Apache, TicToCTrack, & Cyber Warfare – Hack Naked News #214

    This week, the Apache Tomcat Patches Important Remote Code Execution Flaw, New variants of Mirai botnet detected, targeting more IoT devices, Hackers used credentials of a Microsoft Support worker to access users’ webmail, TicTocTrack Smartwatch Flaws Can Be Abused to Track Kids, Ecuador suffered 40 Million Cyber attacks after the Julian Assange arrest, […]
The post Apache, TicToCTrack, & Cyber Warfare – Hack Naked News #214 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/EGmECVVR-L8/

BoNeSi – The DDoS Botnet Simulator

BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks.What traffic can be generated?BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly configurable and rates, data volume, source IP addresses, URLs and other parameters can be configured. What makes it different from other tools?There are plenty of other tools out there to spoof IP addresses with UDP and ICMP, but for TCP spoofing, there is no solution. BoNeSi is the first tool to simulate HTTP-GET floods from large-scale bot networks. BoNeSi also tries to avoid to generate packets with easy identifiable patterns (which can be filtered out easily).Where can I run BoNeSi?We highly recommend to run BoNeSi in a closed testbed environment. However, UDP and ICMP attacks could be run in the internet as well, but you should be carefull. HTTP-Flooding attacks can not be simulated in the internet, because answers from the webserver must be routed back to the host running BoNeSi.How does TCP Spoofing work?BoNeSi sniffs for TCP packets on the network interface and responds to all packets in order to establish TCP connections. For this feature, it is necessary, that all traffic from the target webserver is routed back to the host running BoNeSi How good is the perfomance of BoNeSi?We focused very much on performance in order to simulate big botnets. On an AMD Opteron with 2Ghz we were able to generate up to 150,000 packets per second. On a more recent AMD Phenom II X6 1100T with 3.3Ghz you can generate 300,000 pps (running on 2 cores).Are BoNeSi attacks successful?Yes, they are very successful. UDP/ ICMP attacks can easily fill the bandwidth and HTTP-Flooding attacks knock out webservers fast. We also tested BoNeSi against state-of-the-art commercial DDoS mitigation systems and where able to either crash them or hiding the attack from being detected.A demo video of BoNeSi in action can be found here.Detailed InformationBoNeSi is a network traffic generator for different protocol types. The attributes of the created packets and connections can be controlled by several parameters like send rate or payload size or they are determined by chance. It spoofs the source ip addresses even when generating tcp traffic. Therefor it includes a simple tcp-stack to handle tcp connections in promiscuous mode. For correct work, one has to ensure that the response packets are routed to the host at which BoNeSi is running. Therefore BoNeSi cannot used in arbitrary network infrastructures. The most advanced kind of traffic that can be generated are http requests.TCP/HTTP In order to make the http requests more realistic, several things are determined by chance:source portttl: 3..255tcp options: out of seven different real life options with different lengths and probabilitiesuser agent for http header: out of a by file given list (an example file is included, see below)Copyright 2006-2007 Deutsches Forschungszentrum fuer Kuenstliche Intelligenz This is free software. Licensed under the Apache License, Version 2.0. There is NO WARRANTY, to the extent permitted by law.Installation:~$ ./configure:~$ make:~$ make installUsage:~$ bonesi [OPTION…] Options: -i, –ips=FILENAME filename with ip list -p, –protocol=PROTO udp (default), icmp or tcp -r, –send_rate=NUM packets per second, 0 = infinite (default) -s, –payload_size=SIZE size of the paylod, (default: 32) -o, –stats_file=FILENAME filename for the statistics, (default: ‘stats’) -c, –max_packets=NUM maximum number of packets (requests at tcp/http), 0 = infinite (default) –integer IPs are integers in host byte order instead of in dotted notation -t, –max_bots=NUM determine max_bots in the 24bit prefix randomly (1-256) -u, –url=URL the url (default: ‘/’) (only for tcp/http) -l, –url_list=FILENAME filename with url list (only for tcp/http) -b, –useragent_list=FILENAME filename with useragent list (only for tcp/http) -d, –device=DEVICE network listening device (only for tcp/http, e.g. eth1) -m, –mtu=NUM set MTU, (default 1500). Currently only when using TCP. -f, –frag=NUM set fragmentation mode (0=IP, 1=TCP, default: 0). Currently only when using TCP. -v, –verbose print additional debug messages -h, –help print help message and exitAdditionally Included Example Files50k-bots50,000 ip addresses generated randomly to use with –ips optionbrowserlist.txtseveral browser identifications to use with –useragentlist optionurllist.txtseveral urls to use with –urllist optionDownload Bonesi

Link: http://www.kitploit.com/2019/02/bonesi-ddos-botnet-simulator.html

Hontel – Telnet Honeypot

HonTel is a Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service inside the chroot environment. Originally it has been designed to be run inside the Ubuntu environment, though it could be easily adapted to run inside any Linux environment.Documentation:Setting the environment and running the application requires intermmediate Linux administration knowledge. The whole deployment process can be found “step-by-step" inside the deploy.txt file. Configuration settings can be found and modified inside the hontel.py itself. For example, authentication credentials can be changed from default root:123456 to some arbitrary values (options AUTH_USERNAME and AUTH_PASSWORD), custom Welcome message can be changed from default (option WELCOME), custom hostname (option FAKE_HOSTNAME), architecture (option FAKE_ARCHITECTURE), location of log file (inside the chroot environment) containing all telnet commands (option LOG_PATH), location of downloaded binary files dropped by connected users (option SAMPLES_DIR), etc.Note: Some botnets tend to delete the files from compromised hosts (e.g. /bin/bash) in order to harden itself from potential attempts of cleaning and/or attempts of installation coming from other (concurent) botnets. In such cases either the whole chroot environment has to be reinstalled or host directory where the chroot directory resides (e.g. /srv/chroot/) should be recovered from the previously stored backup (recommended).Download Hontel

Link: http://feedproxy.google.com/~r/PentestTools/~3/7Qv62zGn_mo/hontel-telnet-honeypot.html

The Challenges of DIY Botnet Detection – and How to Overcome Them

Botnets have been around for over two decades, and with the rise of the Internet of Things (IoT) they have spread further to devices no one imagined they would – printers, webcams, and even toasters and fridges. Some botnets enlist infected devices to mine cryptocurrency or steal passwords from other devices. But others are, in […]
The post The Challenges of DIY Botnet Detection – and How to Overcome Them appeared first on Blog.

Link: http://feedproxy.google.com/~r/Imperviews/~3/Q2ddxijk5uI/