I spent this week putting the final touches on the poster abstract and then successfully submitted it to the Grace Hopper portal. I found the experience of writing a poster abstract very informative in terms of how to organize and present data, summarize research methods, explain results, referencing prior work and other research papers and more. It was an interesting look into the other side of scientific research that isn’t just about doing experiments, but rather effectively presenting your ideas to others.
In addition, we also discussed attending the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2015 ) conference in Oakland, CA. My next step is to write a essay to apply for the travel grant for NSDI.
For the time being, I have temporarily paused working on the WhoWas project in order to work on drafting and submit a poster abstract to Grace Hopper 2015. After consultation, we decided it would best to write about our research attempts to discover hosts behind a load-balancer where we have more data and results. The poster abstract will detail our four major approaches 1)counting IPid sequences, 2) calculating the clock skew from TCP timestamps, 3) searching for front-end identifiers, and 4) searching for AWSELB cookies.
As the first step, we were able to fork the existing WhoWas code from a git repository and get the code up and running it its original form. Currently, the WhoWas scanner accepts a list a IP ranges, attempts to initiate connection on port 80 (HTTP), 43 (HTTPS), or 21 (SSH). If the connection is successful it stores the relevant information( header, ip , etc) in a SQL database. This week we hope to look through the existing code and identify where we can make changes for our specific experiment.
For identifying misconfigurations, we have been doing a some preliminary research into how to tell if a particular service is insecure. With memcached for instance, if one is able to connect to an instance via telnet then we know that that memcached is open and listening to anyone in the world. MySQL, on the other hand, is a bit more difficult to several possible security vulnerabilities and determining which to classify as misconfigurations.