| | 767 | |
| | 768 | <h1>PacketManipulator</h1> |
| | 769 | <ul> |
| | 770 | <li>Huge file import for pcap files</li> |
| | 771 | <li> HexView with insert mode - maybe should be rewritten from scratch (see also bless hex editor)</li> |
| | 772 | <li> Scripting interface/Metalanguage to support both backends</li> |
| | 773 | <li> Update UMPA backend</li> |
| | 774 | <li> Implement attack framework like ettercap</li> |
| | 775 | <li> Implement plugins like hping frontends that could be shared also with UMIT project </li> |
| | 776 | </ul> |
| | 777 | |
| | 778 | <h1>PacketManipulator - Traffic Network</h1> |
| | 779 | <p> |
| | 780 | Actually Umit Project have a mapper, that are able to see a network topology. The goal of this idea is use the mapper and expose his APIs to organize the packets sniffed in a network graph and for each node in the map create a colour linker that demonstrate the traffic network already sniffed. It could be useful for a network manager detects the overflow and traffic packages. |
| | 781 | </p><p> |
| | 782 | And it can register the traffic and show another view like statistic graphs about the Packet Types, and number of packets captured for each type. |
| | 783 | </p><p> |
| | 784 | It could possible to create a plugin based on the scripting interface/metalanguage that should be implemented first. |
| | 785 | </p> |
| | 786 | |
| | 787 | <h1>Nmap OS fingerprint database system</h1> |
| | 788 | <p> |
| | 789 | The Nmap OS fingerprint database is a set of signatures which represents many TCP/IP stack implementations of operating systems. How this system works is not easy to understand, but Nmap always has a good documentation of its features. In this case the student that wish apply this idea must be familiar with the Nmap OS detect documentation[0]. |
| | 790 | </p> |
| | 791 | |
| | 792 | This idea consists on a solution for two main problems: |
| | 793 | <p> |
| | 794 | 1. Nmap OS fingerprint system fails in some cases[1], but this is not because the database data, this happen because the design of the fingerprint matching algorithm. So, using a selective OS matching algorithm with the nmap-os-db file it's possible solve these problems without changes in Nmap code base. |
| | 795 | </p> |
| | 796 | <p> |
| | 797 | 2. Nmap results of its OS fingerprint system only can analysed from user statically. It'll interesting if users can choose the signature fields and algorithm to use when perform OS matching. |
| | 798 | </p><br /> |
| | 799 | <p> |
| | 800 | The choose of the OS matching algorithm depends on the format of the input, in this case a signature from nmap-os-db file. If you want to convert this alphanumeric data into numeric values you will amplify the possibilities of OS matching algorithm that can be used. |
| | 801 | </p> |
| | 802 | <b>References</b><br /> |
| | 803 | <br /> |
| | 804 | * [0] http://nmap.org/osdetect/<br /> |
| | 805 | * [1] http://www.phocean.net/?p=14 <br /> |
| | 806 | |
| | 807 | <h1>UmitMapper new features</h1> |
| | 808 | |
| | 809 | Idea it's add new features to Topology Network as called UmitMapper. Some topics that can be explored:<br /> |
| | 810 | |
| | 811 | 1. How represent graphically the existence of services in hosts.<br /> |
| | 812 | 2. Which others visualization techniques can be used to make visualization better.<br /> |
| | 813 | 3. What more kind of information can be expressed by the map. <br /> |
| | 814 | <br /> |
| | 815 | Look around for other network visualization tools[1,2] and see what they have, and what they don't have. |
| | 816 | |
| | 817 | <b>References</b><br /> |
| | 818 | <br /> |
| | 819 | * [0] http://www.dca.ufrn.br/~joaomedeiros/radialnet/<br /> |
| | 820 | * [1] http://networkviz.sourceforge.net/<br /> |
| | 821 | * [2] http://linkanalysis.wlv.ac.uk/ <br /> |
| | 822 | |
| | 823 | <h1>Vulnerabilities database system</h1> |
| | 824 | <p> |
| | 825 | The Umit classification for vulnerability score of hosts is based only on the number of ports that Nmap found. This can be improved using each port information like its service and version. To do this task is interesting create a relational database SQLite[0] compatible and an API to easily access database information (e.g. functions that return a vulnerabilities set give an service and version). Not just the services can be search in database but the operating system detected by Nmap too. Good database candidates are the National Vulnerability Database[1] and The Open Source Vulnerability Database[2].</p> |
| | 826 | <p> |
| | 827 | Beyond the database application interface would be good if the tool proposed has a user interface that give to the user the option of search for vulnerabilities and view them with a friendly form.</p> |
| | 828 | <p> |
| | 829 | Look around some vulnerability search engines to see what they have, and what they don't have. |
| | 830 | </p> |
| | 831 | <p> |
| | 832 | There are something in development. Please check: http://trac.umitproject.org/browser/nvdb |
| | 833 | </p> |
| | 834 | <b>References</b><br /> |
| | 835 | <br /> |
| | 836 | * [0] http://www.sqlite.org/<br /> |
| | 837 | * [1] http://nvd.nist.gov/<br /> |
| | 838 | * [2] http://osvdb.org/ <br /> |
| | 839 | |
| | 840 | |
| | 841 | <hr> |
| | 842 | Google will accept student applications from March 23 through April 3. The application link will be available from <a href='http://socghop.appspot.com'>Google Summer of Code 2009 site </a>. |
| | 843 | |
