INVEST IGATINGREMOTEANDAUTOMATEDATTACK VECTORS

US INGA MICROCOMPUTERFROM INS IDE A KNOWNNETWORK.

By

DEANKAY

ADISSERTATION

Submittedto

inpartialfulfilmentoftherequirements

forthedegreeof

BScComputerNetworksandSecurity

BATCHELOROF SC IENCE

2015/2016

Abstract

INVEST IGATINGREMOTEANDAUTOMATEDATTACK VECTORS

US INGA MICROCOMPUTERFROM INS IDE A KNOWNNETWORK.

By

DEANKAY

As the Internets’ users, devices and volumes of data expand at an ever increasing and

exponential rate, the security, authenticity, confidentiality and integrityof thedatabeing

exchangedworldwidepresentstheriskofdatabeingstolen,misusedorlost.Oneformof

preventiontothisriskofdatabreachoccurringistohaveanorganisationsnetworksecurity

auditedbyapenetrationtester. Penetrationtestingisoftenahighcostservicewhichwill

undoubtedlystartwithareconnaissanceofthenetworkunderexamination.Thisreportasks

the question; Using off the shelf hardware, is it possible to build an automated network

reconnaissance device and in completion how long can the device remotely operate on

batterypower.

DECLARATION

I hereby certify that this dissertation constitutes my own product, that where the language of

others is set forth, quotation marks so indicate, and that appropriate credit is given where I

have used the language, ideas, expressions or writings of another.

I declare that the dissertation describes original work that has not previously been presented

for the award of any other degree of any institution.

DEANKAY

“This dissertation contains material that is confidential and/or commercially sensitive. It is

included here on the understanding that this will not be revealed to any person not involved in

the assessment process”.

ACKNOWLEDGEMENTS

I would like to take this opportunity to acknowledge and thank my friends and family that have

supported me throughout my studies at the University of Bolton. I would also like thank Dr.

Robert Campbell for his support and advice as my project supervisor during the final year of

study.

TableofContentsChapter1.Introduction...............................................................................................................4

1.1Aim...................................................................................................................................................4

1.2Motivation........................................................................................................................................4

1.3Objectives.........................................................................................................................................5

1.4FurtherProjectEnhancementsOpportunities.................................................................................6

1.5ProjectPlan......................................................................................................................................7

1.5.1OriginalProjectTimeline...........................................................................................................8

1.6Milestones........................................................................................................................................9

Chapter2.BackgroundandReviewofLiterature......................................................................10

2.1RelatedWork..................................................................................................................................12

2.2Literature........................................................................................................................................12

Chapter3.Methodology............................................................................................................13

3.1Hardware........................................................................................................................................13

3.1.1Microcomputer........................................................................................................................14

3.1.2Screenandkeypadinput.........................................................................................................15

3.1.3Wirelessnetworkinterface......................................................................................................15

3.1.4SecondaryEthernetinterface..................................................................................................16

3.1.5Batterypack.............................................................................................................................16

3.1.6Projectfinancialcost...............................................................................................................17

3.2.1Operatingsystem....................................................................................................................17

3.2.2Programminglanguages.........................................................................................................18

3.2.3Nmap.......................................................................................................................................19

3.2.4ReverseAESHTTPShell............................................................................................................19

Chapter4.DesignandImplementation.....................................................................................20

4.1Hardwareconstruction...................................................................................................................20

4.2SoftwareImplementation..............................................................................................................21

4.2.1LCDMenusystem....................................................................................................................22

4.2.2Reverseshell............................................................................................................................22

4.2.3PortScanandReport...............................................................................................................23

4.2.4AnonymousInlineEthernetpacketcapture.............................................................................24

4.2.5BatteryTimerscript.................................................................................................................26

4.3Problemsfaced...............................................................................................................................27

4.3.1PortSecurity............................................................................................................................27

4.3.2StatefulFirewalls.....................................................................................................................28

4.3.3IDS/IPSSystems.......................................................................................................................28

4.4InlineEthernetpacketcaptureInvestigation.................................................................................29

4.4.1Batterylifetesting...................................................................................................................29

4.4.1Hardwaretesting.....................................................................................................................30

Chapter5.ResultsandDiscussion..............................................................................................32

5.1Completebatterydepletiontestresults........................................................................................32

5.2Hardwareutilisationtestresults....................................................................................................33

5.3Additionalfindings.........................................................................................................................35

5.3.1Easeofdevelopment...............................................................................................................35

5.3.2Developmenttime...................................................................................................................36

5.3.3Thelevelofskillsrequiredtodotheproject............................................................................36

5.3.4Riskfactorsfororganisations..................................................................................................36

5.3.5Howeasywasittofindinformationonthis?..........................................................................37

5.3.6Howtechnicallyindepthistheprogrammingcode................................................................37

Chapter6.Conclusion.................................................................................................................38

6.1LessonsLearned.............................................................................................................................38

6.2FutureActivity................................................................................................................................39

BibliographyandReferences......................................................................................................40

Appendices.................................................................................................................................43

1

LISTOFTABLES

Table1.Batteryliferesults.....................................................................................................32

LISTOFFIGURES

Figure1.OriginalProjectTimeline...........................................................................................8

Figure2.ProjectFinancialCosts.............................................................................................17

Figure3.Diagramofreverseshelltopology(source:Infosecinstitute.com,2016)...............19

Figure4.Hardwareconstructionstart....................................................................................20

Figure5.HardwareconstructionFinish.................................................................................21

Figure6.Nmapcommandbreakdown...................................................................................23

Figure7.Portscanfunctioncode...........................................................................................23

Figure8.InlineEthernetpacketcaptureconceptualdesign..................................................24

Figure9.InlineEthernetpacketcapturephysicaldesign.......................................................24

Figure10.InlineEthernetpacketcapturescript....................................................................25

Figure11.Batterytimerscript...............................................................................................26

Figure12.Logicaldiagramofbatterylifetest........................................................................30

Figure13.Hardwareutilisationtestdiagram.........................................................................31

2

Figure14.Barchartofbatteryliferesults..............................................................................33

Figure15.Memorycacheutilisation......................................................................................34

Figure16.Systeminterruptinformation................................................................................35

LISTOFACRONYMS

AES-AdvancedEncryptionStandard

ACL–AccessControlLists

BASH-BourneAgainShell

CPU–CentralisedProcessingUnit

FTP–FileTransferProtocol

GPIO–GeneralpurposeInputOutput

GSM–GlobalSystemforMobilecommunications

HTTP–HyperTextTransferProtocol

I/O–Input/Output

IMAP–InternetMessageAccessProtocol

MAC–MediaAccessControl

3

Mbps–Megabitpersecond

NNTP–NetworkNewsTransferProtocol

RAM–RandomAccessMemory

SMTP–SimpleMailTransferProtocol

WEP–WiredEquivalentPrivacy

4

Chapter1.

Introduction

1.1Aim

The aim of the project is to build a device using off the shelf miniaturised single board

computing hardware, for the purpose of exploring possible automated reconnaissance

attacks.TheDevicemustbemodularallowingittobeconfiguredandutiliseddynamically,

depending on the environment it is to be usedwithin and also bemobile powered via a

batterypowerpack.Itwillalsoutiliseaphysicalkeypadinputandonboarddisplayallowing

pre-programmedautomationtobetriggered.

The aim is to discover whether or not the project is possible with the use off the shelf

hardwareandalsothelengthoftimeitcanbebeingdeployedremotelyusingonlyabattery

pack.

1.2Motivation

Duetothemultipleredundantminiaturisedsinglecomputingdevicesthatwerealreadyin

personalpossession,plusthekeeninterestinthestudyofnetworksecurityalike.Theproject

ofthiscategoryseemedtoautomaticallycometolight,whentheprocessofdecidingona

projectwasinorder.Uponreviewofliterature,itbecameapparentthattherehadnotbeen

5

muchacademicresearchdoneintheparticularareaofstudy.Theonlyareawhichhadany

substance,wasthatofthenichemarketsellingcommerciallybrandedproducts,thoughthese

wheretypicallynonphysicallymodulardevicesallowingnophysicalalterationtothedevice,

andofahigh financialcost. Asa resultof the the findings, theprojectwassubsequently

aimed towards the possibility of designing a low cost alternative to the few existing

commercialproducts.Whichwouldallowfeaturessimilartothatofthecommercialproducts,

potentiallyusinghigherperformancehardwareandtheopenpossibilityofmodularity.

1.3Objectives

Theprojectsmainobjectiveswereasfollows:

• Design andbuild aminiaturised single board computingdevice for thepurposeof

networkreconnaissance,integratinganon-boardkeypadanddisplayunit.

• Compilecodewhichwill interactwiththeon-boardkeypadanddisplayunitforthe

purposeofautomatingreconnaissanceattacks.

• Testthesuccessfullycompiledautomatedattacksagainstfactorssuchasbatterylife.

Targetrequirementsthatwherediscussedandagreeduponwithprojectsupervisorareas

follows:

• Researchallthevariousnetworkattackvectorthatarepossible,giventheauthors

levelofknowledgesurroundingthenetworksecurityfield.

6

• Runseveraltestsonthebattery,whilethedeviceperformsanetworkreconnaissance

under various network loads. Once tests are complete, run further tests on the

hardwareutilisationonthedeviceunderseveralmorenetworkloads.

• Draw a correlation between the network load and hardware utilisation when

undergoingareconnaissanceattack,allowingaforwardprojectionofbatterylifeon

agivenload.

1.4FurtherProjectEnhancementsOpportunities

Furtherprojectenhancementsopportunitiesareasfollows:

i. Implementanencryptedreversehttpshellforbackdoorintotargetnetwork,using

theon-boardphysicalkeypadinput.

ii. implementanautomatedportscanforatargetnetworkproducingareportforlater

analysis,usingtheon-boardphysicalkeypadinput.

iii. ImplementanautomatedanonymousinlineEthernetpacketcapturethatwillwrite

theinformationtoalocalfileforlateranalysis,usingtheon-boardphysicalkeypad

input.

iv. Implement an automated wireless tool to crack the WEP security algorithm and

deposit theencryptionkey toa local file for lateruse,using theon-boardphysical

keypadinput.

v. Overcome the network defence of switch port security, with an automated pre

programmableMACspoofingscript.

7

1.5ProjectPlan

Thisprojectbeganwithaconsiderableamountoftimefocusingonthebackgroundresearch

andreviewofliteraturesurroundingtheareaofmicrocomputersandremoteautomations.

Althoughtheliteraturewasscarce,someoftheconceptsthatwherebeingstudiedfollowed

thesameprinciples,helpingprovideafundamentalknowledgearoundthesubject.

GiventheLCDscreenandkeypadinputreliedonPythonlibrariesfortheirinteractionwith

theRaspberryPi,abasiccourseonthe ‘IntroductiontoPython’wascompletedgivingthe

author the basic knowledge in the programming language, allowing the coding of

automationsintheproject.

Additionalresearchwasdirectedatsoftwarewhichcouldtestthehardwareutilisationand

batterylifeofthedeviceundertestnetworkloads.

8

1.5.1OriginalProjectTimeline

FIGURE1.ORIGINALPROJECTTIMELINE

DATE: 21STSEPTEMBER

24THNOVEMBER

21STJANUARY

3RDFEBRUARY

12THAPRIL

20THAPRIL

28THAPRIL

6THMAY

BACKGROUNDRESEARCH

LITERATUREREVIEW

SOURCINGHARDWARE

SOURCINGSOFTWARE

POSSIBLE ATTACKVECTORS

DESIGN ANDIMPLEMENTATION

TESTING DATAANALYSIS FINALREPORT

The original project timeline that was plannedwas very ambitious and in retrospect not

realistic, focuson the lengthandcomplexityofprocedureswasnot taken seriouslywhen

determining the project timeline. Also, various parts of the project where vastly

underestimatedintermsoftimescale,thereforedelayingthepartsthatwherebasedonthe

successfulcompletionoftheprevioustasks.

Additionally, the lack of technical knowledge and experience in various technologies

throughouttheproject,partneredwithseveralissuesconcerningthepython-modulesthat

wherea fundamentaland integralpartof thehardware interaction. Delayedtheprojects

timelineevenfurtherinkeyareasofthebuild.

Duetheseinfluences,arevisedprojecttimelinewasnotprepared.

9

1.6Milestones

Whentheprojectwasinitiatedtherewasvariousmilestonesset,thesewheresetby

theauthor,andastheprojecttookcourseandsupervisorymeetingswheremadetodiscuss

the projects progression. The projectwas given additionalmilestones thatwould run in

conjunctionwiththeoriginalexistingset.

Themilestonesthatwheresetwhereasfollows:

• CompletefreeintroductiontoPythoncourseonline.

• Sourcelowcosthardwarefordevice.

• Sourcefreeandopen-sourcesoftwarefordevice.

• Decideuponthetestenvironmenttobeused.

• Attendregularsupervisorymeetings

10

Chapter2.

Backgroundand

ReviewofLiterature

AstheInternets’users,devicesandvolumesofdataexpandataneverincreasingand

exponential rate, the security, authenticity, confidentiality and integrityof thedatabeing

exchangedworldwideistakenforgrantedasacivilexpectation,similartothatofaphysical

assetsuchasaperson'spassportordrivinglicense.However,recurringnewsheadlinesand

officialpublicdisclosuresofpersonaldatasecuritybreachesandnetworkhackingacrossthe

worldhaveproventhisexpectationtobeofafalsenature.Thisnewandfast-movingeraof

technologyandcommunication,asbroughtthedemandformultiplenewprofessionsinorder

tosafelysecurethedigitaldataofusers,groupsandcorporationsalike.Oneprofessionthat

hasarisenfromthisevolutionintheexchangeofdigitalresourcesacrosssociety,isthatof

thenetworkpenetrationtester.Theresponsibilityofthemoderndaynetworkpenetration

testeristoembracetheimmensechallengeofassessingtheexistingcybersecurityplaced

uponone'slocalorwide-areanetworkbynetworkandsystemsadministrators.Focusingboth

from thedefenceof internally orchestrated attacks (incidents originating fromwithin the

localnetworkofwhichisundersecurityaudit)andexternallycoordinatedattacks(incidents

initiated from outside the local network with the intention to gain access to the local

network).Inorderforanetworks’securitytobeextensivelytested,ithasbecomeaccustom

11

forapenetration-testertoactinthemannerofarogueparty.Allowingthepenetration-tester

to think and operate like an attacker would, therefore granting them the necessary

knowledgeinthepreventionofpotentialattacks.Penetration-testerswilltryaplethoraof

techniquesinordertobreakthesecurityofacomputersnetwork.Thesearereferredtoas

‘attackvectors’andasthecreativemindsofaroguepartiesdevisevariousnewmethodsof

exploitingknownandunknownvulnerabilitieswithinanetworkssecurity,sodoesthethatof

thepenetration-testers.Performingthistypeofnetworksecurityassessmentisanecessary

steptowardthedefenceofthepublicandprivatedatastoredwithintheassociatednetwork.

Inadditiontothisevolutionintechnologicalcommunicationsandsecuritytherehasalso

been substantial developments in theminiaturization and processing power of computer

hardware on the computer platform itself. Computers were once thought as big, bulky

systemsandwiththesaleofasocalled'portablecomputer'in1975,theIBM5100weighing

inataround50pounds,offering16Kilobyteofstorageforapricetagupwardof$8,975(IBM,

2016).Itiscleartoseethetechnologicaladvancementsmadewithintheindustry,asonecan

nowbuyaninexpensive$25RaspberryPi2miniaturecomputerthesizeofacreditcardwith

amultiplecoreprocessor,agigabyteofRAMandexpandablestorageupwardsof100GB+

(RaspberryPi,2016).Theserelativelyinexpensivecomputingsystemsallowpeopleofallages

andbackgroundstoexplorecomputing,specifically targetingeducational facilities. Ithas

also prompted many hobbyists to build a multitude of projects ranging from home

automation systems collaborating a Raspberry Pi with a collection of sensors, to major

projectssuchastheAstro-Pi,aRaspberryPifittedwithvarioussensorsandthatwassetinto

spaceinordertoconductnumerousexperiments(Astro-Pi,2016).

12

Taking the previous information into account, this prompted the question; using

inexpensiveminiaturisedcomputinghardware,would itbepossibletofacilitateanetwork

reconnaissanceonagivennetworkinordertofurtheradvancethesecurityplaceduponit

presently?

2.1RelatedWork

Asthisisanewandseeminglynicheareaofresearch,relatedworkissomewhatscarce

thoughtherehasbeensomeresearchconducted.JunZhengoftheNewMexicoInstitute

ofMining and Technology ran a similar projectwhere he discovered the possible attacks

availableusingasingle-boardmicrocomputerandthedetrimentaleffectstheseattackswould

haveonbattery lifeof a connectedpower source. Zhengusedolderand lowerpowered

hardwaretoperformhistestsandcametotheconclusionthatasmallsingle-boardcomputer

such as the Raspberry Pi is a seriously viable threat towards the defense of an internal

network,Zheng,J.(2013).

2.2Literature

AlltheoriginalliteraturereviewedforthisprojectcanbefoundinAppendixAasthiswas

completedintheearlierstagesoftheprojecttimeline.AlsoasupervisorymeetingLogcan

befoundinappendixF.

13

Chapter3.

Methodology

Theprimaryquestionofthisprojectwas,couldtheconstructionofamobileandnetworked

microcomputerdevicefittedwithaLCDscreen,keypadinputandautomationsoftware,for

thepurposeofallowinganordinarypersontoconductnetworkpenetrationtestsusingoff

theshelfITequipmentbepossible?

This question followed with, should the construction of a mobile and networked

microcomputerpenetrationtestingdevicebepossible,whatisthelengthoftimeamobile

attackcanberunwithouttheneedforapowersupply?

Thefollowingsectionswillshowthenecessarystepstakeninordertoperformsuchatask

likethis.

3.1Hardware

Thefollowingsectionwilltakealookatthehardwarepurchasedfortheproject,itwilllook

ateachindividualcomponentcomparingthemtotheirmarketcompetitorsandprovidethe

reasoningastothethefinalchoicewhichwasmade.

14

3.1.1Microcomputer

Researchsuggestedthatthehardwarerequiredwouldbeaminiaturisedsingle-board

computer with an adequate amount of processing power and lots of I/O for additional

peripherals and connectivity tailoring to the intendedmodular design. A previous study

whichwassimilartothatofwhichwasbeingconductedusedaRaspberryPiversion1model

B, this offered everything required for the project build but was an older model of the

RaspberryPirange,luckilythecompanyhadrecentlyjustbroughtanewRaspberryPiversion2

modelBtomarketwhichofferedconsiderableimprovementstothetechnicalspecifications

ofthedevice.Improvementssuchasmovingfroma700MhzsinglecoreCPUtoa900Mhz

quadcore,512MBto1GBofRAM,from2xUSB2.0portsto4xUSBportsandbothmodels

keptthe40pinGPIOheadersforexpansion.TheRaspberryPivesion2hardwareisalsovery

inexpensive in price and costs the same as the prior version, it also offers large online

community that run a plethora of heterogeneous projects leaving vast amounts of

informationonlinetotakestudyfromshouldtherebeanyproblemsinthedevelopment.

TherearealternativestotheRaspberryPisuchastheBeagleboneBlack,ODROID-C1+and

BananaPi,theyarealsoaroundthesamehardwarespecificationsandpricerangebuttheir

onlinecommunityisminisculeincomparisontothatoftheRaspberryPi’s. Itwasthiskey

factorwhichclarifiedthedecisiontouseaRaspberryPisingle-boardcomputerfortheproject,

as shouldany issuesoccuralong the timelinea largeonline communityofhelpwouldbe

available.

15

3.1.2Screenandkeypadinput

Though technically not required in some cases, a physical screen and keypad input was

necessaryfortheremoteinstallationofthedevicesonatargetnetwork.Addingascreenand

keypadinputallowsapenetrationtestertotriggerautomatedattacksdirectlyfromthedevice

itselfasopposedtousingadditionalhardware/softwaretologintoit.Thereweretwomain

typesofscreenandinput,thesewherethebasicRGBdisplaywithphysicalbuttonsthatcan

beprogrammedtointeractwithsoftwarewiththeuseofexistingPythonlibrariesoratouch

screen unit allowing a desktop environment to be loaded and potentially use on screen

keyboard.BothtechnologiesphysicallyinteractwiththeRaspberryPithroughasectionof

theGPIOheadersthatareontheboard.

Due to thenatureof theproject requiring automation theRGBdisplay and keypad input

where the more useful and discrete hardware choice allowing for the pre-programmed

automationtobetriggeredthroughtheonboardkeypad.

3.1.3Wirelessnetworkinterface

The open design of a Raspberry Pi allows the addition of lots of different hardware

collaborationsandwiththeintegrationof4xUSB2.0ports.ThisallowedtheuseofaUSB

powered device wireless dongle. The review of literature surrounding network security

suggestedthatthenecessityofaspecificchipsetanddrivers isrequiredwhenperforming

particular network penetration tests. These specific chipsets would allow the tester to

performontheflypacketinjectionwhilemonitoringthestreamsofwirelessfrequenciesin

theair.

16

Therewere2mainwirelessdongleswhichusedtherequiredchipset,thesewherebybrands

TP-link and Alfa network. The TP-Link brand ofwireless dongle offered a smaller design

allowingmorediscretedesignandwaschosenforthisreason.

3.1.4SecondaryEthernetinterface

ToallowcertainreconnaissanceattackssuchasaninlineEthernetpacketcapturetheneed

forasecondEthernetnetworkinginterfaceisrequired,asthedevicealoneonlyasoneon-

boardEthernetconnection.AninlineEthernetpacketcapturewouldrequirethedeviceto

sit on the link between two communicating networked devices. Fortunately, additional

EthernetinterfacescanbeaddedtoaRaspberryPIviatheUSBportsusinganEthernetRJ45

USBNetworkAdapter.

AstheexistingonboardEthernetportasamaximumthroughputof100Mbps,therewasno

needtochooseahigherthroughputUSBEthernetnetworkadapterasnetworktrafficwill

scaletothelowestspeedlink,Thisnarrowedsourcingthehardwaretojust100Mbps.

3.1.5Batterypack

Asthepenetrationtestingdeviceistobemobile,itwillrequireasourceofpowerintheform

ofamobilebatterypack.AfterStudyofthepreviousresearchcompletedonexploringattack

vectors which used a 5,000mAh USB power bank, Zheng (2013). It was deciding that a

20,000mAhUSB power bankwould bemore beneficial as there studies found themax a

5,000mAhbatterycould last runningvariousattackvectorswas6hours,whichgives little

timetoconductathoroughreconnaissance.

17

3.1.6Projectfinancialcost

Thefollowingtableisthepartsrequiredfortheprojectwithasourceofpurchaseandprice

atthetimeofsale.

FIGURE2.PROJECTFINANCIALCOSTS

Item Source CostRaspberryPi2ModelB+. Uk.rs-

online.com£25

AdafruitRGBNegative16×2LCD+KeypadKitforRaspberryPi. Amazon.co.uk £25TP-LINKTL-WN722NWirelessN150HighGainUSBAdapter,150Mbps,4dBiExternalAntenna,WPSButton.

Amazon.co.uk £8

AnkerAstroE6Powerbank-20800mAh. Amazon.co.uk £30TP-LINKTD-W8968300MbpsWirelessNUSBADSL2+ModemRouter. Amazon.co.uk £290.5MCAT.5UTPPatchCable. Amazon.co.uk £3SanDiskMobileUltramicroSDHC16GBUHS-IClass10MemoryCard30MB/s.

Amazon.co.uk £8

USBto10/100EthernetRJ45NetworkAdapterConverterPCLaptopsWiredConnectionUSBMaletoRJ45Female.

Amazon.co.uk £1.75

AdafruitRaspberryPiB+/Pi2/Pi3Case-SmokeBase

Adafruit.com £5

Total: £134.75

3.2Software

Thefollowingsectionwilltakealookatthesoftwareusedwithintheproject,itwilllookat

each individual piece, comparing it with any alternate software’s that are available and

providethereasoningastothethefinalchoicewhichwasmade.

3.2.1Operatingsystem

Thereareanumberofopen-sourceLinuxbasedpenetrationtestingdistributions,thatare

specificallyconfiguredfortheRaspberryPiasitusesanARMbasedCPUarchitecture,these

are available to download online and free. Distribution such as Kali Linux, Pwn Pi and

18

Raspberry Pwn all offer a number of penetration testing tools free to install and use.

However,thisprojectwasdesignedtobeamodulardevice,soitwasdecidedthatthebest

operatingsystemfortheprojectwouldbeRaspbian;anunofficialportoftheDebianwheezy

ARMhf distribution that is available download on the Raspberry Pi website. Raspbian is

completelycompatiblewiththeRaspberryPiandisupdatedfrequently,sotherewillbeno

issuesregardingcompatibility.RaspbianalsocomeswiththePythonprogramminglanguage

pre-installedandwithPython installedaprogramknownas ‘Katoolin’canbedownloaded

andrun.Katoolinoffersaquickandeasywaytodownloadrepositoriesandtoolsfromthe

Kali Linux penetration testing distribution, in order to then select and install penetration

testingtoolsfromitssuite.Thetoolscanbeinstalledindividuallyasandwhenneededmaking

thisabetterapproachtohavingabloatedsystemfulloftoolsthatarenotinuse.

3.2.2Programminglanguages

Hastherehavebeenover2500computerlanguagescreated(KinnersleyB,2016)thechoice

ofwhichlanguagetouseintheprojectwascumbersome.However,withthedecisiontouse

theAdafruitRGBscreenandkeypadinput,alsocametheneedtousethepre-writtenPython

librariesfortheinteractionbetweenthemoduleandoperatingsystem.ThismadePython

the only viable programming language available but a valuable part of the python

programminglanguageistheabilitytorunBASHcommandswithinthecode.Thiswouldbe

verybeneficialas theauthorhadpreviouslycompletedanacademicmoduleonUNIXand

familiarwiththecommandsavailable.

19

3.2.3Nmap

Nmapisafreeandopensourcenetworkdiscoverytoolthatcanscanatargetnetworkfinding

informationinhostssuchasopen/closedports,operatingsystemversionsandfirewallfilters.

Itisacommonlyusedtoolforthereconnaissanceofanetworkwhenperforminganetwork

penetrationtestas thetestercanbuilda logicalpictureofwhat thenetworkconsistsoff.

Nmapofferstheabilitytowriteinformationthathasbeendiscoveredtofileallowingareport

tobebuiltandanalysedatalaterdate.

3.2.4ReverseAESHTTPShell

A reverse shell is form of shell whereby the target system of which is required use of,

communicatesbacktoaremoteattackingsystem.Theremotesystemisconfiguredtolisten

onaspecificportwherebyitreceivestheconnectionthisisachievedbyusingcommandor

codeexecution(InfosecInstitute,2016).

Thediagrambelowshowsthestateofareverseshellconnection.

FIGURE3.DIAGRAMOFREVERSESHELLTOPOLOGY(SOURCE:INFOSECINSTITUTE.COM,2016)

Reverse shell tools are available from the Kali Linux repositories an can be downloaded

throughkatoolin.

20

Chapter4.Designand

Implementation

The following sectionwill show the physical construction of theminiaturised penetration

testingcomputerfollowedbyalookatthesoftwarethatwasimplementedonit.

4.1Hardwareconstruction

ThefirststepofthebuildwastosoldertheRGBdisplayandkeypadkittogetherfollowingthe

onlineinstructionsetprovidedontheAdafruitwebsite.Thefollowingfiguresshowthestart

andfinishofthebuild.

FIGURE4.HARDWARECONSTRUCTIONSTART

21

FIGURE5.HARDWARECONSTRUCTIONFINISH

Thebuildrequiredasoldering ironasthetheRGBdisplayandkeypadthere inkit form,a

moredetailedviewoftheconstructioncanbeseeninAppendixB

4.2SoftwareImplementation

The following section will explain how the software was implemented on the device

presentingextractsofcodeimplementations.

Toimplementthesoftware,theRaspbianImagewaspre-installedontheMicroSDcardsand

insertedintheRaspberryPiasthiswastheoperatingsystemofchoice.Followingthis,the

necessary Python libraries where downloaded from the Adafruit website to utilise the

interactionbetweenpiandscreen/keypad

22

4.2.1LCDMenusystem

As there are many hobbyists who take on the Raspberry Pi for various projects,

sources such as GitHub host free open-source repositories of programming code for

individuals touploadanddownload from, allowing communities to collaborate and share

code.Itwasthissourcewhichallowedtheauthortodiscoverapre-writtenmenusystemthat

hadbeenwroteinthepythoncomputinglanguagefortheinteractionbetweentheRaspberry

PiandAdafruitRGBdisplayandkeypadinput.Onparsingthecode,itwasrevealedtherewas

alotofunnecessaryfunctionsthatoriginallywheretailoredfortheuseofitscreator.These

wheredeemedunnecessaryandthecodewasadaptedtothatofabasicmenusystemwith

nofunctions.Thisbasecodewouldbewhereall laterfunctionswouldbecalledfromand

wouldbeplacedinasascripttoberaninthe‘.bashrc’file;afilewhichinitiatesthecommands

withinitonthebootofthedevice.TheAdaptedmenusystemcodefortheprojectcanbe

foundinAppendixC.

4.2.2Reverseshell

Thereverseshellcodewastakenfromthepenetrationtestingtoolsthataresuppliedwith

theKaliLinuxdistribution.Itwasinstalledusingthekatoolinapplicationreferredtoearlier,

thecodewasmildlyadaptedastheAESprivatekeywaschangedthiswasdoneasthedefault

is set foreveryonewhowishes touse the tooland therefore it iswellknownmaking ita

securityrisk.

23

4.2.3PortScanandReport

Theportscanfeatureoftheprojectwasimplementedusingthewell-knownNmapsoftware

previouslymentioned. Givenspecificflagstheauthorwasabletoscanaspecifiedadress

rangeforallopenportsandoperatingsystemversionsofhostswithinadefinenetworka

breakdownanextractoftheimplementedfunctionisshownbelow.

FIGURE6.NMAPCOMMANDBREAKDOWN

This network port scanning feature can be triggered from the keypad LCDmenu system

allowing the tester to produce a report swiftly without the need of peripherals such as

keyboardmouseandmonitoradheringtointentionallydiscreteandmobilenature.Figure7

belowshowstheportscanfunctionextractedfromtheLCDmenuscriptitshouldbenoted

thattheinteractiononthekeypadrequirestheusertopresstheleftswitchinordertobreak

loopthefunctionisplacedinleavingtheareaoftheLCDmenutheywereonceplacedin.

FIGURE7.PORTSCANFUNCTIONCODE

A sample network port scan report output has been provided in Appendix D of the

appendices.

24

4.2.4AnonymousInlineEthernetpacketcapture

TheinlineEthernetpacketcapturewasimplementedwiththeuseoftheUSBRJ45Ethernet

adapter,thedeviceworksbysittinginthemiddleofthecommunicatingandtakingacopyof

all the traffic that passively runs through the device. The diagram below shows the

conceptualdesignfollowedbythephysicaldesign.

FIGURE8.INLINEETHERNETPACKETCAPTURECONCEPTUALDESIGN

FIGURE9.INLINEETHERNETPACKETCAPTUREPHYSICALDESIGN

25

Toallowthedevicetobeanonymised,aconfigurationshadtobesetonthedevicetheseare

asfollows:

1. DisableDHCPdaemonfromrunningdenyingthedevicesinterfacesbeinggivenanIP

address.

2. Createbridgeandaddinterfacesbothinterfacestothebridge.

3. RemovetheIPaddressesoftheinterfacesonthebridge.

4. InitiatetheBridge.

5. Initiatethecaptureofthethetrafficpassingthroughthebridgeinterface.

ThescriptfortheinlineEthernetpacketcapturecanbeseenbelow.

FIGURE10.INLINEETHERNETPACKETCAPTURESCRIPT

26

4.2.5BatteryTimerscript

ThebatterytimerwasasimplescriptwroteinBASHtorecordthetimeatwhichthedevice

poweredoff.ThiswaswrittenforthetestingphaseoftheprojectastheUSBbatterypackas

noindicationofwhenthebatteriespowerisabouttodeplete,meaningascriptwouldhave

toberunasabackgroundprocessconstantlyrewritingthecurrenttimeintoafile.Oncea

testhadbeenperformedtheandbatteryandfullydepletedthedevicewouldbepoweredon

andthetimewouldbereadfromthefileinordertocalculatehowlongthebatterylifehad

lastedduringthetest.Thiswasperformedbydeductingthestarttimeofthetestbythefinish

time,showingthenumberofhoursandminutes thebatteryhad lasted. Figure11below

showthebasicbatterytimerscript.

FIGURE11.BATTERYTIMERSCRIPT

27

4.3Problemsfaced

Aftercompletionofthebuild,torunthepentestingdeviceinatargetenvironmentresearch

showed it had the potential to face various issues surrounding general network security

techniques

4.3.1PortSecurity

Organisations such as banks and who wish to be certified to the ISO27002 information

securitystandardsmust followstrict regulationson theaccesscontrol theyplaceon their

networkandsystems(ISO/IEC27002:2013,2013).Theywillapplysecurityconfigurationsto

theirnetworkingequipmentsuchasportsecurityasaphysicaldefenceagainstunauthorised

accesstothe localnetwork. Portsecurity isatechniqueofaccesscontrolthatconsistsof

MACfilteringonthephysicalportsofaswitch,itissecuredbyallowingordenyingaphysical

connectiontothenetworkbasedontheMACaddressoftheconnectingdevice.Thiscanbe

a problem for the reconnaissance device, has should it want to initiate a reverse shell

connection, itwould require a validMAC address from the filter list implemented to the

switch.

ThisproblemcouldbeovercomewithatechniqueknownasMACspoofing(DCardenas,E,

2003),itwouldrequiretheuserofthedevicetomanuallyconfigurethedeviceusingavalid

MACaddresstoconnecttothenetwork.

28

4.3.2StatefulFirewalls

TheuseofStatefulFirewalltechnologieswillallowordenyvarioustypesoftrafficacrossa

network.SoftwaresuchasIPtablesrulesorCiscoIOS’sACLlistscanperformIPfilterruleson

thestateofaconnection,theseareknownasreflexiveACL’sorStatefulrules(Cisco,2014).

AcommonconfigurationofthereflexiveACListoallowoutboundconnectionsthatwhere

startedwithinanetworkthroughthefirewall,butdenyanyconnectionsinboundthatwhere

notstartedfromwithinthenetwork.Thismaybefilteredbytheportinwhichisinusefor

exampleHTTPtrafficoverport80 isallowedoutandreturn,butnotallowed in. Another

functionof a Stateful firewall is the ability to performdeeppacket inspection; this is the

capturingofpacketsintransitforanalysis(Solarwinds,2014). Deeppacketinspectioncan

detect fraudulent packets that are entering the network under a valid port number but

containdifferentprotocolstowhichthatportnumberisassociated.

ThiswasovercomewiththeuseofthereverseAESHTTPshellwhichcanrunacrossport80

out of the network (a common configuration). It is also Encrypted with AES encryption

denyinganypacketinspectiontobeperformed.

4.3.3IDS/IPSSystems

ThereisapossibilityanorganisationwilluseanIDS/IPSsystemtomonitoranddetectfreak

activityon thenetwork, suchas extremelyhighbandwidthuseorhostsbeing repeatedly

pinged. An IDS/IPS is configured with the use of factors such as network traffic flows,

signaturebasedinspectionandbaselinenetworkactivity.Oncetheserulesareviolatedthe

29

IPScandynamicallypreventsuspiciousactivityfromoccurringbyalteringfirewallrulesand

loggingactivity.

TopreventdetectionfromanyIDS/IPSsystems,thenetworkportscanningsoftwareNmap,

wasgivencommandflagssettoavoiddetectionbyfragmentationofpackets.However,this

wouldnotpreventdetectionineveryscenario.

4.4InlineEthernetpacketcaptureInvestigation

The followingsection is thesecondpartof the implementationwhereby thepenetration

testingdevicethatwasconstructed,wastestedtoseehowlongthedevicecouldmonitor

trafficusingtheInlineEthernetpacketcapturingsoftwarepreviouslyimplemented

4.4.1Batterylifetesting

To test the network reconnaissance attack against battery life, a piece of software was

required to generate specific levels of traffic across a physically connected Ethernet link.

Initialresearchreferredtheauthortoasoftwareknownasiperf;aprogramthatisusedfor

testingthethroughputofaconnectionbysendingadefinedamountofbandwidthtosaturate

aphysicallink.Thissoftwarewasusedintheprojectinconjunctionwithsoftwareknownas

tcpdump;apacketanalysingapplicationwhichisrunfromtheLinuxcommandline.tcpdump

itselfwasusedtocapturethepacketsthatwereintransitacrosstheEthernetlinkwhichis

beinganonymouslymonitored.

30

Theinitialtestingwasperformedin3stagestheseasfollows;

1. Batteryconsumptionmonitoring10Mbpsthroughput

2. Batteryconsumptionmonitoring50Mbpsthroughput

3. Batteryconsumptionmonitoring100Mbpsthroughput

Eachtestwasconductedusingallofthesameequipment,withtheonlyvariantbeingthebit

ratetransmitted.Alogicaldiagramofthebatterylifetestisshownbelow.

FIGURE12.LOGICALDIAGRAMOFBATTERYLIFETEST

4.4.1Hardwaretesting

Thefinalpieceofsoftwarethatwasusedisknownasvmstat,itisalsoacommandlinetool

similartotcpdump,butforthemonitoringofacomputersstatisticalinformationsuchasCPU,

memory, I/O, and swap, this information canbeprinted to screenorwritten toa file for

furtheranalysis. vmstatwasrunonthepenetrationtestingdevicealongsidetcpdump,to

identifytheeffectonhardwareasthetheiperfsoftwaretransmittedpacketsatincrementing

bandwidthsof10Mbpstillitreached100Mbps,aLogicaldiagramofthetestisshownbelow

31

FIGURE13.HARDWAREUTILISATIONTESTDIAGRAM

32

Chapter5.Results

andDiscussion

The following section cover the results collected from tests ran in the previous chapter,

discussingtheexpectedresultsandthenanalysingthedataforfurtherdiscussion.Toview

thefullatranscriptofalltheresultscollectedrefertoappendixE.

5.1Completebatterydepletiontestresults

Thetheorisedexpectationofthetestswouldbethat,thehigherthethroughputwhichwas

beingtransmittedfromtheiperfclientsoftwaretotheiperfserversoftwareandanonymously

monitoredwiththepacketcapturingapplication.Thiswouldtheoreticallyberunningmore

processes and utilising the hardware of the penetration testing device meaning the the

batterywoulddepletemorerapidlyasthedevicetookmoreenergyfromthebatterycells.

ThefollowingTableandFigureshowtheresultsofthebatterylifetests.

TABLE1.BATTERYLIFERESULTS

Reconnaissance Attack Bit Rate (Mbps) Battery life (Hrs) Inline Ethernet packet capture Average traffic 39.2Inline Ethernet packet capture 100 28.9Inline Ethernet packet capture 50 34.5Inline Ethernet packet capture 10 37.9

33

FIGURE14.BARCHARTOFBATTERYLIFERESULTS

This theoryprovedtobetrueas theresultsbelowshow, therateatwhichthroughputof

trafficissentdirectlyaffectsthespeedofdrainonthebatterylife.

5.2Hardwareutilisationtestresults

TheTheorisedexpectationofthistestwassimilartothatofthebatterydepletiontest,the

authorassumedthatthehigherthroughputofdataacrossthemonitoredlink,thenthiswould

directlyaffectthehardwareutilisationonthemonitoringdevice.

Thistheoryhoweverwasnotfullycorrect,thetestswhereratherinconclusivetowardsthe

theoryofadirectlinkbetweenlinkthroughputandhardwareutilisation.Althoughtherewere

evident patterns in statistics when the highest values of each statistic from the 30 data

outputswherecollated.Oneevidentpatternwasthatofthememorycacheutilisationthis

canbeseeninfigure15below.

39.2

28.9

34.537.9

WiredInlineEthernetWireTAPgeneraluse

WiredInlineEthernetWireTAPat100Mbps

WiredInlineEthernetWireTAPat50Mbps

WiredInlineEthernetWireTAPat10Mbps

TimeTillCompleteBatteryDepletionTimeTillBatteryDepletion(Hours)

34

As the throughputof the linkwas is increasedby10Mbps, the sizeof thememory cache

increasesatanexponentialrate(seeninred).

FIGURE15.MEMORYCACHEUTILISATION

35

Oneotherareaofinterestsurroundsthecorrelationbetweenthelinkthroughputandand

thenumberofsysteminterruptspersecond.Figure16belowshowsafterafreakdatapoint

inthe20Mbpstestthereisastableincreaseinthenumberofinterruptspersecondinrelation

tothelinkthroughput.

FIGURE16.SYSTEMINTERRUPTINFORMATION

5.3Additionalfindings

Throughout the course of the project, there where various other findings that where

discoveredthatmayoftenbeoverlooked.

5.3.1Easeofdevelopment

Theeaseofdevelopmentontheprojectwasrelativelyeasy,astheauthorhadmostofthe

technicalknowledgethatwasneededavailabletothemthroughpreviousexperiencesusing

902

30

1022 1052 1063 1073 1086 1094 1098 1108

20 0 29 28 29 30 30 31 31 310

200

400

600

800

1000

1200

0 2 4 6 8 10 12

Bandwidth(Mbps)

Minvaluetakenfrom30x1secondinterval(System)

systemin systemcs

36

the technologies. This was aided by the understanding the author had on subjects at a

fundamentallevel,meaninganynewconceptswherebuiltonthepre-existingknowledge.

5.3.2Developmenttime

Thetimetodeveloptheprojectwasreasonableandshouldmoretimebeavailabletothe

individualtheprojectmayhavebeencompletedearlierthenproposed.Thisisalsodownto

thedisciplineoftheindividualforexampletheabilitydenythemselvesfromprocrastinating.

5.3.3Thelevelofskillsrequiredtodotheproject

Thelevelofskillrequiredtocompletetheprojectisthatofafirstyearuniversitystudentand

lowlevel,itdoeshoweverrequirealotofdeterminationandakeeninterestinthefieldof

networksecurity.AreassuchasUNIXandpythonarethemostessentialpartofthebuild,

knowingtheirfundamentalsisthebasistofurtheringtheproject.

5.3.4Riskfactorsfororganisations

Theprojectsdevicepresentsa lotof risks foranorganisationas thedevice ismobileand

proventobecapableofperformingreconnaissanceattacks.Withtheabilitytoremainhidden

andpoweredbyabatteryforupto39.2houseunderaverageuserstraffic,thedevicecan

presentaseriousrisktowardsthesecurityofanorganisationsnetwork.

37

5.3.5Howeasywasittofindinformationonthis?

Informationonthesubjectwassomewhatscarce,howeversourcinginformationonnetwork

securitypracticesandbrowsingcommunitydevelopedRaspberryPiprojectscanprovidethe

necessaryinformationtowardsimplementingsuchaproject.

5.3.6Howtechnicallyindepthistheprogrammingcode

ThemosttechnicalcodeintheprojectwasthatoftheLCDmenusystem,thoughthiswasnot

writtenbytheauthor,onlyadaptedandusedasaframework.Mostofthepythoncodeused

intheprojectrefersbacktoUNIXcommandsandshellscriptsmeaningitdoesnotrequirean

individualatthelevelofacompletedcomputersciencedegreeinordertowritethecodein

use.

38

Chapter6.Conclusion

Theinitialconceptofthisprojectchangedquitevastlyatanearlystageoftheprocess,dueto

whatwastheoreticallypossiblewithoverambitioustimeline.Thischangehoweverallowed

theprojecttoberefinedgivingtheprojecttwoclearandconcisequestions;

1. Can a device bebuilt using off the shelf IT hardware for thepurposeof exploring

possibleautomatednetworkreconnaissanceattacks?

2. Ifsuchadevicewasbuilt,howlongcanthedevicebedeployedremotelybeforethe

batterylifeisdepleted?

Bothofthesequestionsweresuccessfullyansweredwiththebuildofthedevicerunningcode

fortheautomationofnetworkattacksreconnaissanceandthetestingofbatterylifedepletion

againstthedevicerunningsuchcode.Therewerenomajorsurprisestothefindingswhich

were made throughout projects testing, but overall the project gave clarification on the

questionsitanswered.

Overalltheprojectwasasuccessandapleasuretocomplete.

6.1LessonsLearned

Thelessonslearnedthroughoutthecourseofthisprojectwere,itdoesnottakeanindividual

with the knowledge of computer science graduate to achieve the projects goals. Basic

39

understandingofthefundamentaltechnologiespartneredwithfurtherstudyintheprojects

technicalareaswillprovidethenecessaryinformationrequiredtocompletesuchaproject.

6.2FutureActivity

Possiblefutureactivityfurtheringtheprojectwouldconsistofthefollowing:

• ImplementaGSMshieldonthedevicetoallowoutofbandcommunicationthrough

the3Gor4Gcellularnetwork. Onceconnected to toa targetnetwork thedevice

would theoretically be able to upload the extracted recon data to the attacker’s

remotesystem.Avoidingdetectionacrossthetargetnetwork.

• Testthebattery lifedepletiontimewhenrunningwirelessnetworkreconnaissance

attackswhilealsoobservingtheeffectonhardwareutilisation.

• AutomateapasswordcrackingapplicationonboardtheRGBdisplayandinput

40

Bibliographyand

References

Adafruit.2016.AdafruitRGBNegative16x2LCD+KeypadKitforRaspberryPi.[ONLINE]Availableat:https://www.adafruit.com/products/1110.[Accessed07January16].

Adafruit.2016.AdafruitRaspberryPiB+/Pi2/Pi3Case-SmokeBase-w/ClearTop.[ONLINE]Availableat:https://www.adafruit.com/products/2258.[Accessed1May2016].

ALFA.2016.AWUS036NH.[ONLINE]Availableat:http://www.alfa.com.tw/products_show.php?pc=34&ps=21.[Accessed1May2016].

Amazon.2016.USBto10/100EthernetRJ45NetworkAdapterConverterPCLaptopsWiredConnectionUSBMaletoRJ45Female.[ONLINE]Availableat:https://www.amazon.co.uk/gp/product/B003Q85EEA/ref=oh_aui_detailpage_o01_s00?ie=UTF8&p

sc=1.[Accessed1May2016].

AnkitaGupta#1,Kavita2,KirandeepKaur2013,"VulnerabilityAssessmentandPenetrationTesting",

InternationalJournalofEngineeringTrendsandTechnology,vol.4,no.3,pp.328-333.

Astro-Pi.2016.Astro-Pi.[ONLINE]Availableat:https://astro-pi.org/about/.[Accessed04March16].

Aufderheide,A.2013.RaspberryPiLcdMenu.[ONLINE]Availableat:https://github.com/aufder/RaspberryPiLcdMenu.[Accessed21February16].

BananaPi.2016.BananaPi.[ONLINE]Availableat:http://www.bananapi.org/p/product.html.

[Accessed1May2016].

BeagleBoard.2016.BeagleBoneBlack.[ONLINE]Availableat:https://beagleboard.org/black.[Accessed1May2016].

Cunningham,C.2015.ConfigureAuto-start.[ONLINE]Availableat:https://learn.adafruit.com/piminer-raspberry-pi-bitcoin-miner/configure-auto-start.[Accessed21

February16].

Cisco.2014.ConfiguringIPSessionFiltering(ReflexiveAccessLists).[ONLINE]Availableat:http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfreflx.ht

ml.[Accessed4May2016].

41

DCardenas,E,2003.MACSpoofing--AnIntroduction.GlobalInformationAssuranceCertificationPaper,[Online].Availableat:http://www.giac.org/paper/gsec/3199/mac-spoofing-an-

introduction/105315[Accessed30April2016].

Github.2016.Katoolin.[ONLINE]Availableat:https://github.com/LionSec/katoolin.[Accessed2May

2016].

Hardkernel.2016.ODROID-C1+.[ONLINE]Availableat:http://www.hardkernel.com/main/products/prdt_info.php?g_code=G143703355573.[Accessed1

May2016].

Holm,H.;Sommestad,T.;Almroth,J.;Persson,M.(2011).Aquantitativeevaluationofvulnerabilityscanning.InformationManagement&ComputerSecurity.Vol19(No.4),p231-247.

Hunt,A.2014.MediaoverCoaxialAlliance(MoCA):OperationandSecurityPosture.[Online]Availableat:https://www.defcon.org/images/defcon-22/dc-22-presentations/Hunt/DEFCON-22-Andrew-Hunt-

MoCA-Overview-and-Security-Posture-WP.pdf.[Accessed01January16].

IBM.2016.IBM5100PortableComputer.[ONLINE]Availableat:http://www-03.ibm.com/ibm/history/exhibits/pc/pc_2.html.[Accessed22February16].

InfosecInstitute.2016.Whatareshells?.[ONLINE]Available

at:http://resources.infosecinstitute.com/icmp-reverse-shell/.[Accessed2May2016].

iperf.2016.iPerf-Thenetworkbandwidthmeasurementtool.[ONLINE]Availableat:https://iperf.fr/.[Accessed30April2016].

ISO.2013.ISO/IEC27002:2013(en)Informationtechnology—Securitytechniques—Codeofpracticeforinformationsecuritycontrols.[ONLINE]Availableat:https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-2:v1:en.[Accessed4May2016].

Kali.2016.KalionRaspberryPi.[ONLINE]Availableat:http://docs.kali.org/kali-on-arm/install-kali-

linux-arm-raspberry-pi.[Accessed2May2016].

KinnersleyB.2016.TheLanguageList.[ONLINE]Availableat:http://people.ku.edu/~nkinners/LangList/Extras/langlist.htm.[Accessed2May2016].

Mortensen,C.;Winkelmaier,R.;Zheng,J.(2013).ExploringAttackVectorsFacilitatedbyMiniaturized

Computers.Proceedingsofthe6thInternationalConferenceonSecurityofInformationandNetworks.(),p203-209.

Pwnpi.sourceforge.2016.PwnPi.[ONLINE]Availableat:http://pwnpi.sourceforge.net/index.html.

[Accessed2May2016].

PonnusamyP.2016.UnderstandingVMSTATOutput-Explained.[ONLINE]Availableat:http://www.lazysystemadmin.com/2011/04/understanding-vmstat-output-explained.html.

[Accessed5May2016].

42

PwnieExpress.2016.PWNPLUGR3.[Online]Availableat:https://www.pwnieexpress.com/product/pwn-plug-r3penetration-testing-device/.[Accessed07

January16].

Raspberrypi.2016.RASPBERRYPI2MODELB.[ONLINE]Availableat:https://www.raspberrypi.org/products/raspberry-pi-2-model-b/.[Accessed22February16].

Raspbian.2016.Raspbian.[ONLINE]Availableat:https://www.raspbian.org/RaspbianAbout.[Accessed2May2016].

RSComponentsLtd.2016.RaspberryPi2ModelB.[Online]Availableat:http://uk.rs-online.com/web/p/processor-microcontroller-development-kits/832-6274/.[Accessed07January

16].6.

SANS.2004.UnderstandingIPSandIDS:UsingIPSandIDStogetherforDefenseinDepth.[ONLINE]Availableat:https://www.sans.org/reading-room/whitepapers/detection/understanding-ips-ids-ips-

ids-defense-in-depth-1381.[Accessed5May2016].

Shravan,K.,Neha,B.&Pawan,B.2014,"PenetrationTesting:AReview",Compusoft,vol.3,no.4,pp.

752-757.

Solarwinds.(2014).SolarWindsDeepPacketInspection&AnalysisforQualityofExperienceMonitoring.[OnlineVideo].29July2014.Availablefrom:https://www.youtube.com/watch?v=aDnpS0LhUC8#t=27.[Accessed:5May2016].

TP-Link.2016.150MbpsHighGainWirelessUSBAdapterTL-WN722N.[ONLINE]Availableat:http://www.tp-link.com/en/products/details/TL-WN722N.html.[Accessed1May2016].

Tcpdump.2016.TCPDump&LibPcap.[ONLINE]Availableat:http://www.tcpdump.org/.[Accessed2

May2016].

Venkateswaran,D.;Alex,C.;Jose,K.M.;Sahasranamam,S..(2014).MobilePhoneControlledFarmManagementAider.HumanitarianTechnologyConference(R10-HTC),2014IEEERegion10.p117-120.

ViolentPython;acookbookforhackers,forensicanalysts,penetrationtestersandsecurityengineers.2013.ReferenceandResearchBookNews,28(4),.

43

Appendices

AppendixA–Literaturereview

AppendixB–Penetrationtestingdevicebuild

AppendixC–LCDmenusystemcode

AppendixD–PortScanReport

AppendixE–Fulltranscriptofresultscollected

AppendixF-SupervisoryMeetingLog

LITERATUREREVIEWInvestigatingRemoteandAutomatedattackvectorsusingamicrocomputerfrominsideaknownnetwork.

DEANKAYID:1208626

PreparedforAmandaDewhurst&LouiseAshby|8thJanuary2016

APPENDIXA

Appendix-A 2

TableofContents

ABBREVIATIONS 3

LISTOFFIGURES 3

1.INTRODUCTION 3

2.APPROACHANDMETHODS 4

3.FINDINGS 5

4.EVALUATIONANDREFLECTION 7

5.BIBLIOGRAPHY 8

6.APPENDICES 8

APPENDIXA

Appendix-A 3

Abbreviations

GSM-GlobalSystemforMobileCommunicationOSS- OpenSourceSoftware

ListofFiguresFigure1PwnPlugR3-source:pwnieexpress.com..................................................................6Figure2RGBLCDplatewithkeypad–source:Adafruit.com..................................................6Figure 3. Bar chart of battery lifetime - source: Exploring attack vectors facilitated by

miniaturizedcomputers...................................................................................................7

1.Introduction Due to an ever increasing number of cyber attacks against computer systems andnetworksbeingcommittedacrosstheworld,companiesandnationsalikearetakingcybersecurityasaprimarydefenceagainstexistingandforecomingattacks.Onetechniquetowardsbuildingstrongercybersecuritysystemsisthehiringofpenetrationtesters, in order to find security holes in the current computer and networks securityinfrastructure of an organisation. Penetration testers are known to use a plethora oftechniquesknownas‘attackvectors’,inordertobreakintotheirtargetsystems.Onerathernewtechniqueisknownasapenetrationtestingdropbox.Wherebyacomputingdevicewithpenetrationtestingtoolspre-installed,ishiddenawaywithinatargetsphysicallocationwithpotentialphysicalaccesstothetargetnetworkviaanearbyEthernetportorinwirelessrangeofanaccesspoint.Thepurposeoftheprojectistoinvestigatetheviabilityofusingamicrocomputercombinedwithkeypadinputanddisplayinordertorunautomatedattacksagainstacomputernetwork.Duetoitsuniquenessthereisverylittlestudybeenmadeinthisareaofcybersecurity,onlyfinding one main literature containing specific research conducted in the field. Broaderresearchwasmadearoundthesubjectbut itwas feltnecessarytousethemainresearchalreadyconductedandbuildfromit.Theoverallgoalofperformingthisresearchcarriestwosegments,firstlytoestablishwhetherornotthedeviceisatallcreatableusingconsumergradehardware.Thiswillencompassthreeparts.

• Howthedeviceistobeadministered

This is of interest to how the device will efficientlymake use of its targetenvironment, the main focus being the various implementations towardsinteractionbetweentheuseranddevice.

• Thefashioninwhichthedevicewillinteractinitsenvironment

Thisrepresentshowthedevicewillinteractwithitstargetnetwork.Variantsofattackvectorwillbeconsidered,suchaswiredorwirelessattacks.

APPENDIXA

Appendix-A 4

• Potentialphysicalformsthedevicemaytake

Thisconsidersthevariousphysicalformsinwhichthedevicemaytake,earlierresearch from interactionsbetweenusers andenvironmentswill shape thepathinwhichthisresearchisconducted.

Usingpartone’sresearchasareferencetowardsphysicaldesignoftheartefact,thesecondsegmentoftheresearchwilltakealookatthecomplexityinvolvedtowardshandlingoftheproject,largelybeingthetimeconstraintsplacedupontheprojectdeadlineandcoststobuildthedevice.Forthisveryreason,aclearandconcisenumberofattackvectorsaretoberesearchedastheresimplyisnotenoughtimetostudyallvariant’s.Definingasetamountofattackvectorswillnarrowthethescopeoftheresearchandallowtimefortestinganddataanalysistowardtheendoftheproject.

2.ApproachandMethods Asstatedearlierresearchforthisprojectwasbrokeninto3partsasfollows:

• Howthedeviceistobeadministered• Thefashioninwhichthedevicewillinteractinitsenvironment

• Potentialphysicalformsthedevicemaytake

Researchperformedonthisprojectwouldbefundamentallyofatechnicalnature,thusitwassegmentedinordertogiveaclearoutlookonkeyareasofimportancewithintheproject.Partonewastodiscoverhowthedevicewouldbeadministeredbyauserandinordertocarry out specified attacks, a literature searchwas conducted, via the use of a universitysearchengineforonlineacademic journalsandpublications. It isbelievedthismethodofresearch would provide trustworthy and valid information on the given subject, as thecontentisofascholarlynatureandoftenpeerreviewedbyprofessionalsinthefield.Followingthisinitialresearch,itwasconsideredusefultodetermineifanyproductsofferingpenetrationtestingtoolsonamicrocomputerorofasimilarsort,alreadypreexistontheconsumermarket.TonosurprisetherewasfewproductscurrentlyonthemarketthesecanbeseeninAppendixA.Lastly,researchwaslookedupontoseeifautomatingvulnerabilityscanswasaviableoption.Astudybyacademicsontheautomationof7popularvulnerabilityscannersallbeingrunonthe same computer network consisting of 28 hosts, with a variety of operating systems,servicesandpotentialvulnerabilities.Wasperformedin2011anddrewconclusionthattheaccuracyofsuchtestsprovedinvalid(Holm,H;Sommestad,T;Almroth,J;Persson,M,2011).Thismethodofautomationwouldnotbeusedbecauseofthevalidityissues.Parttwooftheresearchtookintoaccountthewayinwhichthedevicewouldinteractinitsenvironments.Researchthathadpreviouslybeenconductedshowedthepossibilityofbothinteractingwithatargetnetworkphysicallyorwirelessly(Mortensen,C;Winkelmaier,R;Zheng,J,2013).Thisallowedtheideatofacilitatebothwiredandwirelessforattacks,openingawiderrangeofattackvectorstochoosefrom.Oncarryingoutthisresearchtowardstheideaofwireless

APPENDIXA

Appendix-A 5

and wired attacks. Further unintended research into remote interaction via 3G cellularnetworksarose.AstudyintosystemofcellularcontrolledfarmingmanagementwasbeingusedwithaGSMshieldattachedtoaRaspberryPimicrocomputer(Venkateswaran,D;Alex,C;Jose,K.M;Sahasranamam,S,2014).Thisgavetheideatopossibleoutofbandconnectivityto the device being used in the project, thus hiding the identity of commands beingcommunicatedtoandfromthedevice,addinganotherlayerofanonymity.Lastly, the option of using a mains power supply or battery powered supply as animplementationwasalsodiscovered.Thisallowedobscurityasthedevicewouldnotneedtorely on a mains power supply to function and could be well hidden (Mortensen, C;Winkelmaier,R;Zheng,J,2013).The final part of the research relates to the physical form of the device, showing therequirementsintendedtomeetbelow:

• Tobecompatiblewithallconnectedhardwareondevice.

• Mobileforinstalmentintargetlocations.

• Abletorunbasicnetworkconnectivitytestfromthedeviceitselflocally.

• Performattackslocallyandremotely.Decisionstowardsthephysicaldesignwilltakeintoaccount,theprojectcostsandcasestudyfindingsinordertoachieveasuitablemedium.ResearchshowedthattheRaspberryPimicrocomputerwasaworthycandidateintermsofthe cost of hardware and the capabilities of the hardware. Using hardware such as theRaspberryPiwouldallowtheinstalmentofnonproprietarysoftware(RaspberryPi,2016).Suchasa specialisedoperating systemknownasKali Linux,whichprovidesapenetrationtestingsecuritysuiteof250+tools(Kali,2016).Itwasevidentfromtheresearchconductedinto exploring attack vectors that their devicewas automatically given connectivitywhenplacedinthenetwork,astherewasknowhardwaretoconfigurethedeviceonplacement.Thisgavethe ideaoffittingaRaspberryPiwithaLCDscreenandkeypad inputmodule inordertotestbasicnetworkconnectivityfromthedevicewhilebeingplacedonlocation.

3.Findings

Maintainingtothesegmentationoftheprojectresearch intothreeseparateareas,thefollowingrepresentthefindingsfoundwithineacharea.Currently there alreadyexists commercial products that includemicrocomputers installedwithpenetrationtestingsuites.Itwasfoundthattherearevariouswaystointeractwithpentestinghardware,withcommercialproductssuchasthePwnPlugR3seenbelow.

APPENDIXA

Appendix-A 6

Figure1PwnPlugR3-source:pwnieexpress.com

Pen-testerscanutiliseover100+OSS-basedpenetrationtestingtools,fromawebbasedUIsuppliedbythevendor.Withapricetagof$1000thiswasdeemedasanexpensiveapproachtopenetrationtesting.AmorecosteffectiveapproachwouldbeviatheuseofaraspberrypimicrocomputerpartneredwiththefreesecuritysoftwaresuiteKaliLinux.Usingthisapproachalsoallowstheadditionsofmodulestotheraspberrypidevice,allowingnewformsofinteractionbetweenuseranddevice.SuchastheRGBLCDscreenandkeypadmodulemadebyAdafruitthatcanbeseenbelow.

Figure2RGBLCDplatewithkeypad–source:Adafruit.com

Thiswouldallowtheprogrammingofabasicmenusystemtobewrittenandausercouldrunbasicnetworkconnectivitychecks.Before leavingthedevice in itstarget locationfor laterremoteattacksonceconnectivityasbeenmade.Theuseofa3Gcellularhardwareisapossibleapproachforoutofbandaccesstotheremotedevice,thushidingtheidentityofcommandsbeingcommunicatedtoandfromthedevice.Though this would be another incremental cost to the project but would be taken intoaccountforanyfutureprojectsinthisarea.Anotherconsiderationtobemadewhenimplementingthehardwareiswhetherornottouseapowersupplyfromthetargetorganisationoruseanexternalbatterypowersupply.Theadvantagestothebatterypoweredimplementationwouldbethatthedevicewouldbeabletobehiddenoutofsite,takingtheideathatifitwasdeployedbyacybercriminaltheywouldnotwantyouknowingitisthere.Thedisadvantagetousingabatterypoweredapproachisthethebatterylifeitself.Asitisputunderstrainthroughcarryingoutdifferentattackvectorsbatterylifecandepleteovertime.Previousresearchfoundinthecasestudiesfoundbattery

APPENDIXA

Appendix-A 7

lifetobeanissuecausingsomeattackvectorstosimplynotbeused.Thiswasalsoduetotheolderand lessperformancemicrocomputerhardware.TheBarchartbelowshowsthebatterylifetimeofa5,000mahbattery,undertheuseofdifferentattackvectors.

Figure3.Barchartofbatterylifetime-source:Exploringattackvectorsfacilitatedbyminiaturizedcomputers

Itcanalsobedepictedfromthebarchartabovethatwirelessattacksaremoreconsumingonbattery life as opposed to attacks using awired connection. This is because of the highpoweredantennaalwaysrunning.The project approachwill be of a similar foundation to the research of ‘Exploring AttackVectors Facilitated byMiniaturized Computers’. Though as the study is 3 years old andtechnologicalhardwareasprogressed.TestswillbecarriedoutonanupdatedmodeloftheRaspberryPihardwareallowingprocessingspeedsofupto6timesfasterthenthatofthepreviously tested. Thispairedwitha20,000mahexternalbatterysupplyover theoriginal5,000mahwillallowattackvectorstobetrialledthatwherethoughtpreviouslynotofbeenabletorunbecauseofthesloweroldergenerationhardware.

4.EvaluationandReflection The nature of this project produces significant academic and technical challengesrelatingtotheunderstandingandgraspofthetopic,theimplementationcostandhardwaretotestthedifferentattackvectors.Usingtheuniqueyetsparseresearchfoundonthetopicasgivenaclearerunderstandingtopossibilitiesthatareviable.Thisasallowedpreconceptualideastobeapprovedordisprovedbefore any technical implementation as been started. Ultimately saving time, but alsoallowingnewavenuestobelookeduponinstead.

APPENDIXA

Appendix-A 8

Themethods inwhichresearchasbeenconductedhaveprovedtobeofahighstandard,allowingtheinformationrequiredtobetakenwhereneeded.Evenunintendedresearchthatoccurredprovedusefulintheprocessofeliminatingpotentialroutestotakewiththeproject.Theresearchhasnarrowedtheprojectideadowntoamoremanageableone,eradicatingthebroadspectrumofideasintojustafew.Allowingpreciseinformationtobeextractedfromtheproject.

5.BibliographyAdafruit. 2016. Adafruit RGB Negative 16x2 LCD+Keypad Kit for Raspberry Pi. [ONLINE] Available at:

https://www.adafruit.com/products/1110.[Accessed07January16].

Venkateswaran, D. ; Alex, C. ; Jose, K.M. ; Sahasranamam, S. . (2014). Mobile Phone Controlled Farm

ManagementAider.HumanitarianTechnologyConference(R10-HTC),2014IEEERegion10.p117-120.

Hunt, A. 2014. Media over Coaxial Alliance (MoCA): Operation and Security Posture. [Online] Available at:

https://www.defcon.org/images/defcon-22/dc-22-presentations/Hunt/DEFCON-22-Andrew-Hunt-MoCA-Overview-and-Security-Posture-WP.pdf.[Accessed01January16].

Holm,H.;Sommestad,T.;Almroth,J.;Persson,M.(2011).Aquantitativeevaluationofvulnerabilityscanning.

InformationManagement&ComputerSecurity.Vol19(No.4),p231-247.

Kali.2016.AboutKaliLinux.[Online]Availableat:https://www.kali.org/downloads/.[Accessed07January16].

Mortensen, C. ; Winkelmaier, R. ; Zheng, J. (2013). Exploring Attack Vectors Facilitated by Miniaturized

Computers.Proceedingsofthe6thInternationalConferenceonSecurityofInformationandNetworks.(),p203-

209.

PwnieExpress. 2016. PWNPLUGR3. [Online]Availableat: https://www.pwnieexpress.com/product/pwn-plug-

r3penetration-testing-device/.[Accessed07January16].

RS Components Ltd. 2016. Raspberry Pi 2 Model B. [Online] Available at: http://uk.rs-

online.com/web/p/processor-microcontroller-development-kits/832-6274/.[Accessed07January16].6.

6.AppendicesAppendixA

APPENDIXA

Appendix-A 9

BeagleBone

MiniPwner

RaspberryPi

APPENDIXB

APPENDIXC1. #!/usr/bin/python 2. 3. # Created by Alan Aufderheide, February 2013 4. # Modified by Dean Kay, February 2016 5. # This provides a menu driven application using the LCD Plates 6. # from Adafruit Electronics. 7. 8. import commands 9. import subprocess 10. import os 11. import urllib 12. from string import split 13. from time import sleep, strftime, localtime 14. from datetime import datetime, timedelta 15. from xml.dom.minidom import * 16. from Adafruit_I2C import Adafruit_I2C 17. from Adafruit_MCP230xx import Adafruit_MCP230XX 18. from Adafruit_CharLCDPlate import Adafruit_CharLCDPlate 19. from ListSelector import ListSelector 20. 21. import smbus 22. 23. configfile = 'lcdmenu.xml' 24. # set DEBUG=1 for print debug statements 25. DEBUG = 0 26. DISPLAY_ROWS = 2 27. DISPLAY_COLS = 16 28. 29. # set to 0 if you want the LCD to stay on, 1 to turn off and on auto 30. AUTO_OFF_LCD = 0 31. 32. # set busnum param to the correct value for your pi 33. lcd = Adafruit_CharLCDPlate(busnum = 1) 34. # in case you add custom logic to lcd to check if it is connected (useful) 35. #if lcd.connected == 0: 36. # quit() 37. 38. lcd.begin(DISPLAY_COLS, DISPLAY_ROWS) 39. lcd.backlight(lcd.OFF) 40. 41. # commands 42. def rePortscan(): 43. if DEBUG: 44. print('in rePortscan') 45. lcd.clear() 46. subprocess.call("sudo nmap -O -sV -v --reason --open -

oX /home/pi/portScans/testmap.xml 192.168.0.0/24 --stylesheet=nmap.xsl &",shell=True) 47. while 1: 48. if lcd.buttonPressed(lcd.LEFT): 49. break 50. sleep(0.25) 51. def ShowPubIP(): 52. if DEBUG: 53. print('in ShowPublicIP') 54. publicIPUrl = urllib.urlopen("http://my-ip.heroku.com/") 55. pubIP = publicIPUrl.read().split()[2].translate(None, '"') 56. lcd.clear() 57. lcd.message(pubIP) 58. while 1: 59. if lcd.buttonPressed(lcd.LEFT): 60. break 61. sleep(0.25) 62. 63. def ShowDG(): 64. if DEBUG: 65. print('in ShowIPGate') 66. lcd.clear() 67. lcd.message(commands.getoutput("sudo python /home/pi/getDG.py")) 68. while 1: 69. if lcd.buttonPressed(lcd.LEFT): 70. break

APPENDIXC71. sleep(0.25) 72. 73. def revShell(): 74. if DEBUG: 75. print('in Reverse Shell') 76. lcd.clear() 77. subprocess.call("sudo python /home/pi/testmenu/reVSHELL/shell.py 192.168.1.101 80 &",shell=Tru

e) 78. while 1: 79. if lcd.buttonPressed(lcd.LEFT): 80. break 81. sleep(0.25) 82. 83. def reWireTAP(): 84. if DEBUG: 85. print('in reWireTAP') 86. lcd.clear() 87. subprocess.call("sudo /home/pi/reTools/reWireTAP/reWireTAP.sh",shell=True) 88. while 1: 89. if lcd.buttonPressed(lcd.LEFT): 90. break 91. sleep(0.25) 92. 93. def DoQuit(): 94. lcd.clear() 95. lcd.message('Are you sure?\nPress Sel for Y') 96. while 1: 97. if lcd.buttonPressed(lcd.LEFT): 98. break 99. if lcd.buttonPressed(lcd.SELECT): 100. lcd.clear() 101. lcd.backlight(lcd.OFF) 102. quit() 103. sleep(0.25) 104. 105. def DoShutdown(): 106. lcd.clear() 107. lcd.message('Are you sure?\nPress Sel for Y') 108. while 1: 109. if lcd.buttonPressed(lcd.LEFT): 110. break 111. if lcd.buttonPressed(lcd.SELECT): 112. lcd.clear() 113. lcd.backlight(lcd.OFF) 114. commands.getoutput("sudo shutdown -h now") 115. quit() 116. sleep(0.25) 117. 118. def DoReboot(): 119. lcd.clear() 120. lcd.message('Are you sure?\nPress Sel for Y') 121. while 1: 122. if lcd.buttonPressed(lcd.LEFT): 123. break 124. if lcd.buttonPressed(lcd.SELECT): 125. lcd.clear() 126. lcd.backlight(lcd.OFF) 127. commands.getoutput("sudo reboot") 128. quit() 129. sleep(0.25) 130. 131. def LcdOff(): 132. global currentLcd 133. currentLcd = lcd.OFF 134. lcd.backlight(currentLcd) 135. 136. def LcdOn(): 137. global currentLcd 138. currentLcd = lcd.ON 139. lcd.backlight(currentLcd) 140.

APPENDIXC141. def LcdRed(): 142. global currentLcd 143. currentLcd = lcd.RED 144. lcd.backlight(currentLcd) 145. 146. def LcdGreen(): 147. global currentLcd 148. currentLcd = lcd.GREEN 149. lcd.backlight(currentLcd) 150. 151. def LcdBlue(): 152. global currentLcd 153. currentLcd = lcd.BLUE 154. lcd.backlight(currentLcd) 155. 156. def LcdYellow(): 157. global currentLcd 158. currentLcd = lcd.YELLOW 159. lcd.backlight(currentLcd) 160. 161. def LcdTeal(): 162. global currentLcd 163. currentLcd = lcd.TEAL 164. lcd.backlight(currentLcd) 165. 166. def LcdViolet(): 167. global currentLcd 168. currentLcd = lcd.VIOLET 169. lcd.backlight(currentLcd) 170. 171. def ShowDateTime(): 172. if DEBUG: 173. print('in ShowDateTime') 174. lcd.clear() 175. while not(lcd.buttonPressed(lcd.LEFT)): 176. sleep(0.25) 177. lcd.home() 178. lcd.message(strftime('%a %b %d %Y\n%I:%M:%S %p', localtime())) 179. 180. def ValidateDateDigit(current, curval): 181. # do validation/wrapping 182. if current == 0: # Mm 183. if curval < 1: 184. curval = 12 185. elif curval > 12: 186. curval = 1 187. elif current == 1: #Dd 188. if curval < 1: 189. curval = 31 190. elif curval > 31: 191. curval = 1 192. elif current == 2: #Yy 193. if curval < 1950: 194. curval = 2050 195. elif curval > 2050: 196. curval = 1950 197. elif current == 3: #Hh 198. if curval < 0: 199. curval = 23 200. elif curval > 23: 201. curval = 0 202. elif current == 4: #Mm 203. if curval < 0: 204. curval = 59 205. elif curval > 59: 206. curval = 0 207. elif current == 5: #Ss 208. if curval < 0: 209. curval = 59 210. elif curval > 59: 211. curval = 0

APPENDIXC212. return curval 213. 214. def SetDateTime(): 215. if DEBUG: 216. print('in SetDateTime') 217. # M D Y H:M:S AM/PM 218. curtime = localtime() 219. month = curtime.tm_mon 220. day = curtime.tm_mday 221. year = curtime.tm_year 222. hour = curtime.tm_hour 223. minute = curtime.tm_min 224. second = curtime.tm_sec 225. ampm = 0 226. if hour > 11: 227. hour -= 12 228. ampm = 1 229. curr = [0,0,0,1,1,1] 230. curc = [2,5,11,1,4,7] 231. curvalues = [month, day, year, hour, minute, second] 232. current = 0 # start with month, 0..14 233. 234. lcd.clear() 235. lcd.message(strftime("%b %d, %Y \n%I:%M:%S %p ", curtime)) 236. lcd.blink() 237. lcd.setCursor(curc[current], curr[current]) 238. sleep(0.5) 239. while 1: 240. curval = curvalues[current] 241. if lcd.buttonPressed(lcd.UP): 242. curval += 1 243. curvalues[current] = ValidateDateDigit(current, curval) 244. curtime = (curvalues[2], curvalues[0], curvalues[1], curvalues[3], curvalues[4]

, curvalues[5], 0, 0, 0) 245. lcd.home() 246. lcd.message(strftime("%b %d, %Y \n%I:%M:%S %p ", curtime)) 247. lcd.setCursor(curc[current], curr[current]) 248. if lcd.buttonPressed(lcd.DOWN): 249. curval -= 1 250. curvalues[current] = ValidateDateDigit(current, curval) 251. curtime = (curvalues[2], curvalues[0], curvalues[1], curvalues[3], curvalues[4]

, curvalues[5], 0, 0, 0) 252. lcd.home() 253. lcd.message(strftime("%b %d, %Y \n%I:%M:%S %p ", curtime)) 254. lcd.setCursor(curc[current], curr[current]) 255. if lcd.buttonPressed(lcd.RIGHT): 256. current += 1 257. if current > 5: 258. current = 5 259. lcd.setCursor(curc[current], curr[current]) 260. if lcd.buttonPressed(lcd.LEFT): 261. current -= 1 262. if current < 0: 263. lcd.noBlink() 264. return 265. lcd.setCursor(curc[current], curr[current]) 266. if lcd.buttonPressed(lcd.SELECT): 267. # set the date time in the system 268. lcd.noBlink() 269. os.system(strftime('sudo date --set="%d %b %Y %H:%M:%S"', curtime)) 270. break 271. sleep(0.25) 272. 273. lcd.noBlink() 274. 275. def ShowIPAddress(): 276. if DEBUG: 277. print('in ShowIPAddress') 278. lcd.clear() 279. lcd.message(commands.getoutput("/sbin/ifconfig").split("\n")[1].split()[1][5:]) 280. while 1:

APPENDIXC281. if lcd.buttonPressed(lcd.LEFT): 282. break 283. sleep(0.25) 284. 285. # Get a word from the UI, a character at a time. 286. # Click select to complete input, or back out to the left to quit. 287. # Return the entered word, or None if they back out. 288. def GetWord(): 289. lcd.clear() 290. lcd.blink() 291. sleep(0.75) 292. curword = list("A") 293. curposition = 0 294. while 1: 295. if lcd.buttonPressed(lcd.UP): 296. if (ord(curword[curposition]) < 127): 297. curword[curposition] = chr(ord(curword[curposition])+1) 298. else: 299. curword[curposition] = chr(32) 300. if lcd.buttonPressed(lcd.DOWN): 301. if (ord(curword[curposition]) > 32): 302. curword[curposition] = chr(ord(curword[curposition])-1) 303. else: 304. curword[curposition] = chr(127) 305. if lcd.buttonPressed(lcd.RIGHT): 306. if curposition < DISPLAY_COLS - 1: 307. curword.append('A') 308. curposition += 1 309. lcd.setCursor(curposition, 0) 310. sleep(0.75) 311. if lcd.buttonPressed(lcd.LEFT): 312. curposition -= 1 313. if curposition < 0: 314. lcd.noBlink() 315. return 316. lcd.setCursor(curposition, 0) 317. if lcd.buttonPressed(lcd.SELECT): 318. # return the word 319. sleep(0.75) 320. return ''.join(curword) 321. lcd.home() 322. lcd.message(''.join(curword)) 323. lcd.setCursor(curposition, 0) 324. sleep(0.25) 325. 326. lcd.noBlink() 327. 328. # An example of how to get a word input from the UI, and then 329. # do something with it 330. def EnterWord(): 331. if DEBUG: 332. print('in EnterWord') 333. word = GetWord() 334. lcd.clear() 335. lcd.home() 336. if word is not None: 337. lcd.message('>'+word+'<') 338. sleep(5) 339. 340. class CommandToRun: 341. def __init__(self, myName, theCommand): 342. self.text = myName 343. self.commandToRun = theCommand 344. def Run(self): 345. self.clist = split(commands.getoutput(self.commandToRun), '\n') 346. if len(self.clist) > 0: 347. lcd.clear() 348. lcd.message(self.clist[0]) 349. for i in range(1, len(self.clist)): 350. while 1: 351. if lcd.buttonPressed(lcd.DOWN):

APPENDIXC352. break 353. sleep(0.25) 354. lcd.clear() 355. lcd.message(self.clist[i-1]+'\n'+self.clist[i]) 356. sleep(0.5) 357. while 1: 358. if lcd.buttonPressed(lcd.LEFT): 359. break 360. 361. class Widget: 362. def __init__(self, myName, myFunction): 363. self.text = myName 364. self.function = myFunction 365. 366. class Folder: 367. def __init__(self, myName, myParent): 368. self.text = myName 369. self.items = [] 370. self.parent = myParent 371. 372. def HandleSettings(node): 373. global lcd 374. if node.getAttribute('lcdColor').lower() == 'red': 375. LcdRed() 376. elif node.getAttribute('lcdColor').lower() == 'green': 377. LcdGreen() 378. elif node.getAttribute('lcdColor').lower() == 'blue': 379. LcdBlue() 380. elif node.getAttribute('lcdColor').lower() == 'yellow': 381. LcdYellow() 382. elif node.getAttribute('lcdColor').lower() == 'teal': 383. LcdTeal() 384. elif node.getAttribute('lcdColor').lower() == 'violet': 385. LcdViolet() 386. elif node.getAttribute('lcdColor').lower() == 'white': 387. LcdOn() 388. if node.getAttribute('lcdBacklight').lower() == 'on': 389. LcdOn() 390. elif node.getAttribute('lcdBacklight').lower() == 'off': 391. LcdOff() 392. 393. def ProcessNode(currentNode, currentItem): 394. children = currentNode.childNodes 395. 396. for child in children: 397. if isinstance(child, xml.dom.minidom.Element): 398. if child.tagName == 'settings': 399. HandleSettings(child) 400. elif child.tagName == 'folder': 401. thisFolder = Folder(child.getAttribute('text'), currentItem) 402. currentItem.items.append(thisFolder) 403. ProcessNode(child, thisFolder) 404. elif child.tagName == 'widget': 405. thisWidget = Widget(child.getAttribute('text'), child.getAttribute('functio

n')) 406. currentItem.items.append(thisWidget) 407. elif child.tagName == 'run': 408. thisCommand = CommandToRun(child.getAttribute('text'), child.firstChild.dat

a) 409. currentItem.items.append(thisCommand) 410. 411. class Display: 412. def __init__(self, folder): 413. self.curFolder = folder 414. self.curTopItem = 0 415. self.curSelectedItem = 0 416. def display(self): 417. if self.curTopItem > len(self.curFolder.items) - DISPLAY_ROWS: 418. self.curTopItem = len(self.curFolder.items) - DISPLAY_ROWS 419. if self.curTopItem < 0: 420. self.curTopItem = 0

APPENDIXC421. if DEBUG: 422. print('------------------') 423. str = '' 424. for row in range(self.curTopItem, self.curTopItem+DISPLAY_ROWS): 425. if row > self.curTopItem: 426. str += '\n' 427. if row < len(self.curFolder.items): 428. if row == self.curSelectedItem: 429. cmd = '-'+self.curFolder.items[row].text 430. if len(cmd) < 16: 431. for row in range(len(cmd), 16): 432. cmd += ' ' 433. if DEBUG: 434. print('|'+cmd+'|') 435. str += cmd 436. else: 437. cmd = ' '+self.curFolder.items[row].text 438. if len(cmd) < 16: 439. for row in range(len(cmd), 16): 440. cmd += ' ' 441. if DEBUG: 442. print('|'+cmd+'|') 443. str += cmd 444. if DEBUG: 445. print('------------------') 446. lcd.home() 447. lcd.message(str) 448. 449. def update(self, command): 450. global currentLcd 451. global lcdstart 452. lcd.backlight(currentLcd) 453. lcdstart = datetime.now() 454. if DEBUG: 455. print('do',command) 456. if command == 'u': 457. self.up() 458. elif command == 'd': 459. self.down() 460. elif command == 'r': 461. self.right() 462. elif command == 'l': 463. self.left() 464. elif command == 's': 465. self.select() 466. def up(self): 467. if self.curSelectedItem == 0: 468. return 469. elif self.curSelectedItem > self.curTopItem: 470. self.curSelectedItem -= 1 471. else: 472. self.curTopItem -= 1 473. self.curSelectedItem -= 1 474. def down(self): 475. if self.curSelectedItem+1 == len(self.curFolder.items): 476. return 477. elif self.curSelectedItem < self.curTopItem+DISPLAY_ROWS-1: 478. self.curSelectedItem += 1 479. else: 480. self.curTopItem += 1 481. self.curSelectedItem += 1 482. def left(self): 483. if isinstance(self.curFolder.parent, Folder): 484. # find the current in the parent 485. itemno = 0 486. index = 0 487. for item in self.curFolder.parent.items: 488. if self.curFolder == item: 489. if DEBUG: 490. print('foundit') 491. index = itemno

APPENDIXC492. else: 493. itemno += 1 494. if index < len(self.curFolder.parent.items): 495. self.curFolder = self.curFolder.parent 496. self.curTopItem = index 497. self.curSelectedItem = index 498. else: 499. self.curFolder = self.curFolder.parent 500. self.curTopItem = 0 501. self.curSelectedItem = 0 502. def right(self): 503. if isinstance(self.curFolder.items[self.curSelectedItem], Folder): 504. self.curFolder = self.curFolder.items[self.curSelectedItem] 505. self.curTopItem = 0 506. self.curSelectedItem = 0 507. elif isinstance(self.curFolder.items[self.curSelectedItem], Widget): 508. if DEBUG: 509. print('eval', self.curFolder.items[self.curSelectedItem].function) 510. eval(self.curFolder.items[self.curSelectedItem].function+'()') 511. elif isinstance(self.curFolder.items[self.curSelectedItem], CommandToRun): 512. self.curFolder.items[self.curSelectedItem].Run() 513. 514. def select(self): 515. if DEBUG: 516. print('check widget') 517. if isinstance(self.curFolder.items[self.curSelectedItem], Widget): 518. if DEBUG: 519. print('eval', self.curFolder.items[self.curSelectedItem].function) 520. eval(self.curFolder.items[self.curSelectedItem].function+'()') 521. 522. # now start things up 523. uiItems = Folder('root','') 524. 525. dom = parse(configfile) # parse an XML file by name 526. 527. top = dom.documentElement 528. 529. currentLcd = lcd.OFF 530. LcdOff() 531. ProcessNode(top, uiItems) 532. 533. display = Display(uiItems) 534. display.display() 535. 536. if DEBUG: 537. print('start while') 538. 539. lcdstart = datetime.now() 540. while 1: 541. if (lcd.buttonPressed(lcd.LEFT)): 542. display.update('l') 543. display.display() 544. sleep(0.25) 545. 546. if (lcd.buttonPressed(lcd.UP)): 547. display.update('u') 548. display.display() 549. sleep(0.25) 550. 551. if (lcd.buttonPressed(lcd.DOWN)): 552. display.update('d') 553. display.display() 554. sleep(0.25) 555. 556. if (lcd.buttonPressed(lcd.RIGHT)): 557. display.update('r') 558. display.display() 559. sleep(0.25) 560. 561. if (lcd.buttonPressed(lcd.SELECT)): 562. display.update('s')

APPENDIXC563. display.display() 564. sleep(0.25) 565. 566. if AUTO_OFF_LCD: 567. lcdtmp = lcdstart + timedelta(seconds=5) 568. if (datetime.now() > lcdtmp): 569. lcd.backlight(lcd.OFF)

APPENDIX-D

APPENDIX-D

APPENDIXE

FullBatteryDepletionTest

Reconnaissance Attack Bit Rate (Mbps) Battery life (Hrs) Inline Ethernet packet capture Average traffic 39.2Inline Ethernet packet capture 100 28.9

Inline Ethernet packet capture 50 34.5Inline Ethernet packet capture 10 37.9

31.15

39.2

28.9

34.537.9

WirelessMultichannelAccessPointPacket

Capture

WiredInlineEthernetWireTAPgeneraluse

WiredInlineEthernetWireTAPat100Mbps

WiredInlineEthernetWireTAPat50Mbps

WiredInlineEthernetWireTAPat10Mbps

TimeTillBatteryDepletion(Hours)

TimeTillBatteryDepletion(Hours)

APPENDIXE

VmstatOutputValuesfor30secondsatBandwidthof10Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----

rbswpdfreebuffcachesisobiboincsussyidwast

00081280846348555080015290220009900

000812732463485564800005062324029800

000812516463485578400005029318019900

000812360463485592000005024311019900

1008122364635656044000365058329119900

000812144463565619200005030317019900

000811988463565632400005012336039700

000811864463565646000005011300019900

0008117404635656592000050383110010000

0008116804636456724000165027342019900

000811548463645687200005026311019900

000811392463645700800005066322019900

000811364463645714400005048322019900

0008112084636457284000050233030010000

0008110844637257408000165058329019800

000810772463725755200005029317019900

000810680463725769200005035308019900

000810556463725782400005028308019900

000810308463725796000005038317019900

0008101524638058084000165042325019900

000810060463805823200005078327019900

000809968463805836400005053329019900

100809844463805850400005025353019800

000809704463805863600005065337119800

000809548463885876400040325076387019800

000809424463885890800005021315019900

000809472463885918000005151256019900

000809320463885917600005202274019900

000809196463885931600005124256019900

0208090404639259448000525063345019810

APPENDIXE

VmstatOutputValuesfor30secondsatBandwidthof20Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----

rbswpdfreebuffcachesisobiboincsussyidwast

000767356469681000960011798830009900

0007672644696810024000005050326019900

2007671564696810037600005037317019900

0007670644696810051600005095331019900

00076694046976100648000365027329019900

0007668164697610078400005028310019900

00076669246976100920000050513170010000

0007665684697610105600005021315019900

0007662884697610118800005016309009900

00076619646984101324000165050335019900

0007660404698410146000005036312019900

0007659484698410159600005037308019900

0007657004698410172800005071309019900

0007655764698410185600005096235019900

0007654524699210199600040565131285029800

0007653284699210212800005144257019900

0007652044699210227200005027290019900

0007650484699210240800005029311009900

0007649564699210254400005058320019900

00076480047000102676000445044329019900

0007647084700010281600005032315019900

0007645764700010295600005058341019900

0007644844700010309200005071344019900

0007642964700010322800005042318019900

00076417247008103368000205046339019900

0007640484700810350400005032313019900

0007639244700810363600005022305019900

00076376847008103772000050483180010000

0007635204700810390800005036312019900

00076342847016104036000205002340029800

APPENDIXE

VmstatOutputValuesfor30secondsatBandwidthof30Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----

rbswpdfreebuffcachesisobiboincsussyidwast

000759908471841077920097102229009900

0007597844718410793200005048321019900

0007596604718410806400005066330019900

0007595364718410820400005004302019900

0007594124718410833600085049319019900

00075930447192108464000365072317009900

0007591804719210860400005118228019900

0007590244719210873600005143238019900

0007589004719210888000005051302019900

0007588404719210901600005087339019900

00075868447200109144000165077316019900

0007585604720010928000005117234019900

0007584364720010942000005105272019900

0007581884720010956000005052312019900

0007580644720010969200005038311019900

00075794047208109812000165136263019900

00075794047208109960000050412820010000

0007578084720811010000005034311019900

0007575284720811024000005035319019900

0007573724720811037200005024315019900

00075728047216110512000165030326019900

0007568924721611064400005082388019900

00075678447216110780000050483160010000

0007566604721611091200005030308019900

0007565364721611105200045205064363019900

02075641247220111176000205059269009550

0007562884722411130000045379325009730

00075616447224111432000050353170010000

0007560404722411156800005053315019900

0007560124722411170400005067338019900

APPENDIXE

VmstatOutputValuesfor30secondsatBandwidthof40Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----

rbswpdfreebuffcachesisobiboincsussyidwast

000752960473601144560087105228009900

0007528524736011459600005069330119900

10075280847368114732000365057337019900

0007528164736811486800005095331019900

0007526284736811500400005041320019900

0007525044736811514000005047334019900

0007523964736811528000005030315019900

00075227247376115408000165032322019900

0007521484737611554400005042323019900

0007520244737611568400005046328029800

0007519004737611581600005031307019900

0007517764737611594800005040339029800

00075162047384116088000245023330019900

00075149647384116220000050213010010000

0007513724738411635600005033325019900

0007512484738411648800005033324019900

0007511164738411663600005031306019900

00075086847392116768000245049330019900

0007508404739211690400005095331019900

0007507164739211704400005025308019900

0007505604739211718000005031306019900

0007504684739211731600005050322019900

00075034447400117448000205031326019900

00075018847400117588000050313060010000

0007500964740011772400005054324019900

0007500044740011785600005048311029800

0007498164740011798800005030310019900

02074981647404117980000472051261830159400

1007496604740811807600047879323009190

0007495364740811821200005107305019900

APPENDIXE

VmstatOutputValuesfor30secondsatBandwidthof50Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----

rbswpdfreebuffcachesisobiboincsussyidwast

000743800475201233640088106329009900

0007436604752012350800005046329019900

1007435364752012364000005032310029800

0007434124752012377600005071336029800

0007432884752012391600005089331029800

00074322847528124056000325064326009900

0007431044752812418800005038312019900

0007429484752812432400005036315019900

0007426844752812446400005052316029800

0007425604752812459600005030319019900

00074246847536124732000405054345019900

0007423444753612486400005035304019900

0007421564753612500400005023307019900

1007420644753612513600005050311019900

0007419404753612527200005030311019900

00074181647544125408000125089366029700

2007416924754412554400005090335029800

0007415204754412567600005050332019900

1007413964754412581600005040324019900

0007412724754412594800005033315019900

02074120047548126068000437651281560059400

00074109247552126184000476993330083160

00074096847552126320000050883010010000

0007407204755212645600005090300019900

200740784475601265800001252252560010000

0007406284756012671600005102240019900

0007405364756012686800005033309019900

0007403804756012700000005053324019900

0007402564756012713600005025311019900

00074013247568127268000125050345019900

APPENDIXE

VmstatOutputValuesfor30secondsatBandwidthof60Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----

rbswpdfreebuffcachesisobiboincsussyidwast

000736532476601302840078107330009900

00073658047668130428000325118330019900

0007363324766813056000005104302019900

00073620847668130696000050882970010000

0007360524766813082800005074326019900

1007359284766813096800005044311019900

00073580447676131100000165036336019900

0007356804767613124000005047325019900

0007354324767613137200005033306019900

0007353084767613150800005032313019900

0007351524767613164000005045319019900

00073502847684131780000125055330019900

1007349044768413191600005008316019900

0007347164768413204800005026323019900

00073462447684132188000050393060010000

0007345004768413232000005009312019900

00073437647692132456000125046336019900

0007342204769213259200005053301019900

0007342204769213286000005147257019900

0007340324769213285200005139240019900

0007338764769213298400005098279019900

0007337204770013312400041245131379019630

0007335964770013326800005100316019900

00073344047700133404000051033030010000

0007333484770013353600005053311019900

0007332244770013367600005048330019900

00073306847708133804000485104346019900

0007329764770813408000005131237019900

1007328524770813421600005122267019900

0007327204770813421600005101376029800

APPENDIXE

VmstatOutputValuesfor30secondsatBandwidthof70Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----

rbswpdfreebuffcachesisobiboincsussyidwast

000728320478321385400078108630009900

000728188478401386800003651073340010000

0007280644784013881600005035310019900

00072794047840138948000285025339019900

0007278164784013908800005047309019900

0007276924784013922000005049315019900

00072741247848139356000165050340019900

0007273204784813948800005037305019900

0007271964784813962800005037314019900

0007270404784813976000005041318019900

0007269484784813989600005035314019900

10072682447856140032000165047330019900

0007266684785614016800005039315019900

0007266084785614030400005073327019900

0007264524785614044000005043311019900

0007262964785614056800005067289029800

00072617247864140700000165085245019900

0007260484786414083600005130230019900

00072589247864140968000051232360010000

0007257684786414110800005087230019900

0007256444786414125200005116257019900

00072539647872141392000165096399119800

0007253044787214152400005041315019900

0007251484787214166000043165087366029800

0007250244787214179600005042316019900

0007249004787214192800005027309019900

00072452847880142060000245094301029800

2007244044788014219600005133257019900

0007242404788014233600005122224019900

10072411647880142476000051272300010000

APPENDIXE

VmstatOutputValuesfor30secondsatBandwidthof80Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----

rbswpdfreebuffcachesisobiboincsussyidwast

000718320479841483800069109431009900

000718040479921485200003251163230010000

1007179404799214865600005028317019900

0007178484799214878800005030316029800

00071772447992148924000450343180010000

0007175684799214906000005027310019900

00071744448000149188000125050331019900

0007173204800014932800005040310019900

0007172124800014946400005012310019900

0007171524800014960000005020316019900

00071702848000149736000050353090010000

00071678048008149832000125108251019900

1007166884800814998400005139236019900

0007165324800815014000005029308019900

0007164084800815027600005027307019900

0007162844800815040800005041314019900

00071616048016150432000125065299019900

0007160364801615066000005110218019900

0007160364801615084400005062299019900

0007157884801615095600005064327019900

1007158204801615109200005099320019900

00071560448024151188000125131262019900

00071548048024151368000050263150010000

1007153564802415150400005055314029800

0007152324802415164000044325056413029700

0007151084802415177200005022310019900

000714984480321517560002850781280083160

00071482848032151960000050903060010000

0007147284803215209600005086296019900

1007146044803215223600005110299019900

APPENDIXE

VmstatOutputValuesfor30secondsatBandwidthof90Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----

rbswpdfreebuffcachesisobiboincsussyidwast

000711792481361545760069109831009900

0007115524813615471200005217316019900

0007114284813615484800005194301019900

00071127248136154984000052133100010000

10071099248144155124000405179340019900

0007108684814415525600005139306019900

0007107124814415539600005143316019900

0007105884814415552800005133309019900

0007104644814415566400005150313019900

00071018448152155796000205158351019900

0007100604815215593600005125308019900

0007099364815215607200005127304019900

00070981248152156204000051483170010000

0007096564815215634400005162337029800

00070940848160156480000205163326019900

1007093164816015661600005149324019800

0007091924816015675200005131321029800

00070903648160156888000051243090010000

0007089444816015702000005149308019900

00070882048168157156000125119330019900

0007086644816815728800005141307019900

0007085724816815742800005143314019900

0007084484816815756000085134324019900

0007083244816815769600005130305009900

10070820048176157824000125164327019900

0007080444817615796800005152322019900

1007079204817615810000005124303019900

0007076724817615823600046245189377019900

0007075164817615837200005129308019900

00070751648184158500000205158310019900

APPENDIXE

VmstatOutputValuesfor30secondsatBandwidthof1000Mbpsprocs-----------memory-------------swap-------io-----system--------cpu-----

rbswpdfreebuffcachesisobiboincsussyidwast

000704356482801612840069110831009900

1007044124828016141600005317243019900

0007043804828016156400005271225019900

00070425648288161696000325236244019900

0007041324828816183200005249234019900

0007040084828816196400005225226019900

00070388448288162104000051403070010000

0007036204828816222800005275315019900

00070349648296162372000125168305029800

00070337248296162508000051353040010000

0007032484829616264400005140310019900

0007031244829616277600005127307019900

0007030004829616291200005178330019900

00070296448304163040000125230261029800

0007028404830416318400005219233019900

0007025924830416332000005240228019900

0007024684830416345200005220242019900

0007023444830416359200005242246019900

00070220448312163732000125190397129800

0007020804831216386400005149313019900

1007019244831216399200005244233019900

0007018004831216414000005138307019900

0007017084831216427600005159338019900

00070146048320164408000365213313019900

0007013364832016453600005216222019900

0007012844832016467200005242259019900

0007012524832016481600005195262019900

0007011284832016494800005124305019900

0207010364832416508400046805149221019090

00070088048328165204000492862960189100

APPENDIXE

APPENDIXE

0

767356

0

0

0

0

0

0

0

0

812808

767264

759908

752960

743800

736580

728320

718320

711792

704412

46392

100096

47224

47408

47568

47708

47880

48032

48184

48328

59448

104036

111704

118212

127268

134216

142476

152236

158500

165204

0 100000 200000 300000 400000 500000 600000 700000 800000 900000

10

20

30

40

50

60

70

80

90

100

Maxvaluetakenfrom30x1secondinterval(Memory)

memorycache memorybuff memoryfree memoryswpd Log.(memoryfree) Expon.(memorycache)

APPENDIXE

0

0

0

0

0

0

0

0

0

0

809040

46968

756012

749536

740132

732720

724116

714604

707516

700880

46348

46968

47184

47360

47520

47660

47832

47984

48136

48280

55508

0

107792

114456

123364

130284

138540

148380

154576

161284

0 100000 200000 300000 400000 500000 600000 700000 800000 900000 1000000

10

20

30

40

50

60

70

80

90

100

Band

width(M

bps)

Minvaluetakenfrom30x1secondinterval(Memory)

memorycache memorybuff memoryfree memoryswpd Expon.(memoryfree) Linear(memorycache)

APPENDIXE

1 0 0 1 0 0 1 0 0 11 1 1 2 2 2 2 2 2 21 0

5

40 40

3 0

16

0

10

0

5

10

15

20

25

30

35

40

45

1 2 3 4 5 6 7 8 9 10

Maxvaluestakenfrom30x1secondinterval(CPU)

cpuus cpusy cpuwa cpust Expon.(cpusy)

APPENDIXE

97

0

95

59 59

96 98

83

98

89

10 20 30 40 50 60 70 80 90 100

Bandwidth(Mbps)

Minvaluestakenfrom30x1secondinterval(CPU)

cpuid Linear(cpuid)

APPENDIXE

5202 51445379

78797699

5147 5133 5139 5217

9286

387 344 388 339 366 379 399 413 377 397

0

1000

2000

3000

4000

5000

6000

7000

8000

9000

10000

0 20 40 60 80 100 120

Bandwidth(Mbps)

Maxvaluetakenfrom30x1secondinterval(System)systemin systemcs

APPENDIXE

902

30

10221052 1063 1073 1086 1094 1098 1108

200

29 28 29 30 30 31 31 310

200

400

600

800

1000

1200

0 2 4 6 8 10 12

Bandwidth(Mbps)

Minvaluetakenfrom30x1secondinterval(System)systemin systemcs

DEANKAY-1208626

UNIVERSITYOFBOLTONMAY2016

MAJORPROJECT-SUPERVISORYMEETING

LOGBOOK

APPENDIXF

1.IntroductionThefollowingdocumentisalogofthesupervisorymeetingsthatwhereattendedwiththeprojectsupervisor.Itwillprovideaverybriefsummaryoftheofdiscussionsthatwheremaderegardingtheproject.

2.WeeklyLogs30thNovember-6thDecemberMeetingwithRobcancelledastheauthorfeltunwell.7thDecember-13thDecemberNomeeting14thDecember-20thDecemberNomeeting21stDecember-27thDecemberCHRISTMASVACATION28thDecember-3rdJanuaryCHRISTMASVACATION 4thJanuary-10thJanuaryNomeeting11thJanuary-17thJanuaryNomeeting2.2.318thJanuary-24thJanuaryTIRIWEEK25thJanuary-31stJanuaryNomeeting1stFebruary-7thFebruaryMeetingwithRobcancelledasRobwasill8thFebruary-14thFebruaryMeetingwithRobtheauthordiscussedfeasibilityoftheprojectandsetgoalofpracticalimplementationforthefollowingweek.15thFebruary-21stFebruaryNomeeting22ndFebruary-28thFebruaryMeetingwithRobtheauthordiscussedthedissertationstructureansetadeliverableoftheLCDmenutobecompletedfornextmeeting.29thFebruary-6thMarchNomeeting7thMarch-13thMarchMeetingwithRob,theauthordiscussedrefiningtheattackvectorsfrom5downto1.14thMarch-20thMarchMeetingwithRob,theauthordiscussednetworkattackswhichwereabletobesuccessfullyimplementedforthenextmeeting.

APPENDIXF

21stMarch-27thMarchEASTERVACATION28thMarch-3rdAprilEASTERVACATION4thApril-10thAprilMeetingwithRobtheauthordiscussedachangeinTORtodoonlyreconnaissanceattackintheproject.11thApril-17thAprilMeetingwithRobtheauthordiscussedtestingwithbatterylifewhileperformingreconnaissanceattacks.18thApril-24thAprilNomeeting25thApril-1stMayMeetingwithRobSkypecallfinalisingwhattestswherestillrequired2ndMay-8thAprilMeetingwithRobemergencyskypecalltoanswergenericquestionsonreportsstructure.

3.ConclusionOveralltheweeklysupervisorymeetingsagreatassettowardsthecompletionoftheproject,mostofthemilestonesthatwheresetbythesupervisorwheremetandencouragedtheauthortonotprocrastinateduringtheprojecttimeline.