servers for • DNS (name service) • SNMP (Simple Network Management Protocol)

  21. Uses • Perfect test network for QA • Unchanging….diff the pages • Build pathological network configurations • Training • Sales demos • Could this be a product?

  22. My honeyd scripts • Generates entire network description for honeyd based on our client data • You want a 50,000 node network based on real data? No problem. 300,000 nodes? OK • DNS emulates name server lookups • Routers respond with SNMP data

  23. How good is the emulation? • Handles pings and traceroutes with no problem • Handles “stealth hosts”, routers that don’t issue TTL exceeded messages • Even does a fair job of simulating latencies • Emulator for SNMP and DNS queries • This is good enough for us: we don’t collect other data at present • Real networks change as you test them.

  24. Real

  25. Simulated

  26. Certainly not perfect • There isn’t nearly as much state in our network emulation as there is in a real network • CPU time becomes an issue, and the emulator is not efficient at the moment • Moore’s law is a big help here • Host fingerprinting could make the network much more convincing • We are working on it • Could just fake it

  27. Future work • Many incremental improvements to network simulations • Honeyd performance improvements • Might release a large cleansed network configuration for research purposes

  28. Emulating large intranets with honeyd Bill Cheswick ches@lumeta.com

More Related