jaydeltathree

I am happy

I have not accomplished anything thesis specific today, but nevertheless I am happy. Last night my project partner and I submitted our project status update. We didn't have any real data until my partner got fed up with Nepenthes and installed Amun. I am glad he did, because before the day was over he collected a significant amount of malware. I am going to try Amun too, even though my ISP blocks problem ports, who knows? I also want to run tcpdump on my target machine to see what ports attackers are scanning.

While I was working on the report, Fedora crashed on me twice. I decided that I'd had enough and installed Kubuntu. To my relief, it really does "just work." I had none of the problems I had with Fedora trying to get audio and wireless to work. To my dismay, however, I learned that the data DVD backups I made with k3b left out some significant data. While all the hidden folders in my home directory got copied, none of the files in these folders got copied. I checked my previous backup, and its the same thing. So I'm wondering if this is a bug in k3b or whether I just screwed up. The only thing I really was upset about was the Thingamablog database. I just installed Thingamablog today, which is running *very* slow for some reason, and when I was trying to figure out what to do I realized the database did get copied after all, because it wasn't in the .thinga folder, it was under documents/html/thingamablog. So that's why I am happy. I figured the only way out of this would have been to copy all the html files and then sift through them for content and put the data back into Thingamablog. I wouldn't have had to start from the beginning though, since my windows backup had the database on it.

Let's see. Yesterday I talked to the network head and he agreed to give me the address space I need for the project. I sent him my configuration file so that he could be sure that I wouldn't be attacking the network.

Today I figured out how to do some very basic things in click. What I'm trying to do now is how to do something like NAT with click. I've been having a lot more trouble trying to just print out basic stuff than I thought I would. Most of my problem is trying to do things the way I think they should work rather than the way the examples show.

Also shot off an email to my advisor asking for some additional hardware resources.

I hate myself

for having so little to report here. Last night I was thinking about the possibility of using dynamic IP addresses. This morning I added wireless to thei list of possibilities, especially since most of the ISPs in town seem to be WISPs. I contacted Cybercom *again*, this time by email, and looked at a few alternatives. However, some internet searching revealed that most people have some antenna setup on top of their house to get the WISP signals, whereas if I went with Cybercom I wouldn't have to deal with that.

And...that's about it. I'm working on my mini-review now--and it seems I've been doing that for hours. Or rather, I should have been working on it...

As for the rest...

...what can I say. I set up my reminder, and I still failed to post like I should have last week. Sometimes I felt like I didn't have anything significant to post, even when sometimes's that's the point. Hopefully I'll do better this week.

I really am going to get this...

By that I mean actually doing daily logs. As a matter of fact, I'm going to make myself a reminder right after I finish this blog. No, I'm going to do it RIGHT NOW...

...DONE. That didn't take long, did it? Okay, so this weekend, I was preoccupied with turning in the (late) homework. Late this week, I was reading the Honeypot books I got from the library. This week, I read some of the papers that the professor sent. By "some of," I mean I read some of each of them. The masters' thesis was encouraging, because it didn't seem too complicated.

I spent a ridiculous amount of time trying to connect with Dave via IM. We have done some communication. He did most of the work on putting together a proposal. At first, what we had down on file seemed like something we wouldn't even have done before it was time for me to graduate. But we scaled back, and the professor kind of okayed that before we even told him about it. So that's good.

I'm getting a better and better feel for what I want to do for my thesis. It may or may not line up totally with the project. I downloaded a couple of interesting things. I was beginning to think about what an uphill battle I could have trying to write my thesis on OpenOffice with the potential compatibility issues, because as I understand it, the thesis has to be just so. I considered the possibility of doing it in Latex for a second, then dismissed that as crazy. I reconsidered when I found a Latex thesis template on the thesis website. Its for EE though. I need to confirm with the thesis office that I can use it. That alone reminded me that the initial format doesn't matter, just the end result, which I'm betting is .pdf.

I also downloaded the proposal submission information again. For a minute there I though all we needed to submit was what the proposed title of the thesis, but the instructions give the actual info. I should probably go talk to someone in the thesis office sooner rather than later. And I think I'll ask Daniel how his experiences with the office have been.

What happened to Monday?

So I'm already failing in my endeavor to post something every work day. I just wasted too much time yesterday. At some point I realized that I couldn't follow the example in Intrusion Prevention and Active Response because I'm running a 64-bit operating system, so I decided to run the homework in a virtual machine. I had Xubuntu already downloaded, so I installed it, but after I did and even copied the source I had over, then for some strange reason I decided I wanted to go with Slackware. One reason was that Xubuntu didn't have the C headers, which I thought was retarded, but all I had to do was download them. Instead I took a whole day to download Slackware, and though the operating system works okay (minus the terminal emulator) the virtual resize doesn't work. So then I thought about going back to Xubuntu, but I've already downloaded metasploit to the other. Whatever I do, I've got to stop making hard tasks harder, and work on accomplishing tasks rather than making more tasks.

I talked to Dave today, and he talked to the instructor, so there was some positive communication. We talked about setting up computers, our plan for the proposal and start of work, and setting up the wiki and using Jabber. We both need to read the materials. I should have printed the papers while I was at school, but I'm going to bite the bullet and just use my Windows VM to print to school from now on--don't need to make something like printing harder than it is.

I learned something valuable on the homework front--the addresses I saw in gdb weren't just strange, they were random. And I can stop that randomization by changing some variable using sysctl.

Um, where am I?

Okay um, I talked to Dr. Gu yesterday and I talked to Dave. We ended up getting paired together for the project. It sounds like we really are doing the same thing, because it seems that Dave wants to reverse engineer botnet protocols. In order to do that, he needs to capture and analyze botnets, which are the first two steps for my project too. Dave wants to use Jabber to collaborate, and we definitely need *something* as he doesn't live anywhere near campus and will only be at the campus for class. It occurred to me later that a wiki actually could come in handy here--maybe the wiki could become our final report. Maybe.

I checked out two books from the library on honeypots. So my goal should be what? To outline frameworks for the project--existing ones, and whatever new ones we will design.

Changes

Should have posted yesterday. I want to get into the habit of posting at the end of the 'workday', which would be around 5PM. We'll see how that works. I talked with Dr. Gu yesterday, and we discussed some *very* significant things. What came out of that discussion was the decision to scrap my current thesis idea, and go with a new idea where I basically recreate a botnet capturing idea from a paper we read in class, and then I try to improve upon that idea. I will then take a portion of that project as my project for Dr. Gu's class. So now I need to clear this with Dr. Pooch.

*Something*

I'm typing something in here, just because. So what's happened since my last post. Well, Hurricane Ike, for one, but that didn't affect me personally, but it did affect my parents. On the work front, yesterday I met with Dr. Pooch, and he told me that my idea about designing a remote module may be too much, when all the while I was thinking it was too little. He was saying I should describe the taxonomy rather than actually try to code it. That sounds good, because I don't know if I could actually code such a thing. I guess I better get on it.

I guess that's really what I should be looking at now, what an active response looks like. What would an active response module look like?

Dr. Pooch also signed my degree change and I have a time to meet Dr. Loguinov to sign it tomorrow...or rather, later today.

I've been focusing on CPSC 689 lately. I got a stanglehold on the first part of the homework. I also got a green light from Dr. Pooch to talk to Dr. Gu, so I think I'll try to do that tomorrow--talk to him about my project ideas and about my thesis. I should probably send him my thesis ideas up front--or maybe even send everything up front by email so he can digest it beforehand and we can talk. I'll decide that tomorrow.

Its been a long time...

Too long. And its not like I haven't done anything since my last post. The main reason why its been so long is because I upgraded my hard drive AND went from using Vista to Fedora. Its taken me this long to install Thingamablog on the new hard drive and then go back to the old one and copy the database files.

So what have I done since my last post. Well, not that much. Well, I've done lots of things, I just haven't accomplished much. I did install OSSEC, but I have no idea how it works yet. Last night while I was trying to figure out for the umpteenth time how to get Infrarecorder to work under Vista (you have to format the DVDs first), I went ahead and installed the new hard drive on my test machine, setup the partitions and installed Zenwalk. I was having trouble with Xorg at first, and when it came up, I was surprised to see that it was in 1024x768, seeing that the Intel graphics chipset seems to max out at 800x600. Then whenever I tried to start a terminal it would crash and go back to the display manager. I thought that was because of the graphics card limitation, but apparently its just a problem with the terminal. I downloaded the gnome terminal and that apparently fixed it.

Yesterday

Yesterday I basically wasted an entire day. I don't mean that I did not do one productive thing the entire day--if nothing else I sent our defective wireless keyboard back to be replaced. What I mean is that I didn't do what I was supposed to do. After I came back from the Post Office, I came to the library, and I was supposed to work on my thesis. Right now that means that I need to be learning about intrusion detection, gaining knowledge about the subject matter. I did not do that. I spent the entire day surfing the web, looking at computers, televisions, digital pianos, but not one time did I crack a book. Its pretty sad. I am going to do better today.

Craziness

I finally got this blog thing where I feel like its worth posting to, and now I'm not able to publish--the server is not accepting FTP. That's strange, because I seem to be able to access it by the web, but then, there appears to be more than one server somehow.

So...I had one blog which I guess should have been remotely related to academics, but I seemed to mostly post my spiritual state. Then I created a work blog to keep track of my thesis work from day to day and the work I did on CCDC. But it was getting too difficult to maintain more than one blog, and I had said at one time if I did do another blog everything would be put all in one blog. The bad thing about that is that people who may be interested in the academic stuff may be put off by the personal stuff, and vice versa. But in all likelihood, nobody is going to look at the blog but me. And if I use categories correctly, people can still separate the blog into whatever they want to look at. Similarly, I am using Thingamablog as opposed to just Notepad as I had been doing before, but Thingamablog does not allow for comments. More than likely, nobody will be looking at the blog to comment anyway.

Last Week

I didn't accomplish much last week. I'd been on 'vacation' since my dad came to town, which was around June 14th. The previous week we went to Florida. I don't even think I made it to the library until at least Tuesday, maybe Wednesday. I pulled the Intrusion Detection book off the shelf several times, but I didn't do any actual work. I remember now, that first day I spent time trying to create a sample C++ program to create a Windows (Vista) Contacts object. The goal was to familiarize myself with Windows Contacts to create a Thunderbird plugin. I failed miserably. A Windows Contact is a COM+ object, and creating one isn't as cut and dried as I thought.

I honestly don't remember doing anything of value on Thursday. No, wait, I emailed Willis Marti telling what little I actually had done and asking him if Patrick had actually gone to CCDC. He said he'd been as a participant and as a coach. On Friday, I started working on getting Thingamablog to the place where I could use it for all my blogging needs. I finished that today. My goal is to merge entries from both previous blogs into Thingamablog. It would be a cut and paste job if it weren't for the fact that the dates have to be entered using the form field. That's going to take time for each entry.