Fun with FCC part 15
description
Transcript of Fun with FCC part 15
![Page 1: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/1.jpg)
41 slides
Fun with FCC part 15
Home speaker system on 107.3
(and that’s not easy in the NYC/PHL area)
![Page 3: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/3.jpg)
41 slides
This talk was going to be boring…
![Page 4: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/4.jpg)
41 slides
Another Reason Why I Like the Window Seat
Bill Cheswick
![Page 5: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/5.jpg)
41 slides
Mapping the Internet and
Intranets
Steve Branigan, Hal Burch, Bill Cheswick
![Page 6: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/6.jpg)
Mapping the Internet and intranets slide 6 of 41
![Page 7: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/7.jpg)
41 slides
How To Take the Internet Down for a
weekBill Cheswick
<startup-name>
![Page 8: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/8.jpg)
41 slides
Our digital house
By Kestrel, Terence, Lorette, and Bill Cheswick
![Page 10: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/10.jpg)
Mapping the Internet and intranets slide 10 of 41
![Page 11: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/11.jpg)
Mapping the Internet and intranets slide 11 of 41
![Page 12: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/12.jpg)
Mapping the Internet and intranets slide 12 of 41
Free at last!
• Nagata
• Varley
• Etc.
![Page 13: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/13.jpg)
41 slides
Anything large enough to be called
an “intranet” isout of control
![Page 14: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/14.jpg)
Mapping the Internet and intranets slide 14 of 41
Lumeta
• Spun off from Bell Labs in Sept. 2000
• B round funding last June
• Building a hang glider…
![Page 15: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/15.jpg)
41 slides
Inside the Kimono…
![Page 16: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/16.jpg)
Mapping the Internet and intranets slide 16 of 41
![Page 17: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/17.jpg)
Mapping the Internet and intranets slide 17 of 41
![Page 18: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/18.jpg)
Mapping the Internet and intranets slide 18 of 41
![Page 19: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/19.jpg)
Mapping the Internet and intranets slide 19 of 41
![Page 20: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/20.jpg)
Mapping the Internet and intranets slide 20 of 41
![Page 21: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/21.jpg)
Mapping the Internet and intranets slide 21 of 41
![Page 22: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/22.jpg)
Mapping the Internet and intranets slide 22 of 41
![Page 23: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/23.jpg)
Mapping the Internet and intranets slide 23 of 41
![Page 24: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/24.jpg)
Mapping the Internet and intranets slide 24 of 41
![Page 25: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/25.jpg)
Mapping the Internet and intranets slide 25 of 41
![Page 26: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/26.jpg)
Mapping the Internet and intranets slide 26 of 41
Some intranet statisticsfrom Lumeta clients
Intranet sizes (devices) 7,900 365,000Corporate address space 81,000 745,000,000Address space usage efficiency% devices in unknown address space 0.01% 20.86%
% routers responding to "public" 0.14% 75.50%% routers responding to other 0.00% 52.00%
Outbound host leaks on network 0 176,000% devices with outbound ICMP leaks 0% 79%% devices with outbound UDP leaks 0% 82%
Inbound UDP host leaks 0 5,800% devices with inbound ICMP leaks 0% 11%% devices with inbound UDP leaks 0% 12%
% hosts running Windows 36% 84%
![Page 27: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/27.jpg)
Mapping the Internet and intranets slide 27 of 41
But how do we debug our software?
• We used to use Lucent’s network back when I was working at Bell Labs
• We have a very light touch on our clients’ networks, and they like it that way
• The Bank of Zork (NASDAQ: BOZO) doesn’t want us practicing on their network
![Page 28: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/28.jpg)
Mapping the Internet and intranets slide 28 of 41
Simulation vs emulation
• Simulators run packet flows over imaginary networks
• Often run to test routing and queuing algorithms
• Emulator wants to appear to be the network
![Page 29: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/29.jpg)
Mapping the Internet and intranets slide 29 of 41
What does a chief scientist do?
• Primarily a prima donna
• Certainly not in development– Travel too much to keep deadline
promises– Never was good at all-nighters
• Find a project that would be nice, but nobody is waiting for
• QA was a fine place to look
![Page 30: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/30.jpg)
Mapping the Internet and intranets slide 30 of 41
Honeyd
• Written by Niels Provos at citi.umich.edu
• Name unrelated to, and vexes, Peter Honeyman, also of citi.umich.edu
• Designed to emulate one or more computers in a single host to lure and confuse hackers
• Responds using nmap and other host fingerprinting databases
• User scripts available to emulate specific web and other network server software
![Page 31: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/31.jpg)
Mapping the Internet and intranets slide 31 of 41
Honeyd
• Designed to emulate one or more computers in a single host to lure and confuse hackers
• User scripts available to emulate specific web and other network server software– Microsoft IIS web server– A number of text-based services are
emulated in available scripts
![Page 32: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/32.jpg)
Mapping the Internet and intranets slide 32 of 41
Honeyd
• Host fingerprint identification based on probe databases– Nmap– xprobe
![Page 33: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/33.jpg)
Mapping the Internet and intranets slide 33 of 41
My Honeyd project
• Make honeyd configuration scripts that build our clients’ networks from the data we obtain
• Add UDP servers for– DNS (name service)– SNMP (Simple Network Management
Protocol)
![Page 34: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/34.jpg)
Mapping the Internet and intranets slide 34 of 41
Uses
• Perfect test network for QA– Unchanging….diff the pages– Build pathological network configurations
• Training
• Sales demos
• Could this be a product?
![Page 35: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/35.jpg)
Mapping the Internet and intranets slide 35 of 41
My honeyd scripts
• Generates entire network description for honeyd based on our client data
• You want a 50,000 node network based on real data? No problem. 300,000 nodes? OK
• DNS emulates name server lookups
• Routers respond with SNMP data
![Page 36: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/36.jpg)
Mapping the Internet and intranets slide 36 of 41
How good is the emulation?
• Handles pings and traceroutes with no problem
• Handles “stealth hosts”, routers that don’t issue TTL exceeded messages
• Even does a fair job of simulating latencies
• Emulator for SNMP and DNS queries
• This is good enough for us: we don’t collect other data at present
• Real networks change as you test them.
![Page 37: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/37.jpg)
Mapping the Internet and intranets slide 37 of 41Real
![Page 38: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/38.jpg)
Mapping the Internet and intranets slide 38 of 41Simulated
![Page 39: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/39.jpg)
Mapping the Internet and intranets slide 39 of 41
Certainly not perfect
• There isn’t nearly as much state in our network emulation as there is in a real network
• CPU time becomes an issue, and the emulator is not efficient at the moment– Moore’s law is a big help here
• Host fingerprinting could make the network much more convincing– We are working on it– Could just fake it
![Page 40: Fun with FCC part 15](https://reader035.fdocuments.in/reader035/viewer/2022062309/56813b43550346895da419fd/html5/thumbnails/40.jpg)
Mapping the Internet and intranets slide 40 of 41
Future work
• Many incremental improvements to network simulations
• Honeyd performance improvements
• Might release a large cleansed network configuration for research purposes