FINAL PROJECT Dean Kay
Transcript of FINAL PROJECT Dean Kay
INVEST IGATINGREMOTEANDAUTOMATEDATTACK VECTORS
US INGA MICROCOMPUTERFROM INS IDE A KNOWNNETWORK.
By
DEANKAY
ADISSERTATION
Submittedto
inpartialfulfilmentoftherequirements
forthedegreeof
BScComputerNetworksandSecurity
BATCHELOROF SC IENCE
2015/2016
Abstract
INVEST IGATINGREMOTEANDAUTOMATEDATTACK VECTORS
US INGA MICROCOMPUTERFROM INS IDE A KNOWNNETWORK.
By
DEANKAY
As the Internets’ users, devices and volumes of data expand at an ever increasing and
exponential rate, the security, authenticity, confidentiality and integrityof thedatabeing
exchangedworldwidepresentstheriskofdatabeingstolen,misusedorlost.Oneformof
preventiontothisriskofdatabreachoccurringistohaveanorganisationsnetworksecurity
auditedbyapenetrationtester. Penetrationtestingisoftenahighcostservicewhichwill
undoubtedlystartwithareconnaissanceofthenetworkunderexamination.Thisreportasks
the question; Using off the shelf hardware, is it possible to build an automated network
reconnaissance device and in completion how long can the device remotely operate on
batterypower.
DECLARATION
I hereby certify that this dissertation constitutes my own product, that where the language of
others is set forth, quotation marks so indicate, and that appropriate credit is given where I
have used the language, ideas, expressions or writings of another.
I declare that the dissertation describes original work that has not previously been presented
for the award of any other degree of any institution.
DEANKAY
“This dissertation contains material that is confidential and/or commercially sensitive. It is
included here on the understanding that this will not be revealed to any person not involved in
the assessment process”.
ACKNOWLEDGEMENTS
I would like to take this opportunity to acknowledge and thank my friends and family that have
supported me throughout my studies at the University of Bolton. I would also like thank Dr.
Robert Campbell for his support and advice as my project supervisor during the final year of
study.
TableofContentsChapter1.Introduction...............................................................................................................4
1.1Aim...................................................................................................................................................4
1.2Motivation........................................................................................................................................4
1.3Objectives.........................................................................................................................................5
1.4FurtherProjectEnhancementsOpportunities.................................................................................6
1.5ProjectPlan......................................................................................................................................7
1.5.1OriginalProjectTimeline...........................................................................................................8
1.6Milestones........................................................................................................................................9
Chapter2.BackgroundandReviewofLiterature......................................................................10
2.1RelatedWork..................................................................................................................................12
2.2Literature........................................................................................................................................12
Chapter3.Methodology............................................................................................................13
3.1Hardware........................................................................................................................................13
3.1.1Microcomputer........................................................................................................................14
3.1.2Screenandkeypadinput.........................................................................................................15
3.1.3Wirelessnetworkinterface......................................................................................................15
3.1.4SecondaryEthernetinterface..................................................................................................16
3.1.5Batterypack.............................................................................................................................16
3.1.6Projectfinancialcost...............................................................................................................17
3.2.1Operatingsystem....................................................................................................................17
3.2.2Programminglanguages.........................................................................................................18
3.2.3Nmap.......................................................................................................................................19
3.2.4ReverseAESHTTPShell............................................................................................................19
Chapter4.DesignandImplementation.....................................................................................20
4.1Hardwareconstruction...................................................................................................................20
4.2SoftwareImplementation..............................................................................................................21
4.2.1LCDMenusystem....................................................................................................................22
4.2.2Reverseshell............................................................................................................................22
4.2.3PortScanandReport...............................................................................................................23
4.2.4AnonymousInlineEthernetpacketcapture.............................................................................24
4.2.5BatteryTimerscript.................................................................................................................26
4.3Problemsfaced...............................................................................................................................27
4.3.1PortSecurity............................................................................................................................27
4.3.2StatefulFirewalls.....................................................................................................................28
4.3.3IDS/IPSSystems.......................................................................................................................28
4.4InlineEthernetpacketcaptureInvestigation.................................................................................29
4.4.1Batterylifetesting...................................................................................................................29
4.4.1Hardwaretesting.....................................................................................................................30
Chapter5.ResultsandDiscussion..............................................................................................32
5.1Completebatterydepletiontestresults........................................................................................32
5.2Hardwareutilisationtestresults....................................................................................................33
5.3Additionalfindings.........................................................................................................................35
5.3.1Easeofdevelopment...............................................................................................................35
5.3.2Developmenttime...................................................................................................................36
5.3.3Thelevelofskillsrequiredtodotheproject............................................................................36
5.3.4Riskfactorsfororganisations..................................................................................................36
5.3.5Howeasywasittofindinformationonthis?..........................................................................37
5.3.6Howtechnicallyindepthistheprogrammingcode................................................................37
Chapter6.Conclusion.................................................................................................................38
6.1LessonsLearned.............................................................................................................................38
6.2FutureActivity................................................................................................................................39
BibliographyandReferences......................................................................................................40
Appendices.................................................................................................................................43
1
LISTOFTABLES
Table1.Batteryliferesults.....................................................................................................32
LISTOFFIGURES
Figure1.OriginalProjectTimeline...........................................................................................8
Figure2.ProjectFinancialCosts.............................................................................................17
Figure3.Diagramofreverseshelltopology(source:Infosecinstitute.com,2016)...............19
Figure4.Hardwareconstructionstart....................................................................................20
Figure5.HardwareconstructionFinish.................................................................................21
Figure6.Nmapcommandbreakdown...................................................................................23
Figure7.Portscanfunctioncode...........................................................................................23
Figure8.InlineEthernetpacketcaptureconceptualdesign..................................................24
Figure9.InlineEthernetpacketcapturephysicaldesign.......................................................24
Figure10.InlineEthernetpacketcapturescript....................................................................25
Figure11.Batterytimerscript...............................................................................................26
Figure12.Logicaldiagramofbatterylifetest........................................................................30
Figure13.Hardwareutilisationtestdiagram.........................................................................31
2
Figure14.Barchartofbatteryliferesults..............................................................................33
Figure15.Memorycacheutilisation......................................................................................34
Figure16.Systeminterruptinformation................................................................................35
LISTOFACRONYMS
AES-AdvancedEncryptionStandard
ACL–AccessControlLists
BASH-BourneAgainShell
CPU–CentralisedProcessingUnit
FTP–FileTransferProtocol
GPIO–GeneralpurposeInputOutput
GSM–GlobalSystemforMobilecommunications
HTTP–HyperTextTransferProtocol
I/O–Input/Output
IMAP–InternetMessageAccessProtocol
MAC–MediaAccessControl
3
Mbps–Megabitpersecond
NNTP–NetworkNewsTransferProtocol
RAM–RandomAccessMemory
SMTP–SimpleMailTransferProtocol
WEP–WiredEquivalentPrivacy
4
Chapter1.
Introduction
1.1Aim
The aim of the project is to build a device using off the shelf miniaturised single board
computing hardware, for the purpose of exploring possible automated reconnaissance
attacks.TheDevicemustbemodularallowingittobeconfiguredandutiliseddynamically,
depending on the environment it is to be usedwithin and also bemobile powered via a
batterypowerpack.Itwillalsoutiliseaphysicalkeypadinputandonboarddisplayallowing
pre-programmedautomationtobetriggered.
The aim is to discover whether or not the project is possible with the use off the shelf
hardwareandalsothelengthoftimeitcanbebeingdeployedremotelyusingonlyabattery
pack.
1.2Motivation
Duetothemultipleredundantminiaturisedsinglecomputingdevicesthatwerealreadyin
personalpossession,plusthekeeninterestinthestudyofnetworksecurityalike.Theproject
ofthiscategoryseemedtoautomaticallycometolight,whentheprocessofdecidingona
projectwasinorder.Uponreviewofliterature,itbecameapparentthattherehadnotbeen
5
muchacademicresearchdoneintheparticularareaofstudy.Theonlyareawhichhadany
substance,wasthatofthenichemarketsellingcommerciallybrandedproducts,thoughthese
wheretypicallynonphysicallymodulardevicesallowingnophysicalalterationtothedevice,
andofahigh financialcost. Asa resultof the the findings, theprojectwassubsequently
aimed towards the possibility of designing a low cost alternative to the few existing
commercialproducts.Whichwouldallowfeaturessimilartothatofthecommercialproducts,
potentiallyusinghigherperformancehardwareandtheopenpossibilityofmodularity.
1.3Objectives
Theprojectsmainobjectiveswereasfollows:
• Design andbuild aminiaturised single board computingdevice for thepurposeof
networkreconnaissance,integratinganon-boardkeypadanddisplayunit.
• Compilecodewhichwill interactwiththeon-boardkeypadanddisplayunitforthe
purposeofautomatingreconnaissanceattacks.
• Testthesuccessfullycompiledautomatedattacksagainstfactorssuchasbatterylife.
Targetrequirementsthatwherediscussedandagreeduponwithprojectsupervisorareas
follows:
• Researchallthevariousnetworkattackvectorthatarepossible,giventheauthors
levelofknowledgesurroundingthenetworksecurityfield.
6
• Runseveraltestsonthebattery,whilethedeviceperformsanetworkreconnaissance
under various network loads. Once tests are complete, run further tests on the
hardwareutilisationonthedeviceunderseveralmorenetworkloads.
• Draw a correlation between the network load and hardware utilisation when
undergoingareconnaissanceattack,allowingaforwardprojectionofbatterylifeon
agivenload.
1.4FurtherProjectEnhancementsOpportunities
Furtherprojectenhancementsopportunitiesareasfollows:
i. Implementanencryptedreversehttpshellforbackdoorintotargetnetwork,using
theon-boardphysicalkeypadinput.
ii. implementanautomatedportscanforatargetnetworkproducingareportforlater
analysis,usingtheon-boardphysicalkeypadinput.
iii. ImplementanautomatedanonymousinlineEthernetpacketcapturethatwillwrite
theinformationtoalocalfileforlateranalysis,usingtheon-boardphysicalkeypad
input.
iv. Implement an automated wireless tool to crack the WEP security algorithm and
deposit theencryptionkey toa local file for lateruse,using theon-boardphysical
keypadinput.
v. Overcome the network defence of switch port security, with an automated pre
programmableMACspoofingscript.
7
1.5ProjectPlan
Thisprojectbeganwithaconsiderableamountoftimefocusingonthebackgroundresearch
andreviewofliteraturesurroundingtheareaofmicrocomputersandremoteautomations.
Althoughtheliteraturewasscarce,someoftheconceptsthatwherebeingstudiedfollowed
thesameprinciples,helpingprovideafundamentalknowledgearoundthesubject.
GiventheLCDscreenandkeypadinputreliedonPythonlibrariesfortheirinteractionwith
theRaspberryPi,abasiccourseonthe ‘IntroductiontoPython’wascompletedgivingthe
author the basic knowledge in the programming language, allowing the coding of
automationsintheproject.
Additionalresearchwasdirectedatsoftwarewhichcouldtestthehardwareutilisationand
batterylifeofthedeviceundertestnetworkloads.
8
1.5.1OriginalProjectTimeline
FIGURE1.ORIGINALPROJECTTIMELINE
DATE: 21STSEPTEMBER
24THNOVEMBER
21STJANUARY
3RDFEBRUARY
12THAPRIL
20THAPRIL
28THAPRIL
6THMAY
BACKGROUNDRESEARCH
LITERATUREREVIEW
SOURCINGHARDWARE
SOURCINGSOFTWARE
POSSIBLE ATTACKVECTORS
DESIGN ANDIMPLEMENTATION
TESTING DATAANALYSIS FINALREPORT
The original project timeline that was plannedwas very ambitious and in retrospect not
realistic, focuson the lengthandcomplexityofprocedureswasnot taken seriouslywhen
determining the project timeline. Also, various parts of the project where vastly
underestimatedintermsoftimescale,thereforedelayingthepartsthatwherebasedonthe
successfulcompletionoftheprevioustasks.
Additionally, the lack of technical knowledge and experience in various technologies
throughouttheproject,partneredwithseveralissuesconcerningthepython-modulesthat
wherea fundamentaland integralpartof thehardware interaction. Delayedtheprojects
timelineevenfurtherinkeyareasofthebuild.
Duetheseinfluences,arevisedprojecttimelinewasnotprepared.
9
1.6Milestones
Whentheprojectwasinitiatedtherewasvariousmilestonesset,thesewheresetby
theauthor,andastheprojecttookcourseandsupervisorymeetingswheremadetodiscuss
the projects progression. The projectwas given additionalmilestones thatwould run in
conjunctionwiththeoriginalexistingset.
Themilestonesthatwheresetwhereasfollows:
• CompletefreeintroductiontoPythoncourseonline.
• Sourcelowcosthardwarefordevice.
• Sourcefreeandopen-sourcesoftwarefordevice.
• Decideuponthetestenvironmenttobeused.
• Attendregularsupervisorymeetings
10
Chapter2.
Backgroundand
ReviewofLiterature
AstheInternets’users,devicesandvolumesofdataexpandataneverincreasingand
exponential rate, the security, authenticity, confidentiality and integrityof thedatabeing
exchangedworldwideistakenforgrantedasacivilexpectation,similartothatofaphysical
assetsuchasaperson'spassportordrivinglicense.However,recurringnewsheadlinesand
officialpublicdisclosuresofpersonaldatasecuritybreachesandnetworkhackingacrossthe
worldhaveproventhisexpectationtobeofafalsenature.Thisnewandfast-movingeraof
technologyandcommunication,asbroughtthedemandformultiplenewprofessionsinorder
tosafelysecurethedigitaldataofusers,groupsandcorporationsalike.Oneprofessionthat
hasarisenfromthisevolutionintheexchangeofdigitalresourcesacrosssociety,isthatof
thenetworkpenetrationtester.Theresponsibilityofthemoderndaynetworkpenetration
testeristoembracetheimmensechallengeofassessingtheexistingcybersecurityplaced
uponone'slocalorwide-areanetworkbynetworkandsystemsadministrators.Focusingboth
from thedefenceof internally orchestrated attacks (incidents originating fromwithin the
localnetworkofwhichisundersecurityaudit)andexternallycoordinatedattacks(incidents
initiated from outside the local network with the intention to gain access to the local
network).Inorderforanetworks’securitytobeextensivelytested,ithasbecomeaccustom
11
forapenetration-testertoactinthemannerofarogueparty.Allowingthepenetration-tester
to think and operate like an attacker would, therefore granting them the necessary
knowledgeinthepreventionofpotentialattacks.Penetration-testerswilltryaplethoraof
techniquesinordertobreakthesecurityofacomputersnetwork.Thesearereferredtoas
‘attackvectors’andasthecreativemindsofaroguepartiesdevisevariousnewmethodsof
exploitingknownandunknownvulnerabilitieswithinanetworkssecurity,sodoesthethatof
thepenetration-testers.Performingthistypeofnetworksecurityassessmentisanecessary
steptowardthedefenceofthepublicandprivatedatastoredwithintheassociatednetwork.
Inadditiontothisevolutionintechnologicalcommunicationsandsecuritytherehasalso
been substantial developments in theminiaturization and processing power of computer
hardware on the computer platform itself. Computers were once thought as big, bulky
systemsandwiththesaleofasocalled'portablecomputer'in1975,theIBM5100weighing
inataround50pounds,offering16Kilobyteofstorageforapricetagupwardof$8,975(IBM,
2016).Itiscleartoseethetechnologicaladvancementsmadewithintheindustry,asonecan
nowbuyaninexpensive$25RaspberryPi2miniaturecomputerthesizeofacreditcardwith
amultiplecoreprocessor,agigabyteofRAMandexpandablestorageupwardsof100GB+
(RaspberryPi,2016).Theserelativelyinexpensivecomputingsystemsallowpeopleofallages
andbackgroundstoexplorecomputing,specifically targetingeducational facilities. Ithas
also prompted many hobbyists to build a multitude of projects ranging from home
automation systems collaborating a Raspberry Pi with a collection of sensors, to major
projectssuchastheAstro-Pi,aRaspberryPifittedwithvarioussensorsandthatwassetinto
spaceinordertoconductnumerousexperiments(Astro-Pi,2016).
12
Taking the previous information into account, this prompted the question; using
inexpensiveminiaturisedcomputinghardware,would itbepossibletofacilitateanetwork
reconnaissanceonagivennetworkinordertofurtheradvancethesecurityplaceduponit
presently?
2.1RelatedWork
Asthisisanewandseeminglynicheareaofresearch,relatedworkissomewhatscarce
thoughtherehasbeensomeresearchconducted.JunZhengoftheNewMexicoInstitute
ofMining and Technology ran a similar projectwhere he discovered the possible attacks
availableusingasingle-boardmicrocomputerandthedetrimentaleffectstheseattackswould
haveonbattery lifeof a connectedpower source. Zhengusedolderand lowerpowered
hardwaretoperformhistestsandcametotheconclusionthatasmallsingle-boardcomputer
such as the Raspberry Pi is a seriously viable threat towards the defense of an internal
network,Zheng,J.(2013).
2.2Literature
AlltheoriginalliteraturereviewedforthisprojectcanbefoundinAppendixAasthiswas
completedintheearlierstagesoftheprojecttimeline.AlsoasupervisorymeetingLogcan
befoundinappendixF.
13
Chapter3.
Methodology
Theprimaryquestionofthisprojectwas,couldtheconstructionofamobileandnetworked
microcomputerdevicefittedwithaLCDscreen,keypadinputandautomationsoftware,for
thepurposeofallowinganordinarypersontoconductnetworkpenetrationtestsusingoff
theshelfITequipmentbepossible?
This question followed with, should the construction of a mobile and networked
microcomputerpenetrationtestingdevicebepossible,whatisthelengthoftimeamobile
attackcanberunwithouttheneedforapowersupply?
Thefollowingsectionswillshowthenecessarystepstakeninordertoperformsuchatask
likethis.
3.1Hardware
Thefollowingsectionwilltakealookatthehardwarepurchasedfortheproject,itwilllook
ateachindividualcomponentcomparingthemtotheirmarketcompetitorsandprovidethe
reasoningastothethefinalchoicewhichwasmade.
14
3.1.1Microcomputer
Researchsuggestedthatthehardwarerequiredwouldbeaminiaturisedsingle-board
computer with an adequate amount of processing power and lots of I/O for additional
peripherals and connectivity tailoring to the intendedmodular design. A previous study
whichwassimilartothatofwhichwasbeingconductedusedaRaspberryPiversion1model
B, this offered everything required for the project build but was an older model of the
RaspberryPirange,luckilythecompanyhadrecentlyjustbroughtanewRaspberryPiversion2
modelBtomarketwhichofferedconsiderableimprovementstothetechnicalspecifications
ofthedevice.Improvementssuchasmovingfroma700MhzsinglecoreCPUtoa900Mhz
quadcore,512MBto1GBofRAM,from2xUSB2.0portsto4xUSBportsandbothmodels
keptthe40pinGPIOheadersforexpansion.TheRaspberryPivesion2hardwareisalsovery
inexpensive in price and costs the same as the prior version, it also offers large online
community that run a plethora of heterogeneous projects leaving vast amounts of
informationonlinetotakestudyfromshouldtherebeanyproblemsinthedevelopment.
TherearealternativestotheRaspberryPisuchastheBeagleboneBlack,ODROID-C1+and
BananaPi,theyarealsoaroundthesamehardwarespecificationsandpricerangebuttheir
onlinecommunityisminisculeincomparisontothatoftheRaspberryPi’s. Itwasthiskey
factorwhichclarifiedthedecisiontouseaRaspberryPisingle-boardcomputerfortheproject,
as shouldany issuesoccuralong the timelinea largeonline communityofhelpwouldbe
available.
15
3.1.2Screenandkeypadinput
Though technically not required in some cases, a physical screen and keypad input was
necessaryfortheremoteinstallationofthedevicesonatargetnetwork.Addingascreenand
keypadinputallowsapenetrationtestertotriggerautomatedattacksdirectlyfromthedevice
itselfasopposedtousingadditionalhardware/softwaretologintoit.Thereweretwomain
typesofscreenandinput,thesewherethebasicRGBdisplaywithphysicalbuttonsthatcan
beprogrammedtointeractwithsoftwarewiththeuseofexistingPythonlibrariesoratouch
screen unit allowing a desktop environment to be loaded and potentially use on screen
keyboard.BothtechnologiesphysicallyinteractwiththeRaspberryPithroughasectionof
theGPIOheadersthatareontheboard.
Due to thenatureof theproject requiring automation theRGBdisplay and keypad input
where the more useful and discrete hardware choice allowing for the pre-programmed
automationtobetriggeredthroughtheonboardkeypad.
3.1.3Wirelessnetworkinterface
The open design of a Raspberry Pi allows the addition of lots of different hardware
collaborationsandwiththeintegrationof4xUSB2.0ports.ThisallowedtheuseofaUSB
powered device wireless dongle. The review of literature surrounding network security
suggestedthatthenecessityofaspecificchipsetanddrivers isrequiredwhenperforming
particular network penetration tests. These specific chipsets would allow the tester to
performontheflypacketinjectionwhilemonitoringthestreamsofwirelessfrequenciesin
theair.
16
Therewere2mainwirelessdongleswhichusedtherequiredchipset,thesewherebybrands
TP-link and Alfa network. The TP-Link brand ofwireless dongle offered a smaller design
allowingmorediscretedesignandwaschosenforthisreason.
3.1.4SecondaryEthernetinterface
ToallowcertainreconnaissanceattackssuchasaninlineEthernetpacketcapturetheneed
forasecondEthernetnetworkinginterfaceisrequired,asthedevicealoneonlyasoneon-
boardEthernetconnection.AninlineEthernetpacketcapturewouldrequirethedeviceto
sit on the link between two communicating networked devices. Fortunately, additional
EthernetinterfacescanbeaddedtoaRaspberryPIviatheUSBportsusinganEthernetRJ45
USBNetworkAdapter.
AstheexistingonboardEthernetportasamaximumthroughputof100Mbps,therewasno
needtochooseahigherthroughputUSBEthernetnetworkadapterasnetworktrafficwill
scaletothelowestspeedlink,Thisnarrowedsourcingthehardwaretojust100Mbps.
3.1.5Batterypack
Asthepenetrationtestingdeviceistobemobile,itwillrequireasourceofpowerintheform
ofamobilebatterypack.AfterStudyofthepreviousresearchcompletedonexploringattack
vectors which used a 5,000mAh USB power bank, Zheng (2013). It was deciding that a
20,000mAhUSB power bankwould bemore beneficial as there studies found themax a
5,000mAhbatterycould last runningvariousattackvectorswas6hours,whichgives little
timetoconductathoroughreconnaissance.
17
3.1.6Projectfinancialcost
Thefollowingtableisthepartsrequiredfortheprojectwithasourceofpurchaseandprice
atthetimeofsale.
FIGURE2.PROJECTFINANCIALCOSTS
Item Source CostRaspberryPi2ModelB+. Uk.rs-
online.com£25
AdafruitRGBNegative16×2LCD+KeypadKitforRaspberryPi. Amazon.co.uk £25TP-LINKTL-WN722NWirelessN150HighGainUSBAdapter,150Mbps,4dBiExternalAntenna,WPSButton.
Amazon.co.uk £8
AnkerAstroE6Powerbank-20800mAh. Amazon.co.uk £30TP-LINKTD-W8968300MbpsWirelessNUSBADSL2+ModemRouter. Amazon.co.uk £290.5MCAT.5UTPPatchCable. Amazon.co.uk £3SanDiskMobileUltramicroSDHC16GBUHS-IClass10MemoryCard30MB/s.
Amazon.co.uk £8
USBto10/100EthernetRJ45NetworkAdapterConverterPCLaptopsWiredConnectionUSBMaletoRJ45Female.
Amazon.co.uk £1.75
AdafruitRaspberryPiB+/Pi2/Pi3Case-SmokeBase
Adafruit.com £5
Total: £134.75
3.2Software
Thefollowingsectionwilltakealookatthesoftwareusedwithintheproject,itwilllookat
each individual piece, comparing it with any alternate software’s that are available and
providethereasoningastothethefinalchoicewhichwasmade.
3.2.1Operatingsystem
Thereareanumberofopen-sourceLinuxbasedpenetrationtestingdistributions,thatare
specificallyconfiguredfortheRaspberryPiasitusesanARMbasedCPUarchitecture,these
are available to download online and free. Distribution such as Kali Linux, Pwn Pi and
18
Raspberry Pwn all offer a number of penetration testing tools free to install and use.
However,thisprojectwasdesignedtobeamodulardevice,soitwasdecidedthatthebest
operatingsystemfortheprojectwouldbeRaspbian;anunofficialportoftheDebianwheezy
ARMhf distribution that is available download on the Raspberry Pi website. Raspbian is
completelycompatiblewiththeRaspberryPiandisupdatedfrequently,sotherewillbeno
issuesregardingcompatibility.RaspbianalsocomeswiththePythonprogramminglanguage
pre-installedandwithPython installedaprogramknownas ‘Katoolin’canbedownloaded
andrun.Katoolinoffersaquickandeasywaytodownloadrepositoriesandtoolsfromthe
Kali Linux penetration testing distribution, in order to then select and install penetration
testingtoolsfromitssuite.Thetoolscanbeinstalledindividuallyasandwhenneededmaking
thisabetterapproachtohavingabloatedsystemfulloftoolsthatarenotinuse.
3.2.2Programminglanguages
Hastherehavebeenover2500computerlanguagescreated(KinnersleyB,2016)thechoice
ofwhichlanguagetouseintheprojectwascumbersome.However,withthedecisiontouse
theAdafruitRGBscreenandkeypadinput,alsocametheneedtousethepre-writtenPython
librariesfortheinteractionbetweenthemoduleandoperatingsystem.ThismadePython
the only viable programming language available but a valuable part of the python
programminglanguageistheabilitytorunBASHcommandswithinthecode.Thiswouldbe
verybeneficialas theauthorhadpreviouslycompletedanacademicmoduleonUNIXand
familiarwiththecommandsavailable.
19
3.2.3Nmap
Nmapisafreeandopensourcenetworkdiscoverytoolthatcanscanatargetnetworkfinding
informationinhostssuchasopen/closedports,operatingsystemversionsandfirewallfilters.
Itisacommonlyusedtoolforthereconnaissanceofanetworkwhenperforminganetwork
penetrationtestas thetestercanbuilda logicalpictureofwhat thenetworkconsistsoff.
Nmapofferstheabilitytowriteinformationthathasbeendiscoveredtofileallowingareport
tobebuiltandanalysedatalaterdate.
3.2.4ReverseAESHTTPShell
A reverse shell is form of shell whereby the target system of which is required use of,
communicatesbacktoaremoteattackingsystem.Theremotesystemisconfiguredtolisten
onaspecificportwherebyitreceivestheconnectionthisisachievedbyusingcommandor
codeexecution(InfosecInstitute,2016).
Thediagrambelowshowsthestateofareverseshellconnection.
FIGURE3.DIAGRAMOFREVERSESHELLTOPOLOGY(SOURCE:INFOSECINSTITUTE.COM,2016)
Reverse shell tools are available from the Kali Linux repositories an can be downloaded
throughkatoolin.
20
Chapter4.Designand
Implementation
The following sectionwill show the physical construction of theminiaturised penetration
testingcomputerfollowedbyalookatthesoftwarethatwasimplementedonit.
4.1Hardwareconstruction
ThefirststepofthebuildwastosoldertheRGBdisplayandkeypadkittogetherfollowingthe
onlineinstructionsetprovidedontheAdafruitwebsite.Thefollowingfiguresshowthestart
andfinishofthebuild.
FIGURE4.HARDWARECONSTRUCTIONSTART
21
FIGURE5.HARDWARECONSTRUCTIONFINISH
Thebuildrequiredasoldering ironasthetheRGBdisplayandkeypadthere inkit form,a
moredetailedviewoftheconstructioncanbeseeninAppendixB
4.2SoftwareImplementation
The following section will explain how the software was implemented on the device
presentingextractsofcodeimplementations.
Toimplementthesoftware,theRaspbianImagewaspre-installedontheMicroSDcardsand
insertedintheRaspberryPiasthiswastheoperatingsystemofchoice.Followingthis,the
necessary Python libraries where downloaded from the Adafruit website to utilise the
interactionbetweenpiandscreen/keypad
22
4.2.1LCDMenusystem
As there are many hobbyists who take on the Raspberry Pi for various projects,
sources such as GitHub host free open-source repositories of programming code for
individuals touploadanddownload from, allowing communities to collaborate and share
code.Itwasthissourcewhichallowedtheauthortodiscoverapre-writtenmenusystemthat
hadbeenwroteinthepythoncomputinglanguagefortheinteractionbetweentheRaspberry
PiandAdafruitRGBdisplayandkeypadinput.Onparsingthecode,itwasrevealedtherewas
alotofunnecessaryfunctionsthatoriginallywheretailoredfortheuseofitscreator.These
wheredeemedunnecessaryandthecodewasadaptedtothatofabasicmenusystemwith
nofunctions.Thisbasecodewouldbewhereall laterfunctionswouldbecalledfromand
wouldbeplacedinasascripttoberaninthe‘.bashrc’file;afilewhichinitiatesthecommands
withinitonthebootofthedevice.TheAdaptedmenusystemcodefortheprojectcanbe
foundinAppendixC.
4.2.2Reverseshell
Thereverseshellcodewastakenfromthepenetrationtestingtoolsthataresuppliedwith
theKaliLinuxdistribution.Itwasinstalledusingthekatoolinapplicationreferredtoearlier,
thecodewasmildlyadaptedastheAESprivatekeywaschangedthiswasdoneasthedefault
is set foreveryonewhowishes touse the tooland therefore it iswellknownmaking ita
securityrisk.
23
4.2.3PortScanandReport
Theportscanfeatureoftheprojectwasimplementedusingthewell-knownNmapsoftware
previouslymentioned. Givenspecificflagstheauthorwasabletoscanaspecifiedadress
rangeforallopenportsandoperatingsystemversionsofhostswithinadefinenetworka
breakdownanextractoftheimplementedfunctionisshownbelow.
FIGURE6.NMAPCOMMANDBREAKDOWN
This network port scanning feature can be triggered from the keypad LCDmenu system
allowing the tester to produce a report swiftly without the need of peripherals such as
keyboardmouseandmonitoradheringtointentionallydiscreteandmobilenature.Figure7
belowshowstheportscanfunctionextractedfromtheLCDmenuscriptitshouldbenoted
thattheinteractiononthekeypadrequirestheusertopresstheleftswitchinordertobreak
loopthefunctionisplacedinleavingtheareaoftheLCDmenutheywereonceplacedin.
FIGURE7.PORTSCANFUNCTIONCODE
A sample network port scan report output has been provided in Appendix D of the
appendices.
24
4.2.4AnonymousInlineEthernetpacketcapture
TheinlineEthernetpacketcapturewasimplementedwiththeuseoftheUSBRJ45Ethernet
adapter,thedeviceworksbysittinginthemiddleofthecommunicatingandtakingacopyof
all the traffic that passively runs through the device. The diagram below shows the
conceptualdesignfollowedbythephysicaldesign.
FIGURE8.INLINEETHERNETPACKETCAPTURECONCEPTUALDESIGN
FIGURE9.INLINEETHERNETPACKETCAPTUREPHYSICALDESIGN
25
Toallowthedevicetobeanonymised,aconfigurationshadtobesetonthedevicetheseare
asfollows:
1. DisableDHCPdaemonfromrunningdenyingthedevicesinterfacesbeinggivenanIP
address.
2. Createbridgeandaddinterfacesbothinterfacestothebridge.
3. RemovetheIPaddressesoftheinterfacesonthebridge.
4. InitiatetheBridge.
5. Initiatethecaptureofthethetrafficpassingthroughthebridgeinterface.
ThescriptfortheinlineEthernetpacketcapturecanbeseenbelow.
FIGURE10.INLINEETHERNETPACKETCAPTURESCRIPT
26
4.2.5BatteryTimerscript
ThebatterytimerwasasimplescriptwroteinBASHtorecordthetimeatwhichthedevice
poweredoff.ThiswaswrittenforthetestingphaseoftheprojectastheUSBbatterypackas
noindicationofwhenthebatteriespowerisabouttodeplete,meaningascriptwouldhave
toberunasabackgroundprocessconstantlyrewritingthecurrenttimeintoafile.Oncea
testhadbeenperformedtheandbatteryandfullydepletedthedevicewouldbepoweredon
andthetimewouldbereadfromthefileinordertocalculatehowlongthebatterylifehad
lastedduringthetest.Thiswasperformedbydeductingthestarttimeofthetestbythefinish
time,showingthenumberofhoursandminutes thebatteryhad lasted. Figure11below
showthebasicbatterytimerscript.
FIGURE11.BATTERYTIMERSCRIPT
27
4.3Problemsfaced
Aftercompletionofthebuild,torunthepentestingdeviceinatargetenvironmentresearch
showed it had the potential to face various issues surrounding general network security
techniques
4.3.1PortSecurity
Organisations such as banks and who wish to be certified to the ISO27002 information
securitystandardsmust followstrict regulationson theaccesscontrol theyplaceon their
networkandsystems(ISO/IEC27002:2013,2013).Theywillapplysecurityconfigurationsto
theirnetworkingequipmentsuchasportsecurityasaphysicaldefenceagainstunauthorised
accesstothe localnetwork. Portsecurity isatechniqueofaccesscontrolthatconsistsof
MACfilteringonthephysicalportsofaswitch,itissecuredbyallowingordenyingaphysical
connectiontothenetworkbasedontheMACaddressoftheconnectingdevice.Thiscanbe
a problem for the reconnaissance device, has should it want to initiate a reverse shell
connection, itwould require a validMAC address from the filter list implemented to the
switch.
ThisproblemcouldbeovercomewithatechniqueknownasMACspoofing(DCardenas,E,
2003),itwouldrequiretheuserofthedevicetomanuallyconfigurethedeviceusingavalid
MACaddresstoconnecttothenetwork.
28
4.3.2StatefulFirewalls
TheuseofStatefulFirewalltechnologieswillallowordenyvarioustypesoftrafficacrossa
network.SoftwaresuchasIPtablesrulesorCiscoIOS’sACLlistscanperformIPfilterruleson
thestateofaconnection,theseareknownasreflexiveACL’sorStatefulrules(Cisco,2014).
AcommonconfigurationofthereflexiveACListoallowoutboundconnectionsthatwhere
startedwithinanetworkthroughthefirewall,butdenyanyconnectionsinboundthatwhere
notstartedfromwithinthenetwork.Thismaybefilteredbytheportinwhichisinusefor
exampleHTTPtrafficoverport80 isallowedoutandreturn,butnotallowed in. Another
functionof a Stateful firewall is the ability to performdeeppacket inspection; this is the
capturingofpacketsintransitforanalysis(Solarwinds,2014). Deeppacketinspectioncan
detect fraudulent packets that are entering the network under a valid port number but
containdifferentprotocolstowhichthatportnumberisassociated.
ThiswasovercomewiththeuseofthereverseAESHTTPshellwhichcanrunacrossport80
out of the network (a common configuration). It is also Encrypted with AES encryption
denyinganypacketinspectiontobeperformed.
4.3.3IDS/IPSSystems
ThereisapossibilityanorganisationwilluseanIDS/IPSsystemtomonitoranddetectfreak
activityon thenetwork, suchas extremelyhighbandwidthuseorhostsbeing repeatedly
pinged. An IDS/IPS is configured with the use of factors such as network traffic flows,
signaturebasedinspectionandbaselinenetworkactivity.Oncetheserulesareviolatedthe
29
IPScandynamicallypreventsuspiciousactivityfromoccurringbyalteringfirewallrulesand
loggingactivity.
TopreventdetectionfromanyIDS/IPSsystems,thenetworkportscanningsoftwareNmap,
wasgivencommandflagssettoavoiddetectionbyfragmentationofpackets.However,this
wouldnotpreventdetectionineveryscenario.
4.4InlineEthernetpacketcaptureInvestigation
The followingsection is thesecondpartof the implementationwhereby thepenetration
testingdevicethatwasconstructed,wastestedtoseehowlongthedevicecouldmonitor
trafficusingtheInlineEthernetpacketcapturingsoftwarepreviouslyimplemented
4.4.1Batterylifetesting
To test the network reconnaissance attack against battery life, a piece of software was
required to generate specific levels of traffic across a physically connected Ethernet link.
Initialresearchreferredtheauthortoasoftwareknownasiperf;aprogramthatisusedfor
testingthethroughputofaconnectionbysendingadefinedamountofbandwidthtosaturate
aphysicallink.Thissoftwarewasusedintheprojectinconjunctionwithsoftwareknownas
tcpdump;apacketanalysingapplicationwhichisrunfromtheLinuxcommandline.tcpdump
itselfwasusedtocapturethepacketsthatwereintransitacrosstheEthernetlinkwhichis
beinganonymouslymonitored.
30
Theinitialtestingwasperformedin3stagestheseasfollows;
1. Batteryconsumptionmonitoring10Mbpsthroughput
2. Batteryconsumptionmonitoring50Mbpsthroughput
3. Batteryconsumptionmonitoring100Mbpsthroughput
Eachtestwasconductedusingallofthesameequipment,withtheonlyvariantbeingthebit
ratetransmitted.Alogicaldiagramofthebatterylifetestisshownbelow.
FIGURE12.LOGICALDIAGRAMOFBATTERYLIFETEST
4.4.1Hardwaretesting
Thefinalpieceofsoftwarethatwasusedisknownasvmstat,itisalsoacommandlinetool
similartotcpdump,butforthemonitoringofacomputersstatisticalinformationsuchasCPU,
memory, I/O, and swap, this information canbeprinted to screenorwritten toa file for
furtheranalysis. vmstatwasrunonthepenetrationtestingdevicealongsidetcpdump,to
identifytheeffectonhardwareasthetheiperfsoftwaretransmittedpacketsatincrementing
bandwidthsof10Mbpstillitreached100Mbps,aLogicaldiagramofthetestisshownbelow
32
Chapter5.Results
andDiscussion
The following section cover the results collected from tests ran in the previous chapter,
discussingtheexpectedresultsandthenanalysingthedataforfurtherdiscussion.Toview
thefullatranscriptofalltheresultscollectedrefertoappendixE.
5.1Completebatterydepletiontestresults
Thetheorisedexpectationofthetestswouldbethat,thehigherthethroughputwhichwas
beingtransmittedfromtheiperfclientsoftwaretotheiperfserversoftwareandanonymously
monitoredwiththepacketcapturingapplication.Thiswouldtheoreticallyberunningmore
processes and utilising the hardware of the penetration testing device meaning the the
batterywoulddepletemorerapidlyasthedevicetookmoreenergyfromthebatterycells.
ThefollowingTableandFigureshowtheresultsofthebatterylifetests.
TABLE1.BATTERYLIFERESULTS
Reconnaissance Attack Bit Rate (Mbps) Battery life (Hrs) Inline Ethernet packet capture Average traffic 39.2Inline Ethernet packet capture 100 28.9Inline Ethernet packet capture 50 34.5Inline Ethernet packet capture 10 37.9
33
FIGURE14.BARCHARTOFBATTERYLIFERESULTS
This theoryprovedtobetrueas theresultsbelowshow, therateatwhichthroughputof
trafficissentdirectlyaffectsthespeedofdrainonthebatterylife.
5.2Hardwareutilisationtestresults
TheTheorisedexpectationofthistestwassimilartothatofthebatterydepletiontest,the
authorassumedthatthehigherthroughputofdataacrossthemonitoredlink,thenthiswould
directlyaffectthehardwareutilisationonthemonitoringdevice.
Thistheoryhoweverwasnotfullycorrect,thetestswhereratherinconclusivetowardsthe
theoryofadirectlinkbetweenlinkthroughputandhardwareutilisation.Althoughtherewere
evident patterns in statistics when the highest values of each statistic from the 30 data
outputswherecollated.Oneevidentpatternwasthatofthememorycacheutilisationthis
canbeseeninfigure15below.
39.2
28.9
34.537.9
WiredInlineEthernetWireTAPgeneraluse
WiredInlineEthernetWireTAPat100Mbps
WiredInlineEthernetWireTAPat50Mbps
WiredInlineEthernetWireTAPat10Mbps
TimeTillCompleteBatteryDepletionTimeTillBatteryDepletion(Hours)
34
As the throughputof the linkwas is increasedby10Mbps, the sizeof thememory cache
increasesatanexponentialrate(seeninred).
FIGURE15.MEMORYCACHEUTILISATION
35
Oneotherareaofinterestsurroundsthecorrelationbetweenthelinkthroughputandand
thenumberofsysteminterruptspersecond.Figure16belowshowsafterafreakdatapoint
inthe20Mbpstestthereisastableincreaseinthenumberofinterruptspersecondinrelation
tothelinkthroughput.
FIGURE16.SYSTEMINTERRUPTINFORMATION
5.3Additionalfindings
Throughout the course of the project, there where various other findings that where
discoveredthatmayoftenbeoverlooked.
5.3.1Easeofdevelopment
Theeaseofdevelopmentontheprojectwasrelativelyeasy,astheauthorhadmostofthe
technicalknowledgethatwasneededavailabletothemthroughpreviousexperiencesusing
902
30
1022 1052 1063 1073 1086 1094 1098 1108
20 0 29 28 29 30 30 31 31 310
200
400
600
800
1000
1200
0 2 4 6 8 10 12
Bandwidth(Mbps)
Minvaluetakenfrom30x1secondinterval(System)
systemin systemcs
36
the technologies. This was aided by the understanding the author had on subjects at a
fundamentallevel,meaninganynewconceptswherebuiltonthepre-existingknowledge.
5.3.2Developmenttime
Thetimetodeveloptheprojectwasreasonableandshouldmoretimebeavailabletothe
individualtheprojectmayhavebeencompletedearlierthenproposed.Thisisalsodownto
thedisciplineoftheindividualforexampletheabilitydenythemselvesfromprocrastinating.
5.3.3Thelevelofskillsrequiredtodotheproject
Thelevelofskillrequiredtocompletetheprojectisthatofafirstyearuniversitystudentand
lowlevel,itdoeshoweverrequirealotofdeterminationandakeeninterestinthefieldof
networksecurity.AreassuchasUNIXandpythonarethemostessentialpartofthebuild,
knowingtheirfundamentalsisthebasistofurtheringtheproject.
5.3.4Riskfactorsfororganisations
Theprojectsdevicepresentsa lotof risks foranorganisationas thedevice ismobileand
proventobecapableofperformingreconnaissanceattacks.Withtheabilitytoremainhidden
andpoweredbyabatteryforupto39.2houseunderaverageuserstraffic,thedevicecan
presentaseriousrisktowardsthesecurityofanorganisationsnetwork.
37
5.3.5Howeasywasittofindinformationonthis?
Informationonthesubjectwassomewhatscarce,howeversourcinginformationonnetwork
securitypracticesandbrowsingcommunitydevelopedRaspberryPiprojectscanprovidethe
necessaryinformationtowardsimplementingsuchaproject.
5.3.6Howtechnicallyindepthistheprogrammingcode
ThemosttechnicalcodeintheprojectwasthatoftheLCDmenusystem,thoughthiswasnot
writtenbytheauthor,onlyadaptedandusedasaframework.Mostofthepythoncodeused
intheprojectrefersbacktoUNIXcommandsandshellscriptsmeaningitdoesnotrequirean
individualatthelevelofacompletedcomputersciencedegreeinordertowritethecodein
use.
38
Chapter6.Conclusion
Theinitialconceptofthisprojectchangedquitevastlyatanearlystageoftheprocess,dueto
whatwastheoreticallypossiblewithoverambitioustimeline.Thischangehoweverallowed
theprojecttoberefinedgivingtheprojecttwoclearandconcisequestions;
1. Can a device bebuilt using off the shelf IT hardware for thepurposeof exploring
possibleautomatednetworkreconnaissanceattacks?
2. Ifsuchadevicewasbuilt,howlongcanthedevicebedeployedremotelybeforethe
batterylifeisdepleted?
Bothofthesequestionsweresuccessfullyansweredwiththebuildofthedevicerunningcode
fortheautomationofnetworkattacksreconnaissanceandthetestingofbatterylifedepletion
againstthedevicerunningsuchcode.Therewerenomajorsurprisestothefindingswhich
were made throughout projects testing, but overall the project gave clarification on the
questionsitanswered.
Overalltheprojectwasasuccessandapleasuretocomplete.
6.1LessonsLearned
Thelessonslearnedthroughoutthecourseofthisprojectwere,itdoesnottakeanindividual
with the knowledge of computer science graduate to achieve the projects goals. Basic
39
understandingofthefundamentaltechnologiespartneredwithfurtherstudyintheprojects
technicalareaswillprovidethenecessaryinformationrequiredtocompletesuchaproject.
6.2FutureActivity
Possiblefutureactivityfurtheringtheprojectwouldconsistofthefollowing:
• ImplementaGSMshieldonthedevicetoallowoutofbandcommunicationthrough
the3Gor4Gcellularnetwork. Onceconnected to toa targetnetwork thedevice
would theoretically be able to upload the extracted recon data to the attacker’s
remotesystem.Avoidingdetectionacrossthetargetnetwork.
• Testthebattery lifedepletiontimewhenrunningwirelessnetworkreconnaissance
attackswhilealsoobservingtheeffectonhardwareutilisation.
• AutomateapasswordcrackingapplicationonboardtheRGBdisplayandinput
40
Bibliographyand
References
Adafruit.2016.AdafruitRGBNegative16x2LCD+KeypadKitforRaspberryPi.[ONLINE]Availableat:https://www.adafruit.com/products/1110.[Accessed07January16].
Adafruit.2016.AdafruitRaspberryPiB+/Pi2/Pi3Case-SmokeBase-w/ClearTop.[ONLINE]Availableat:https://www.adafruit.com/products/2258.[Accessed1May2016].
ALFA.2016.AWUS036NH.[ONLINE]Availableat:http://www.alfa.com.tw/products_show.php?pc=34&ps=21.[Accessed1May2016].
Amazon.2016.USBto10/100EthernetRJ45NetworkAdapterConverterPCLaptopsWiredConnectionUSBMaletoRJ45Female.[ONLINE]Availableat:https://www.amazon.co.uk/gp/product/B003Q85EEA/ref=oh_aui_detailpage_o01_s00?ie=UTF8&p
sc=1.[Accessed1May2016].
AnkitaGupta#1,Kavita2,KirandeepKaur2013,"VulnerabilityAssessmentandPenetrationTesting",
InternationalJournalofEngineeringTrendsandTechnology,vol.4,no.3,pp.328-333.
Astro-Pi.2016.Astro-Pi.[ONLINE]Availableat:https://astro-pi.org/about/.[Accessed04March16].
Aufderheide,A.2013.RaspberryPiLcdMenu.[ONLINE]Availableat:https://github.com/aufder/RaspberryPiLcdMenu.[Accessed21February16].
BananaPi.2016.BananaPi.[ONLINE]Availableat:http://www.bananapi.org/p/product.html.
[Accessed1May2016].
BeagleBoard.2016.BeagleBoneBlack.[ONLINE]Availableat:https://beagleboard.org/black.[Accessed1May2016].
Cunningham,C.2015.ConfigureAuto-start.[ONLINE]Availableat:https://learn.adafruit.com/piminer-raspberry-pi-bitcoin-miner/configure-auto-start.[Accessed21
February16].
Cisco.2014.ConfiguringIPSessionFiltering(ReflexiveAccessLists).[ONLINE]Availableat:http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfreflx.ht
ml.[Accessed4May2016].
41
DCardenas,E,2003.MACSpoofing--AnIntroduction.GlobalInformationAssuranceCertificationPaper,[Online].Availableat:http://www.giac.org/paper/gsec/3199/mac-spoofing-an-
introduction/105315[Accessed30April2016].
Github.2016.Katoolin.[ONLINE]Availableat:https://github.com/LionSec/katoolin.[Accessed2May
2016].
Hardkernel.2016.ODROID-C1+.[ONLINE]Availableat:http://www.hardkernel.com/main/products/prdt_info.php?g_code=G143703355573.[Accessed1
May2016].
Holm,H.;Sommestad,T.;Almroth,J.;Persson,M.(2011).Aquantitativeevaluationofvulnerabilityscanning.InformationManagement&ComputerSecurity.Vol19(No.4),p231-247.
Hunt,A.2014.MediaoverCoaxialAlliance(MoCA):OperationandSecurityPosture.[Online]Availableat:https://www.defcon.org/images/defcon-22/dc-22-presentations/Hunt/DEFCON-22-Andrew-Hunt-
MoCA-Overview-and-Security-Posture-WP.pdf.[Accessed01January16].
IBM.2016.IBM5100PortableComputer.[ONLINE]Availableat:http://www-03.ibm.com/ibm/history/exhibits/pc/pc_2.html.[Accessed22February16].
InfosecInstitute.2016.Whatareshells?.[ONLINE]Available
at:http://resources.infosecinstitute.com/icmp-reverse-shell/.[Accessed2May2016].
iperf.2016.iPerf-Thenetworkbandwidthmeasurementtool.[ONLINE]Availableat:https://iperf.fr/.[Accessed30April2016].
ISO.2013.ISO/IEC27002:2013(en)Informationtechnology—Securitytechniques—Codeofpracticeforinformationsecuritycontrols.[ONLINE]Availableat:https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-2:v1:en.[Accessed4May2016].
Kali.2016.KalionRaspberryPi.[ONLINE]Availableat:http://docs.kali.org/kali-on-arm/install-kali-
linux-arm-raspberry-pi.[Accessed2May2016].
KinnersleyB.2016.TheLanguageList.[ONLINE]Availableat:http://people.ku.edu/~nkinners/LangList/Extras/langlist.htm.[Accessed2May2016].
Mortensen,C.;Winkelmaier,R.;Zheng,J.(2013).ExploringAttackVectorsFacilitatedbyMiniaturized
Computers.Proceedingsofthe6thInternationalConferenceonSecurityofInformationandNetworks.(),p203-209.
Pwnpi.sourceforge.2016.PwnPi.[ONLINE]Availableat:http://pwnpi.sourceforge.net/index.html.
[Accessed2May2016].
PonnusamyP.2016.UnderstandingVMSTATOutput-Explained.[ONLINE]Availableat:http://www.lazysystemadmin.com/2011/04/understanding-vmstat-output-explained.html.
[Accessed5May2016].
42
PwnieExpress.2016.PWNPLUGR3.[Online]Availableat:https://www.pwnieexpress.com/product/pwn-plug-r3penetration-testing-device/.[Accessed07
January16].
Raspberrypi.2016.RASPBERRYPI2MODELB.[ONLINE]Availableat:https://www.raspberrypi.org/products/raspberry-pi-2-model-b/.[Accessed22February16].
Raspbian.2016.Raspbian.[ONLINE]Availableat:https://www.raspbian.org/RaspbianAbout.[Accessed2May2016].
RSComponentsLtd.2016.RaspberryPi2ModelB.[Online]Availableat:http://uk.rs-online.com/web/p/processor-microcontroller-development-kits/832-6274/.[Accessed07January
16].6.
SANS.2004.UnderstandingIPSandIDS:UsingIPSandIDStogetherforDefenseinDepth.[ONLINE]Availableat:https://www.sans.org/reading-room/whitepapers/detection/understanding-ips-ids-ips-
ids-defense-in-depth-1381.[Accessed5May2016].
Shravan,K.,Neha,B.&Pawan,B.2014,"PenetrationTesting:AReview",Compusoft,vol.3,no.4,pp.
752-757.
Solarwinds.(2014).SolarWindsDeepPacketInspection&AnalysisforQualityofExperienceMonitoring.[OnlineVideo].29July2014.Availablefrom:https://www.youtube.com/watch?v=aDnpS0LhUC8#t=27.[Accessed:5May2016].
TP-Link.2016.150MbpsHighGainWirelessUSBAdapterTL-WN722N.[ONLINE]Availableat:http://www.tp-link.com/en/products/details/TL-WN722N.html.[Accessed1May2016].
Tcpdump.2016.TCPDump&LibPcap.[ONLINE]Availableat:http://www.tcpdump.org/.[Accessed2
May2016].
Venkateswaran,D.;Alex,C.;Jose,K.M.;Sahasranamam,S..(2014).MobilePhoneControlledFarmManagementAider.HumanitarianTechnologyConference(R10-HTC),2014IEEERegion10.p117-120.
ViolentPython;acookbookforhackers,forensicanalysts,penetrationtestersandsecurityengineers.2013.ReferenceandResearchBookNews,28(4),.
43
Appendices
AppendixA–Literaturereview
AppendixB–Penetrationtestingdevicebuild
AppendixC–LCDmenusystemcode
AppendixD–PortScanReport
AppendixE–Fulltranscriptofresultscollected
AppendixF-SupervisoryMeetingLog
LITERATUREREVIEWInvestigatingRemoteandAutomatedattackvectorsusingamicrocomputerfrominsideaknownnetwork.
DEANKAYID:1208626
PreparedforAmandaDewhurst&LouiseAshby|8thJanuary2016
APPENDIXA
Appendix-A 2
TableofContents
ABBREVIATIONS 3
LISTOFFIGURES 3
1.INTRODUCTION 3
2.APPROACHANDMETHODS 4
3.FINDINGS 5
4.EVALUATIONANDREFLECTION 7
5.BIBLIOGRAPHY 8
6.APPENDICES 8
APPENDIXA
Appendix-A 3
Abbreviations
GSM-GlobalSystemforMobileCommunicationOSS- OpenSourceSoftware
ListofFiguresFigure1PwnPlugR3-source:pwnieexpress.com..................................................................6Figure2RGBLCDplatewithkeypad–source:Adafruit.com..................................................6Figure 3. Bar chart of battery lifetime - source: Exploring attack vectors facilitated by
miniaturizedcomputers...................................................................................................7
1.Introduction Due to an ever increasing number of cyber attacks against computer systems andnetworksbeingcommittedacrosstheworld,companiesandnationsalikearetakingcybersecurityasaprimarydefenceagainstexistingandforecomingattacks.Onetechniquetowardsbuildingstrongercybersecuritysystemsisthehiringofpenetrationtesters, in order to find security holes in the current computer and networks securityinfrastructure of an organisation. Penetration testers are known to use a plethora oftechniquesknownas‘attackvectors’,inordertobreakintotheirtargetsystems.Onerathernewtechniqueisknownasapenetrationtestingdropbox.Wherebyacomputingdevicewithpenetrationtestingtoolspre-installed,ishiddenawaywithinatargetsphysicallocationwithpotentialphysicalaccesstothetargetnetworkviaanearbyEthernetportorinwirelessrangeofanaccesspoint.Thepurposeoftheprojectistoinvestigatetheviabilityofusingamicrocomputercombinedwithkeypadinputanddisplayinordertorunautomatedattacksagainstacomputernetwork.Duetoitsuniquenessthereisverylittlestudybeenmadeinthisareaofcybersecurity,onlyfinding one main literature containing specific research conducted in the field. Broaderresearchwasmadearoundthesubjectbut itwas feltnecessarytousethemainresearchalreadyconductedandbuildfromit.Theoverallgoalofperformingthisresearchcarriestwosegments,firstlytoestablishwhetherornotthedeviceisatallcreatableusingconsumergradehardware.Thiswillencompassthreeparts.
• Howthedeviceistobeadministered
This is of interest to how the device will efficientlymake use of its targetenvironment, the main focus being the various implementations towardsinteractionbetweentheuseranddevice.
• Thefashioninwhichthedevicewillinteractinitsenvironment
Thisrepresentshowthedevicewillinteractwithitstargetnetwork.Variantsofattackvectorwillbeconsidered,suchaswiredorwirelessattacks.
APPENDIXA
Appendix-A 4
• Potentialphysicalformsthedevicemaytake
Thisconsidersthevariousphysicalformsinwhichthedevicemaytake,earlierresearch from interactionsbetweenusers andenvironmentswill shape thepathinwhichthisresearchisconducted.
Usingpartone’sresearchasareferencetowardsphysicaldesignoftheartefact,thesecondsegmentoftheresearchwilltakealookatthecomplexityinvolvedtowardshandlingoftheproject,largelybeingthetimeconstraintsplacedupontheprojectdeadlineandcoststobuildthedevice.Forthisveryreason,aclearandconcisenumberofattackvectorsaretoberesearchedastheresimplyisnotenoughtimetostudyallvariant’s.Definingasetamountofattackvectorswillnarrowthethescopeoftheresearchandallowtimefortestinganddataanalysistowardtheendoftheproject.
2.ApproachandMethods Asstatedearlierresearchforthisprojectwasbrokeninto3partsasfollows:
• Howthedeviceistobeadministered• Thefashioninwhichthedevicewillinteractinitsenvironment
• Potentialphysicalformsthedevicemaytake
Researchperformedonthisprojectwouldbefundamentallyofatechnicalnature,thusitwassegmentedinordertogiveaclearoutlookonkeyareasofimportancewithintheproject.Partonewastodiscoverhowthedevicewouldbeadministeredbyauserandinordertocarry out specified attacks, a literature searchwas conducted, via the use of a universitysearchengineforonlineacademic journalsandpublications. It isbelievedthismethodofresearch would provide trustworthy and valid information on the given subject, as thecontentisofascholarlynatureandoftenpeerreviewedbyprofessionalsinthefield.Followingthisinitialresearch,itwasconsideredusefultodetermineifanyproductsofferingpenetrationtestingtoolsonamicrocomputerorofasimilarsort,alreadypreexistontheconsumermarket.TonosurprisetherewasfewproductscurrentlyonthemarketthesecanbeseeninAppendixA.Lastly,researchwaslookedupontoseeifautomatingvulnerabilityscanswasaviableoption.Astudybyacademicsontheautomationof7popularvulnerabilityscannersallbeingrunonthe same computer network consisting of 28 hosts, with a variety of operating systems,servicesandpotentialvulnerabilities.Wasperformedin2011anddrewconclusionthattheaccuracyofsuchtestsprovedinvalid(Holm,H;Sommestad,T;Almroth,J;Persson,M,2011).Thismethodofautomationwouldnotbeusedbecauseofthevalidityissues.Parttwooftheresearchtookintoaccountthewayinwhichthedevicewouldinteractinitsenvironments.Researchthathadpreviouslybeenconductedshowedthepossibilityofbothinteractingwithatargetnetworkphysicallyorwirelessly(Mortensen,C;Winkelmaier,R;Zheng,J,2013).Thisallowedtheideatofacilitatebothwiredandwirelessforattacks,openingawiderrangeofattackvectorstochoosefrom.Oncarryingoutthisresearchtowardstheideaofwireless
APPENDIXA
Appendix-A 5
and wired attacks. Further unintended research into remote interaction via 3G cellularnetworksarose.AstudyintosystemofcellularcontrolledfarmingmanagementwasbeingusedwithaGSMshieldattachedtoaRaspberryPimicrocomputer(Venkateswaran,D;Alex,C;Jose,K.M;Sahasranamam,S,2014).Thisgavetheideatopossibleoutofbandconnectivityto the device being used in the project, thus hiding the identity of commands beingcommunicatedtoandfromthedevice,addinganotherlayerofanonymity.Lastly, the option of using a mains power supply or battery powered supply as animplementationwasalsodiscovered.Thisallowedobscurityasthedevicewouldnotneedtorely on a mains power supply to function and could be well hidden (Mortensen, C;Winkelmaier,R;Zheng,J,2013).The final part of the research relates to the physical form of the device, showing therequirementsintendedtomeetbelow:
• Tobecompatiblewithallconnectedhardwareondevice.
• Mobileforinstalmentintargetlocations.
• Abletorunbasicnetworkconnectivitytestfromthedeviceitselflocally.
• Performattackslocallyandremotely.Decisionstowardsthephysicaldesignwilltakeintoaccount,theprojectcostsandcasestudyfindingsinordertoachieveasuitablemedium.ResearchshowedthattheRaspberryPimicrocomputerwasaworthycandidateintermsofthe cost of hardware and the capabilities of the hardware. Using hardware such as theRaspberryPiwouldallowtheinstalmentofnonproprietarysoftware(RaspberryPi,2016).Suchasa specialisedoperating systemknownasKali Linux,whichprovidesapenetrationtestingsecuritysuiteof250+tools(Kali,2016).Itwasevidentfromtheresearchconductedinto exploring attack vectors that their devicewas automatically given connectivitywhenplacedinthenetwork,astherewasknowhardwaretoconfigurethedeviceonplacement.Thisgavethe ideaoffittingaRaspberryPiwithaLCDscreenandkeypad inputmodule inordertotestbasicnetworkconnectivityfromthedevicewhilebeingplacedonlocation.
3.Findings
Maintainingtothesegmentationoftheprojectresearch intothreeseparateareas,thefollowingrepresentthefindingsfoundwithineacharea.Currently there alreadyexists commercial products that includemicrocomputers installedwithpenetrationtestingsuites.Itwasfoundthattherearevariouswaystointeractwithpentestinghardware,withcommercialproductssuchasthePwnPlugR3seenbelow.
APPENDIXA
Appendix-A 6
Figure1PwnPlugR3-source:pwnieexpress.com
Pen-testerscanutiliseover100+OSS-basedpenetrationtestingtools,fromawebbasedUIsuppliedbythevendor.Withapricetagof$1000thiswasdeemedasanexpensiveapproachtopenetrationtesting.AmorecosteffectiveapproachwouldbeviatheuseofaraspberrypimicrocomputerpartneredwiththefreesecuritysoftwaresuiteKaliLinux.Usingthisapproachalsoallowstheadditionsofmodulestotheraspberrypidevice,allowingnewformsofinteractionbetweenuseranddevice.SuchastheRGBLCDscreenandkeypadmodulemadebyAdafruitthatcanbeseenbelow.
Figure2RGBLCDplatewithkeypad–source:Adafruit.com
Thiswouldallowtheprogrammingofabasicmenusystemtobewrittenandausercouldrunbasicnetworkconnectivitychecks.Before leavingthedevice in itstarget locationfor laterremoteattacksonceconnectivityasbeenmade.Theuseofa3Gcellularhardwareisapossibleapproachforoutofbandaccesstotheremotedevice,thushidingtheidentityofcommandsbeingcommunicatedtoandfromthedevice.Though this would be another incremental cost to the project but would be taken intoaccountforanyfutureprojectsinthisarea.Anotherconsiderationtobemadewhenimplementingthehardwareiswhetherornottouseapowersupplyfromthetargetorganisationoruseanexternalbatterypowersupply.Theadvantagestothebatterypoweredimplementationwouldbethatthedevicewouldbeabletobehiddenoutofsite,takingtheideathatifitwasdeployedbyacybercriminaltheywouldnotwantyouknowingitisthere.Thedisadvantagetousingabatterypoweredapproachisthethebatterylifeitself.Asitisputunderstrainthroughcarryingoutdifferentattackvectorsbatterylifecandepleteovertime.Previousresearchfoundinthecasestudiesfoundbattery
APPENDIXA
Appendix-A 7
lifetobeanissuecausingsomeattackvectorstosimplynotbeused.Thiswasalsoduetotheolderand lessperformancemicrocomputerhardware.TheBarchartbelowshowsthebatterylifetimeofa5,000mahbattery,undertheuseofdifferentattackvectors.
Figure3.Barchartofbatterylifetime-source:Exploringattackvectorsfacilitatedbyminiaturizedcomputers
Itcanalsobedepictedfromthebarchartabovethatwirelessattacksaremoreconsumingonbattery life as opposed to attacks using awired connection. This is because of the highpoweredantennaalwaysrunning.The project approachwill be of a similar foundation to the research of ‘Exploring AttackVectors Facilitated byMiniaturized Computers’. Though as the study is 3 years old andtechnologicalhardwareasprogressed.TestswillbecarriedoutonanupdatedmodeloftheRaspberryPihardwareallowingprocessingspeedsofupto6timesfasterthenthatofthepreviously tested. Thispairedwitha20,000mahexternalbatterysupplyover theoriginal5,000mahwillallowattackvectorstobetrialledthatwherethoughtpreviouslynotofbeenabletorunbecauseofthesloweroldergenerationhardware.
4.EvaluationandReflection The nature of this project produces significant academic and technical challengesrelatingtotheunderstandingandgraspofthetopic,theimplementationcostandhardwaretotestthedifferentattackvectors.Usingtheuniqueyetsparseresearchfoundonthetopicasgivenaclearerunderstandingtopossibilitiesthatareviable.Thisasallowedpreconceptualideastobeapprovedordisprovedbefore any technical implementation as been started. Ultimately saving time, but alsoallowingnewavenuestobelookeduponinstead.
APPENDIXA
Appendix-A 8
Themethods inwhichresearchasbeenconductedhaveprovedtobeofahighstandard,allowingtheinformationrequiredtobetakenwhereneeded.Evenunintendedresearchthatoccurredprovedusefulintheprocessofeliminatingpotentialroutestotakewiththeproject.Theresearchhasnarrowedtheprojectideadowntoamoremanageableone,eradicatingthebroadspectrumofideasintojustafew.Allowingpreciseinformationtobeextractedfromtheproject.
5.BibliographyAdafruit. 2016. Adafruit RGB Negative 16x2 LCD+Keypad Kit for Raspberry Pi. [ONLINE] Available at:
https://www.adafruit.com/products/1110.[Accessed07January16].
Venkateswaran, D. ; Alex, C. ; Jose, K.M. ; Sahasranamam, S. . (2014). Mobile Phone Controlled Farm
ManagementAider.HumanitarianTechnologyConference(R10-HTC),2014IEEERegion10.p117-120.
Hunt, A. 2014. Media over Coaxial Alliance (MoCA): Operation and Security Posture. [Online] Available at:
https://www.defcon.org/images/defcon-22/dc-22-presentations/Hunt/DEFCON-22-Andrew-Hunt-MoCA-Overview-and-Security-Posture-WP.pdf.[Accessed01January16].
Holm,H.;Sommestad,T.;Almroth,J.;Persson,M.(2011).Aquantitativeevaluationofvulnerabilityscanning.
InformationManagement&ComputerSecurity.Vol19(No.4),p231-247.
Kali.2016.AboutKaliLinux.[Online]Availableat:https://www.kali.org/downloads/.[Accessed07January16].
Mortensen, C. ; Winkelmaier, R. ; Zheng, J. (2013). Exploring Attack Vectors Facilitated by Miniaturized
Computers.Proceedingsofthe6thInternationalConferenceonSecurityofInformationandNetworks.(),p203-
209.
PwnieExpress. 2016. PWNPLUGR3. [Online]Availableat: https://www.pwnieexpress.com/product/pwn-plug-
r3penetration-testing-device/.[Accessed07January16].
RS Components Ltd. 2016. Raspberry Pi 2 Model B. [Online] Available at: http://uk.rs-
online.com/web/p/processor-microcontroller-development-kits/832-6274/.[Accessed07January16].6.
6.AppendicesAppendixA
APPENDIXC1. #!/usr/bin/python 2. 3. # Created by Alan Aufderheide, February 2013 4. # Modified by Dean Kay, February 2016 5. # This provides a menu driven application using the LCD Plates 6. # from Adafruit Electronics. 7. 8. import commands 9. import subprocess 10. import os 11. import urllib 12. from string import split 13. from time import sleep, strftime, localtime 14. from datetime import datetime, timedelta 15. from xml.dom.minidom import * 16. from Adafruit_I2C import Adafruit_I2C 17. from Adafruit_MCP230xx import Adafruit_MCP230XX 18. from Adafruit_CharLCDPlate import Adafruit_CharLCDPlate 19. from ListSelector import ListSelector 20. 21. import smbus 22. 23. configfile = 'lcdmenu.xml' 24. # set DEBUG=1 for print debug statements 25. DEBUG = 0 26. DISPLAY_ROWS = 2 27. DISPLAY_COLS = 16 28. 29. # set to 0 if you want the LCD to stay on, 1 to turn off and on auto 30. AUTO_OFF_LCD = 0 31. 32. # set busnum param to the correct value for your pi 33. lcd = Adafruit_CharLCDPlate(busnum = 1) 34. # in case you add custom logic to lcd to check if it is connected (useful) 35. #if lcd.connected == 0: 36. # quit() 37. 38. lcd.begin(DISPLAY_COLS, DISPLAY_ROWS) 39. lcd.backlight(lcd.OFF) 40. 41. # commands 42. def rePortscan(): 43. if DEBUG: 44. print('in rePortscan') 45. lcd.clear() 46. subprocess.call("sudo nmap -O -sV -v --reason --open -
oX /home/pi/portScans/testmap.xml 192.168.0.0/24 --stylesheet=nmap.xsl &",shell=True) 47. while 1: 48. if lcd.buttonPressed(lcd.LEFT): 49. break 50. sleep(0.25) 51. def ShowPubIP(): 52. if DEBUG: 53. print('in ShowPublicIP') 54. publicIPUrl = urllib.urlopen("http://my-ip.heroku.com/") 55. pubIP = publicIPUrl.read().split()[2].translate(None, '"') 56. lcd.clear() 57. lcd.message(pubIP) 58. while 1: 59. if lcd.buttonPressed(lcd.LEFT): 60. break 61. sleep(0.25) 62. 63. def ShowDG(): 64. if DEBUG: 65. print('in ShowIPGate') 66. lcd.clear() 67. lcd.message(commands.getoutput("sudo python /home/pi/getDG.py")) 68. while 1: 69. if lcd.buttonPressed(lcd.LEFT): 70. break
APPENDIXC71. sleep(0.25) 72. 73. def revShell(): 74. if DEBUG: 75. print('in Reverse Shell') 76. lcd.clear() 77. subprocess.call("sudo python /home/pi/testmenu/reVSHELL/shell.py 192.168.1.101 80 &",shell=Tru
e) 78. while 1: 79. if lcd.buttonPressed(lcd.LEFT): 80. break 81. sleep(0.25) 82. 83. def reWireTAP(): 84. if DEBUG: 85. print('in reWireTAP') 86. lcd.clear() 87. subprocess.call("sudo /home/pi/reTools/reWireTAP/reWireTAP.sh",shell=True) 88. while 1: 89. if lcd.buttonPressed(lcd.LEFT): 90. break 91. sleep(0.25) 92. 93. def DoQuit(): 94. lcd.clear() 95. lcd.message('Are you sure?\nPress Sel for Y') 96. while 1: 97. if lcd.buttonPressed(lcd.LEFT): 98. break 99. if lcd.buttonPressed(lcd.SELECT): 100. lcd.clear() 101. lcd.backlight(lcd.OFF) 102. quit() 103. sleep(0.25) 104. 105. def DoShutdown(): 106. lcd.clear() 107. lcd.message('Are you sure?\nPress Sel for Y') 108. while 1: 109. if lcd.buttonPressed(lcd.LEFT): 110. break 111. if lcd.buttonPressed(lcd.SELECT): 112. lcd.clear() 113. lcd.backlight(lcd.OFF) 114. commands.getoutput("sudo shutdown -h now") 115. quit() 116. sleep(0.25) 117. 118. def DoReboot(): 119. lcd.clear() 120. lcd.message('Are you sure?\nPress Sel for Y') 121. while 1: 122. if lcd.buttonPressed(lcd.LEFT): 123. break 124. if lcd.buttonPressed(lcd.SELECT): 125. lcd.clear() 126. lcd.backlight(lcd.OFF) 127. commands.getoutput("sudo reboot") 128. quit() 129. sleep(0.25) 130. 131. def LcdOff(): 132. global currentLcd 133. currentLcd = lcd.OFF 134. lcd.backlight(currentLcd) 135. 136. def LcdOn(): 137. global currentLcd 138. currentLcd = lcd.ON 139. lcd.backlight(currentLcd) 140.
APPENDIXC141. def LcdRed(): 142. global currentLcd 143. currentLcd = lcd.RED 144. lcd.backlight(currentLcd) 145. 146. def LcdGreen(): 147. global currentLcd 148. currentLcd = lcd.GREEN 149. lcd.backlight(currentLcd) 150. 151. def LcdBlue(): 152. global currentLcd 153. currentLcd = lcd.BLUE 154. lcd.backlight(currentLcd) 155. 156. def LcdYellow(): 157. global currentLcd 158. currentLcd = lcd.YELLOW 159. lcd.backlight(currentLcd) 160. 161. def LcdTeal(): 162. global currentLcd 163. currentLcd = lcd.TEAL 164. lcd.backlight(currentLcd) 165. 166. def LcdViolet(): 167. global currentLcd 168. currentLcd = lcd.VIOLET 169. lcd.backlight(currentLcd) 170. 171. def ShowDateTime(): 172. if DEBUG: 173. print('in ShowDateTime') 174. lcd.clear() 175. while not(lcd.buttonPressed(lcd.LEFT)): 176. sleep(0.25) 177. lcd.home() 178. lcd.message(strftime('%a %b %d %Y\n%I:%M:%S %p', localtime())) 179. 180. def ValidateDateDigit(current, curval): 181. # do validation/wrapping 182. if current == 0: # Mm 183. if curval < 1: 184. curval = 12 185. elif curval > 12: 186. curval = 1 187. elif current == 1: #Dd 188. if curval < 1: 189. curval = 31 190. elif curval > 31: 191. curval = 1 192. elif current == 2: #Yy 193. if curval < 1950: 194. curval = 2050 195. elif curval > 2050: 196. curval = 1950 197. elif current == 3: #Hh 198. if curval < 0: 199. curval = 23 200. elif curval > 23: 201. curval = 0 202. elif current == 4: #Mm 203. if curval < 0: 204. curval = 59 205. elif curval > 59: 206. curval = 0 207. elif current == 5: #Ss 208. if curval < 0: 209. curval = 59 210. elif curval > 59: 211. curval = 0
APPENDIXC212. return curval 213. 214. def SetDateTime(): 215. if DEBUG: 216. print('in SetDateTime') 217. # M D Y H:M:S AM/PM 218. curtime = localtime() 219. month = curtime.tm_mon 220. day = curtime.tm_mday 221. year = curtime.tm_year 222. hour = curtime.tm_hour 223. minute = curtime.tm_min 224. second = curtime.tm_sec 225. ampm = 0 226. if hour > 11: 227. hour -= 12 228. ampm = 1 229. curr = [0,0,0,1,1,1] 230. curc = [2,5,11,1,4,7] 231. curvalues = [month, day, year, hour, minute, second] 232. current = 0 # start with month, 0..14 233. 234. lcd.clear() 235. lcd.message(strftime("%b %d, %Y \n%I:%M:%S %p ", curtime)) 236. lcd.blink() 237. lcd.setCursor(curc[current], curr[current]) 238. sleep(0.5) 239. while 1: 240. curval = curvalues[current] 241. if lcd.buttonPressed(lcd.UP): 242. curval += 1 243. curvalues[current] = ValidateDateDigit(current, curval) 244. curtime = (curvalues[2], curvalues[0], curvalues[1], curvalues[3], curvalues[4]
, curvalues[5], 0, 0, 0) 245. lcd.home() 246. lcd.message(strftime("%b %d, %Y \n%I:%M:%S %p ", curtime)) 247. lcd.setCursor(curc[current], curr[current]) 248. if lcd.buttonPressed(lcd.DOWN): 249. curval -= 1 250. curvalues[current] = ValidateDateDigit(current, curval) 251. curtime = (curvalues[2], curvalues[0], curvalues[1], curvalues[3], curvalues[4]
, curvalues[5], 0, 0, 0) 252. lcd.home() 253. lcd.message(strftime("%b %d, %Y \n%I:%M:%S %p ", curtime)) 254. lcd.setCursor(curc[current], curr[current]) 255. if lcd.buttonPressed(lcd.RIGHT): 256. current += 1 257. if current > 5: 258. current = 5 259. lcd.setCursor(curc[current], curr[current]) 260. if lcd.buttonPressed(lcd.LEFT): 261. current -= 1 262. if current < 0: 263. lcd.noBlink() 264. return 265. lcd.setCursor(curc[current], curr[current]) 266. if lcd.buttonPressed(lcd.SELECT): 267. # set the date time in the system 268. lcd.noBlink() 269. os.system(strftime('sudo date --set="%d %b %Y %H:%M:%S"', curtime)) 270. break 271. sleep(0.25) 272. 273. lcd.noBlink() 274. 275. def ShowIPAddress(): 276. if DEBUG: 277. print('in ShowIPAddress') 278. lcd.clear() 279. lcd.message(commands.getoutput("/sbin/ifconfig").split("\n")[1].split()[1][5:]) 280. while 1:
APPENDIXC281. if lcd.buttonPressed(lcd.LEFT): 282. break 283. sleep(0.25) 284. 285. # Get a word from the UI, a character at a time. 286. # Click select to complete input, or back out to the left to quit. 287. # Return the entered word, or None if they back out. 288. def GetWord(): 289. lcd.clear() 290. lcd.blink() 291. sleep(0.75) 292. curword = list("A") 293. curposition = 0 294. while 1: 295. if lcd.buttonPressed(lcd.UP): 296. if (ord(curword[curposition]) < 127): 297. curword[curposition] = chr(ord(curword[curposition])+1) 298. else: 299. curword[curposition] = chr(32) 300. if lcd.buttonPressed(lcd.DOWN): 301. if (ord(curword[curposition]) > 32): 302. curword[curposition] = chr(ord(curword[curposition])-1) 303. else: 304. curword[curposition] = chr(127) 305. if lcd.buttonPressed(lcd.RIGHT): 306. if curposition < DISPLAY_COLS - 1: 307. curword.append('A') 308. curposition += 1 309. lcd.setCursor(curposition, 0) 310. sleep(0.75) 311. if lcd.buttonPressed(lcd.LEFT): 312. curposition -= 1 313. if curposition < 0: 314. lcd.noBlink() 315. return 316. lcd.setCursor(curposition, 0) 317. if lcd.buttonPressed(lcd.SELECT): 318. # return the word 319. sleep(0.75) 320. return ''.join(curword) 321. lcd.home() 322. lcd.message(''.join(curword)) 323. lcd.setCursor(curposition, 0) 324. sleep(0.25) 325. 326. lcd.noBlink() 327. 328. # An example of how to get a word input from the UI, and then 329. # do something with it 330. def EnterWord(): 331. if DEBUG: 332. print('in EnterWord') 333. word = GetWord() 334. lcd.clear() 335. lcd.home() 336. if word is not None: 337. lcd.message('>'+word+'<') 338. sleep(5) 339. 340. class CommandToRun: 341. def __init__(self, myName, theCommand): 342. self.text = myName 343. self.commandToRun = theCommand 344. def Run(self): 345. self.clist = split(commands.getoutput(self.commandToRun), '\n') 346. if len(self.clist) > 0: 347. lcd.clear() 348. lcd.message(self.clist[0]) 349. for i in range(1, len(self.clist)): 350. while 1: 351. if lcd.buttonPressed(lcd.DOWN):
APPENDIXC352. break 353. sleep(0.25) 354. lcd.clear() 355. lcd.message(self.clist[i-1]+'\n'+self.clist[i]) 356. sleep(0.5) 357. while 1: 358. if lcd.buttonPressed(lcd.LEFT): 359. break 360. 361. class Widget: 362. def __init__(self, myName, myFunction): 363. self.text = myName 364. self.function = myFunction 365. 366. class Folder: 367. def __init__(self, myName, myParent): 368. self.text = myName 369. self.items = [] 370. self.parent = myParent 371. 372. def HandleSettings(node): 373. global lcd 374. if node.getAttribute('lcdColor').lower() == 'red': 375. LcdRed() 376. elif node.getAttribute('lcdColor').lower() == 'green': 377. LcdGreen() 378. elif node.getAttribute('lcdColor').lower() == 'blue': 379. LcdBlue() 380. elif node.getAttribute('lcdColor').lower() == 'yellow': 381. LcdYellow() 382. elif node.getAttribute('lcdColor').lower() == 'teal': 383. LcdTeal() 384. elif node.getAttribute('lcdColor').lower() == 'violet': 385. LcdViolet() 386. elif node.getAttribute('lcdColor').lower() == 'white': 387. LcdOn() 388. if node.getAttribute('lcdBacklight').lower() == 'on': 389. LcdOn() 390. elif node.getAttribute('lcdBacklight').lower() == 'off': 391. LcdOff() 392. 393. def ProcessNode(currentNode, currentItem): 394. children = currentNode.childNodes 395. 396. for child in children: 397. if isinstance(child, xml.dom.minidom.Element): 398. if child.tagName == 'settings': 399. HandleSettings(child) 400. elif child.tagName == 'folder': 401. thisFolder = Folder(child.getAttribute('text'), currentItem) 402. currentItem.items.append(thisFolder) 403. ProcessNode(child, thisFolder) 404. elif child.tagName == 'widget': 405. thisWidget = Widget(child.getAttribute('text'), child.getAttribute('functio
n')) 406. currentItem.items.append(thisWidget) 407. elif child.tagName == 'run': 408. thisCommand = CommandToRun(child.getAttribute('text'), child.firstChild.dat
a) 409. currentItem.items.append(thisCommand) 410. 411. class Display: 412. def __init__(self, folder): 413. self.curFolder = folder 414. self.curTopItem = 0 415. self.curSelectedItem = 0 416. def display(self): 417. if self.curTopItem > len(self.curFolder.items) - DISPLAY_ROWS: 418. self.curTopItem = len(self.curFolder.items) - DISPLAY_ROWS 419. if self.curTopItem < 0: 420. self.curTopItem = 0
APPENDIXC421. if DEBUG: 422. print('------------------') 423. str = '' 424. for row in range(self.curTopItem, self.curTopItem+DISPLAY_ROWS): 425. if row > self.curTopItem: 426. str += '\n' 427. if row < len(self.curFolder.items): 428. if row == self.curSelectedItem: 429. cmd = '-'+self.curFolder.items[row].text 430. if len(cmd) < 16: 431. for row in range(len(cmd), 16): 432. cmd += ' ' 433. if DEBUG: 434. print('|'+cmd+'|') 435. str += cmd 436. else: 437. cmd = ' '+self.curFolder.items[row].text 438. if len(cmd) < 16: 439. for row in range(len(cmd), 16): 440. cmd += ' ' 441. if DEBUG: 442. print('|'+cmd+'|') 443. str += cmd 444. if DEBUG: 445. print('------------------') 446. lcd.home() 447. lcd.message(str) 448. 449. def update(self, command): 450. global currentLcd 451. global lcdstart 452. lcd.backlight(currentLcd) 453. lcdstart = datetime.now() 454. if DEBUG: 455. print('do',command) 456. if command == 'u': 457. self.up() 458. elif command == 'd': 459. self.down() 460. elif command == 'r': 461. self.right() 462. elif command == 'l': 463. self.left() 464. elif command == 's': 465. self.select() 466. def up(self): 467. if self.curSelectedItem == 0: 468. return 469. elif self.curSelectedItem > self.curTopItem: 470. self.curSelectedItem -= 1 471. else: 472. self.curTopItem -= 1 473. self.curSelectedItem -= 1 474. def down(self): 475. if self.curSelectedItem+1 == len(self.curFolder.items): 476. return 477. elif self.curSelectedItem < self.curTopItem+DISPLAY_ROWS-1: 478. self.curSelectedItem += 1 479. else: 480. self.curTopItem += 1 481. self.curSelectedItem += 1 482. def left(self): 483. if isinstance(self.curFolder.parent, Folder): 484. # find the current in the parent 485. itemno = 0 486. index = 0 487. for item in self.curFolder.parent.items: 488. if self.curFolder == item: 489. if DEBUG: 490. print('foundit') 491. index = itemno
APPENDIXC492. else: 493. itemno += 1 494. if index < len(self.curFolder.parent.items): 495. self.curFolder = self.curFolder.parent 496. self.curTopItem = index 497. self.curSelectedItem = index 498. else: 499. self.curFolder = self.curFolder.parent 500. self.curTopItem = 0 501. self.curSelectedItem = 0 502. def right(self): 503. if isinstance(self.curFolder.items[self.curSelectedItem], Folder): 504. self.curFolder = self.curFolder.items[self.curSelectedItem] 505. self.curTopItem = 0 506. self.curSelectedItem = 0 507. elif isinstance(self.curFolder.items[self.curSelectedItem], Widget): 508. if DEBUG: 509. print('eval', self.curFolder.items[self.curSelectedItem].function) 510. eval(self.curFolder.items[self.curSelectedItem].function+'()') 511. elif isinstance(self.curFolder.items[self.curSelectedItem], CommandToRun): 512. self.curFolder.items[self.curSelectedItem].Run() 513. 514. def select(self): 515. if DEBUG: 516. print('check widget') 517. if isinstance(self.curFolder.items[self.curSelectedItem], Widget): 518. if DEBUG: 519. print('eval', self.curFolder.items[self.curSelectedItem].function) 520. eval(self.curFolder.items[self.curSelectedItem].function+'()') 521. 522. # now start things up 523. uiItems = Folder('root','') 524. 525. dom = parse(configfile) # parse an XML file by name 526. 527. top = dom.documentElement 528. 529. currentLcd = lcd.OFF 530. LcdOff() 531. ProcessNode(top, uiItems) 532. 533. display = Display(uiItems) 534. display.display() 535. 536. if DEBUG: 537. print('start while') 538. 539. lcdstart = datetime.now() 540. while 1: 541. if (lcd.buttonPressed(lcd.LEFT)): 542. display.update('l') 543. display.display() 544. sleep(0.25) 545. 546. if (lcd.buttonPressed(lcd.UP)): 547. display.update('u') 548. display.display() 549. sleep(0.25) 550. 551. if (lcd.buttonPressed(lcd.DOWN)): 552. display.update('d') 553. display.display() 554. sleep(0.25) 555. 556. if (lcd.buttonPressed(lcd.RIGHT)): 557. display.update('r') 558. display.display() 559. sleep(0.25) 560. 561. if (lcd.buttonPressed(lcd.SELECT)): 562. display.update('s')
APPENDIXC563. display.display() 564. sleep(0.25) 565. 566. if AUTO_OFF_LCD: 567. lcdtmp = lcdstart + timedelta(seconds=5) 568. if (datetime.now() > lcdtmp): 569. lcd.backlight(lcd.OFF)
APPENDIXE
FullBatteryDepletionTest
Reconnaissance Attack Bit Rate (Mbps) Battery life (Hrs) Inline Ethernet packet capture Average traffic 39.2Inline Ethernet packet capture 100 28.9
Inline Ethernet packet capture 50 34.5Inline Ethernet packet capture 10 37.9
31.15
39.2
28.9
34.537.9
WirelessMultichannelAccessPointPacket
Capture
WiredInlineEthernetWireTAPgeneraluse
WiredInlineEthernetWireTAPat100Mbps
WiredInlineEthernetWireTAPat50Mbps
WiredInlineEthernetWireTAPat10Mbps
TimeTillBatteryDepletion(Hours)
TimeTillBatteryDepletion(Hours)
APPENDIXE
VmstatOutputValuesfor30secondsatBandwidthof10Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----
rbswpdfreebuffcachesisobiboincsussyidwast
00081280846348555080015290220009900
000812732463485564800005062324029800
000812516463485578400005029318019900
000812360463485592000005024311019900
1008122364635656044000365058329119900
000812144463565619200005030317019900
000811988463565632400005012336039700
000811864463565646000005011300019900
0008117404635656592000050383110010000
0008116804636456724000165027342019900
000811548463645687200005026311019900
000811392463645700800005066322019900
000811364463645714400005048322019900
0008112084636457284000050233030010000
0008110844637257408000165058329019800
000810772463725755200005029317019900
000810680463725769200005035308019900
000810556463725782400005028308019900
000810308463725796000005038317019900
0008101524638058084000165042325019900
000810060463805823200005078327019900
000809968463805836400005053329019900
100809844463805850400005025353019800
000809704463805863600005065337119800
000809548463885876400040325076387019800
000809424463885890800005021315019900
000809472463885918000005151256019900
000809320463885917600005202274019900
000809196463885931600005124256019900
0208090404639259448000525063345019810
APPENDIXE
VmstatOutputValuesfor30secondsatBandwidthof20Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----
rbswpdfreebuffcachesisobiboincsussyidwast
000767356469681000960011798830009900
0007672644696810024000005050326019900
2007671564696810037600005037317019900
0007670644696810051600005095331019900
00076694046976100648000365027329019900
0007668164697610078400005028310019900
00076669246976100920000050513170010000
0007665684697610105600005021315019900
0007662884697610118800005016309009900
00076619646984101324000165050335019900
0007660404698410146000005036312019900
0007659484698410159600005037308019900
0007657004698410172800005071309019900
0007655764698410185600005096235019900
0007654524699210199600040565131285029800
0007653284699210212800005144257019900
0007652044699210227200005027290019900
0007650484699210240800005029311009900
0007649564699210254400005058320019900
00076480047000102676000445044329019900
0007647084700010281600005032315019900
0007645764700010295600005058341019900
0007644844700010309200005071344019900
0007642964700010322800005042318019900
00076417247008103368000205046339019900
0007640484700810350400005032313019900
0007639244700810363600005022305019900
00076376847008103772000050483180010000
0007635204700810390800005036312019900
00076342847016104036000205002340029800
APPENDIXE
VmstatOutputValuesfor30secondsatBandwidthof30Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----
rbswpdfreebuffcachesisobiboincsussyidwast
000759908471841077920097102229009900
0007597844718410793200005048321019900
0007596604718410806400005066330019900
0007595364718410820400005004302019900
0007594124718410833600085049319019900
00075930447192108464000365072317009900
0007591804719210860400005118228019900
0007590244719210873600005143238019900
0007589004719210888000005051302019900
0007588404719210901600005087339019900
00075868447200109144000165077316019900
0007585604720010928000005117234019900
0007584364720010942000005105272019900
0007581884720010956000005052312019900
0007580644720010969200005038311019900
00075794047208109812000165136263019900
00075794047208109960000050412820010000
0007578084720811010000005034311019900
0007575284720811024000005035319019900
0007573724720811037200005024315019900
00075728047216110512000165030326019900
0007568924721611064400005082388019900
00075678447216110780000050483160010000
0007566604721611091200005030308019900
0007565364721611105200045205064363019900
02075641247220111176000205059269009550
0007562884722411130000045379325009730
00075616447224111432000050353170010000
0007560404722411156800005053315019900
0007560124722411170400005067338019900
APPENDIXE
VmstatOutputValuesfor30secondsatBandwidthof40Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----
rbswpdfreebuffcachesisobiboincsussyidwast
000752960473601144560087105228009900
0007528524736011459600005069330119900
10075280847368114732000365057337019900
0007528164736811486800005095331019900
0007526284736811500400005041320019900
0007525044736811514000005047334019900
0007523964736811528000005030315019900
00075227247376115408000165032322019900
0007521484737611554400005042323019900
0007520244737611568400005046328029800
0007519004737611581600005031307019900
0007517764737611594800005040339029800
00075162047384116088000245023330019900
00075149647384116220000050213010010000
0007513724738411635600005033325019900
0007512484738411648800005033324019900
0007511164738411663600005031306019900
00075086847392116768000245049330019900
0007508404739211690400005095331019900
0007507164739211704400005025308019900
0007505604739211718000005031306019900
0007504684739211731600005050322019900
00075034447400117448000205031326019900
00075018847400117588000050313060010000
0007500964740011772400005054324019900
0007500044740011785600005048311029800
0007498164740011798800005030310019900
02074981647404117980000472051261830159400
1007496604740811807600047879323009190
0007495364740811821200005107305019900
APPENDIXE
VmstatOutputValuesfor30secondsatBandwidthof50Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----
rbswpdfreebuffcachesisobiboincsussyidwast
000743800475201233640088106329009900
0007436604752012350800005046329019900
1007435364752012364000005032310029800
0007434124752012377600005071336029800
0007432884752012391600005089331029800
00074322847528124056000325064326009900
0007431044752812418800005038312019900
0007429484752812432400005036315019900
0007426844752812446400005052316029800
0007425604752812459600005030319019900
00074246847536124732000405054345019900
0007423444753612486400005035304019900
0007421564753612500400005023307019900
1007420644753612513600005050311019900
0007419404753612527200005030311019900
00074181647544125408000125089366029700
2007416924754412554400005090335029800
0007415204754412567600005050332019900
1007413964754412581600005040324019900
0007412724754412594800005033315019900
02074120047548126068000437651281560059400
00074109247552126184000476993330083160
00074096847552126320000050883010010000
0007407204755212645600005090300019900
200740784475601265800001252252560010000
0007406284756012671600005102240019900
0007405364756012686800005033309019900
0007403804756012700000005053324019900
0007402564756012713600005025311019900
00074013247568127268000125050345019900
APPENDIXE
VmstatOutputValuesfor30secondsatBandwidthof60Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----
rbswpdfreebuffcachesisobiboincsussyidwast
000736532476601302840078107330009900
00073658047668130428000325118330019900
0007363324766813056000005104302019900
00073620847668130696000050882970010000
0007360524766813082800005074326019900
1007359284766813096800005044311019900
00073580447676131100000165036336019900
0007356804767613124000005047325019900
0007354324767613137200005033306019900
0007353084767613150800005032313019900
0007351524767613164000005045319019900
00073502847684131780000125055330019900
1007349044768413191600005008316019900
0007347164768413204800005026323019900
00073462447684132188000050393060010000
0007345004768413232000005009312019900
00073437647692132456000125046336019900
0007342204769213259200005053301019900
0007342204769213286000005147257019900
0007340324769213285200005139240019900
0007338764769213298400005098279019900
0007337204770013312400041245131379019630
0007335964770013326800005100316019900
00073344047700133404000051033030010000
0007333484770013353600005053311019900
0007332244770013367600005048330019900
00073306847708133804000485104346019900
0007329764770813408000005131237019900
1007328524770813421600005122267019900
0007327204770813421600005101376029800
APPENDIXE
VmstatOutputValuesfor30secondsatBandwidthof70Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----
rbswpdfreebuffcachesisobiboincsussyidwast
000728320478321385400078108630009900
000728188478401386800003651073340010000
0007280644784013881600005035310019900
00072794047840138948000285025339019900
0007278164784013908800005047309019900
0007276924784013922000005049315019900
00072741247848139356000165050340019900
0007273204784813948800005037305019900
0007271964784813962800005037314019900
0007270404784813976000005041318019900
0007269484784813989600005035314019900
10072682447856140032000165047330019900
0007266684785614016800005039315019900
0007266084785614030400005073327019900
0007264524785614044000005043311019900
0007262964785614056800005067289029800
00072617247864140700000165085245019900
0007260484786414083600005130230019900
00072589247864140968000051232360010000
0007257684786414110800005087230019900
0007256444786414125200005116257019900
00072539647872141392000165096399119800
0007253044787214152400005041315019900
0007251484787214166000043165087366029800
0007250244787214179600005042316019900
0007249004787214192800005027309019900
00072452847880142060000245094301029800
2007244044788014219600005133257019900
0007242404788014233600005122224019900
10072411647880142476000051272300010000
APPENDIXE
VmstatOutputValuesfor30secondsatBandwidthof80Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----
rbswpdfreebuffcachesisobiboincsussyidwast
000718320479841483800069109431009900
000718040479921485200003251163230010000
1007179404799214865600005028317019900
0007178484799214878800005030316029800
00071772447992148924000450343180010000
0007175684799214906000005027310019900
00071744448000149188000125050331019900
0007173204800014932800005040310019900
0007172124800014946400005012310019900
0007171524800014960000005020316019900
00071702848000149736000050353090010000
00071678048008149832000125108251019900
1007166884800814998400005139236019900
0007165324800815014000005029308019900
0007164084800815027600005027307019900
0007162844800815040800005041314019900
00071616048016150432000125065299019900
0007160364801615066000005110218019900
0007160364801615084400005062299019900
0007157884801615095600005064327019900
1007158204801615109200005099320019900
00071560448024151188000125131262019900
00071548048024151368000050263150010000
1007153564802415150400005055314029800
0007152324802415164000044325056413029700
0007151084802415177200005022310019900
000714984480321517560002850781280083160
00071482848032151960000050903060010000
0007147284803215209600005086296019900
1007146044803215223600005110299019900
APPENDIXE
VmstatOutputValuesfor30secondsatBandwidthof90Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----
rbswpdfreebuffcachesisobiboincsussyidwast
000711792481361545760069109831009900
0007115524813615471200005217316019900
0007114284813615484800005194301019900
00071127248136154984000052133100010000
10071099248144155124000405179340019900
0007108684814415525600005139306019900
0007107124814415539600005143316019900
0007105884814415552800005133309019900
0007104644814415566400005150313019900
00071018448152155796000205158351019900
0007100604815215593600005125308019900
0007099364815215607200005127304019900
00070981248152156204000051483170010000
0007096564815215634400005162337029800
00070940848160156480000205163326019900
1007093164816015661600005149324019800
0007091924816015675200005131321029800
00070903648160156888000051243090010000
0007089444816015702000005149308019900
00070882048168157156000125119330019900
0007086644816815728800005141307019900
0007085724816815742800005143314019900
0007084484816815756000085134324019900
0007083244816815769600005130305009900
10070820048176157824000125164327019900
0007080444817615796800005152322019900
1007079204817615810000005124303019900
0007076724817615823600046245189377019900
0007075164817615837200005129308019900
00070751648184158500000205158310019900
APPENDIXE
VmstatOutputValuesfor30secondsatBandwidthof1000Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----
rbswpdfreebuffcachesisobiboincsussyidwast
000704356482801612840069110831009900
1007044124828016141600005317243019900
0007043804828016156400005271225019900
00070425648288161696000325236244019900
0007041324828816183200005249234019900
0007040084828816196400005225226019900
00070388448288162104000051403070010000
0007036204828816222800005275315019900
00070349648296162372000125168305029800
00070337248296162508000051353040010000
0007032484829616264400005140310019900
0007031244829616277600005127307019900
0007030004829616291200005178330019900
00070296448304163040000125230261029800
0007028404830416318400005219233019900
0007025924830416332000005240228019900
0007024684830416345200005220242019900
0007023444830416359200005242246019900
00070220448312163732000125190397129800
0007020804831216386400005149313019900
1007019244831216399200005244233019900
0007018004831216414000005138307019900
0007017084831216427600005159338019900
00070146048320164408000365213313019900
0007013364832016453600005216222019900
0007012844832016467200005242259019900
0007012524832016481600005195262019900
0007011284832016494800005124305019900
0207010364832416508400046805149221019090
00070088048328165204000492862960189100
APPENDIXE
0
767356
0
0
0
0
0
0
0
0
812808
767264
759908
752960
743800
736580
728320
718320
711792
704412
46392
100096
47224
47408
47568
47708
47880
48032
48184
48328
59448
104036
111704
118212
127268
134216
142476
152236
158500
165204
0 100000 200000 300000 400000 500000 600000 700000 800000 900000
10
20
30
40
50
60
70
80
90
100
Maxvaluetakenfrom30x1secondinterval(Memory)
memorycache memorybuff memoryfree memoryswpd Log.(memoryfree) Expon.(memorycache)
APPENDIXE
0
0
0
0
0
0
0
0
0
0
809040
46968
756012
749536
740132
732720
724116
714604
707516
700880
46348
46968
47184
47360
47520
47660
47832
47984
48136
48280
55508
0
107792
114456
123364
130284
138540
148380
154576
161284
0 100000 200000 300000 400000 500000 600000 700000 800000 900000 1000000
10
20
30
40
50
60
70
80
90
100
Band
width(M
bps)
Minvaluetakenfrom30x1secondinterval(Memory)
memorycache memorybuff memoryfree memoryswpd Expon.(memoryfree) Linear(memorycache)
APPENDIXE
1 0 0 1 0 0 1 0 0 11 1 1 2 2 2 2 2 2 21 0
5
40 40
3 0
16
0
10
0
5
10
15
20
25
30
35
40
45
1 2 3 4 5 6 7 8 9 10
Maxvaluestakenfrom30x1secondinterval(CPU)
cpuus cpusy cpuwa cpust Expon.(cpusy)
APPENDIXE
97
0
95
59 59
96 98
83
98
89
10 20 30 40 50 60 70 80 90 100
Bandwidth(Mbps)
Minvaluestakenfrom30x1secondinterval(CPU)
cpuid Linear(cpuid)
APPENDIXE
5202 51445379
78797699
5147 5133 5139 5217
9286
387 344 388 339 366 379 399 413 377 397
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
10000
0 20 40 60 80 100 120
Bandwidth(Mbps)
Maxvaluetakenfrom30x1secondinterval(System)systemin systemcs
APPENDIXE
902
30
10221052 1063 1073 1086 1094 1098 1108
200
29 28 29 30 30 31 31 310
200
400
600
800
1000
1200
0 2 4 6 8 10 12
Bandwidth(Mbps)
Minvaluetakenfrom30x1secondinterval(System)systemin systemcs
APPENDIXF
1.IntroductionThefollowingdocumentisalogofthesupervisorymeetingsthatwhereattendedwiththeprojectsupervisor.Itwillprovideaverybriefsummaryoftheofdiscussionsthatwheremaderegardingtheproject.
2.WeeklyLogs30thNovember-6thDecemberMeetingwithRobcancelledastheauthorfeltunwell.7thDecember-13thDecemberNomeeting14thDecember-20thDecemberNomeeting21stDecember-27thDecemberCHRISTMASVACATION28thDecember-3rdJanuaryCHRISTMASVACATION 4thJanuary-10thJanuaryNomeeting11thJanuary-17thJanuaryNomeeting2.2.318thJanuary-24thJanuaryTIRIWEEK25thJanuary-31stJanuaryNomeeting1stFebruary-7thFebruaryMeetingwithRobcancelledasRobwasill8thFebruary-14thFebruaryMeetingwithRobtheauthordiscussedfeasibilityoftheprojectandsetgoalofpracticalimplementationforthefollowingweek.15thFebruary-21stFebruaryNomeeting22ndFebruary-28thFebruaryMeetingwithRobtheauthordiscussedthedissertationstructureansetadeliverableoftheLCDmenutobecompletedfornextmeeting.29thFebruary-6thMarchNomeeting7thMarch-13thMarchMeetingwithRob,theauthordiscussedrefiningtheattackvectorsfrom5downto1.14thMarch-20thMarchMeetingwithRob,theauthordiscussednetworkattackswhichwereabletobesuccessfullyimplementedforthenextmeeting.
APPENDIXF
21stMarch-27thMarchEASTERVACATION28thMarch-3rdAprilEASTERVACATION4thApril-10thAprilMeetingwithRobtheauthordiscussedachangeinTORtodoonlyreconnaissanceattackintheproject.11thApril-17thAprilMeetingwithRobtheauthordiscussedtestingwithbatterylifewhileperformingreconnaissanceattacks.18thApril-24thAprilNomeeting25thApril-1stMayMeetingwithRobSkypecallfinalisingwhattestswherestillrequired2ndMay-8thAprilMeetingwithRobemergencyskypecalltoanswergenericquestionsonreportsstructure.
3.ConclusionOveralltheweeklysupervisorymeetingsagreatassettowardsthecompletionoftheproject,mostofthemilestonesthatwheresetbythesupervisorwheremetandencouragedtheauthortonotprocrastinateduringtheprojecttimeline.