Stupot project | Computer Science

Description:

Was a one of my successful projects that was funded for a year at Deakin University by Professor Wanlei Zhou. Stupot stands for the Study of Honeypot Technology. Its objectives were at the time: “This project is being conducted was conducted for 1 year and to be integrated into Deakin’s New Security Lab” [Though the integrations never came about]. The goal was “to produce a number of different datasets and analysis for researchers in the study of Malware and Denial of Service Attacks.”

The StuPot project required a number of hardware and software requirements so that attacks could be carried out in a safe environment and to collect data. I was also free to conduct what research I wanted to on the system. There were issue to overcome such as investigating, planned and implementation of the system using Four Pentium III’s. Though, using PentIII’s seems like old technology it allowed me to avoid damaging expensive equipment at Deakin University. It also kept my cost low if I broke a machine during experimentation or data collection. Since, at the time I didn’t know what to expect. The question of whether PenIII’s had plenty of power to implement the DDoS attack programs and reflect what is going on in today’s attack, I can assure they are. . The system was built upon a number of open source software like Ubuntu, Xbuntu and Debian. I played around with these O/S and used Tshark (the command line version of Wireshark) and Tcpdump to collect IP traffic, PHP and MySQL to data mine the data collected and the free compiler of C/C++ and Sun Java to execute the DDoS programs.

The goal of the project was collect a number of datasets that are available on this website [coming soon!]. The datasets have used a number of time for research and have been published in alot of my papers. I also used these datasets for my Thesis on Protecting Web Services from Distributed Denial of Service attack. Other researchers have also used these datasets to look at the inefficiencies of the SNORT IDS system and Stepping Stones

System Equipment

Our Current System consists of the following:

Faramir

1 Pentium 3 800mhz motherboard
20gig hard-drive
256k memory

Sauron

1 Pentium 3 800mhz motherboard
10gig hard-drive
256k memory

Gandelf

1 Pentium 3 800mhz motherboard
10gig hard-drive
256k memory
Debian operation system

Frodo

1 Pentium 3 800mhz motherboard
10gig hard-drive
256k memory
Debian operation system

We now four more machines that will be attached soon.

System Software

Faramir

Xbuntu operation system
Wireshark: For Traffic collection.
Snort: Intrusion Detection
Nepenthes: Honeypot, which is connect to the Honeypot of Australia.
Mysql: To Store Snort Alerts

Gandelf (DMZ)

Debian Operating System
Wireshark: For Traffic Collection
Snort: Intrusion Detection
TCP Dump: Another traffic collection (not active at this time)
Tripshare: A product of Wireshark.

Sauron

Debian operation system
HoneyD: HoneyPot
Snort: Used for intrusion detection
WireShark: To collect Traffic.
Sebek: From the honeypot project. To be implemented when we go into GenII phase.

Frodo

Debian operation system
Snort: Used for intrusion detection
WireShark: To collect Traffic.
Sebek: From the honeypot project. To be implemented when we go into GenII phase.