Sistema localizador interior de baixo custo

Projeto para obtenção do grau de Mestre em Engenharia Informática e de Computadores

An Upgrade of Network Traffic Recognition System for SIP/VoIP Traffic Recognition

The purpose of this project is to update the tool of Network Traffic Recognition System (NTRS) which is proprietary software of Ericsson AB and Tsinghua University, and to implement the updated tool to finish SIP/VoIP traffic recognition. Basing on the original NTRS, I analyze the traffic recognition principal of NTRS, and redesign the structure and module of the tool according to characteristics of SIP/VoIP traffic, and then finally I program to achieve the upgrade. After the final test with our SIP data trace files in the updated system, a satisfactory result is derived. The result presents that our updated system holds a rate of recognition on a confident level in the SIP session recognition as well as the VoIP call recognition. In the comparison with the software of Wireshark, our updated system has a result which is extremely close to Wireshark’s output, and the working time is much less than Wireshark. In the aspect of practicability, the memory overflow problem is avoided, and the updated system can output the specific information of SIP/VoIP traffic recognition, such as SIP type, SIP state, VoIP state, etc. The upgrade fulfills the demand of this project.

Sicurezza di rete, analisi del traffico e monitoraggio.

Il lavoro è stato suddiviso in tre macro-aree. Una prima riguardante un'analisi teorica di come funzionano le intrusioni, di quali software vengono utilizzati per compierle, e di come proteggersi (usando i dispositivi che in termine generico si possono riconoscere come i firewall). Una seconda macro-area che analizza un'intrusione avvenuta dall'esterno verso dei server sensibili di una rete LAN. Questa analisi viene condotta sui file catturati dalle due interfacce di rete configurate in modalità promiscua su una sonda presente nella LAN. Le interfacce sono due per potersi interfacciare a due segmenti di LAN aventi due maschere di sotto-rete differenti. L'attacco viene analizzato mediante vari software. Si può infatti definire una terza parte del lavoro, la parte dove vengono analizzati i file catturati dalle due interfacce con i software che prima si occupano di analizzare i dati di contenuto completo, come Wireshark, poi dei software che si occupano di analizzare i dati di sessione che sono stati trattati con Argus, e infine i dati di tipo statistico che sono stati trattati con Ntop. Il penultimo capitolo, quello prima delle conclusioni, invece tratta l'installazione di Nagios, e la sua configurazione per il monitoraggio attraverso plugin dello spazio di disco rimanente su una macchina agent remota, e sui servizi MySql e DNS. Ovviamente Nagios può essere configurato per monitorare ogni tipo di servizio offerto sulla rete.

Tor network forensics and hidden service deanonymization

The cybernetics revolution of the last years improved a lot our lives, having an immediate access to services and a huge amount of information over the Internet. Nowadays the user is increasingly asked to insert his sensitive information on the Internet, leaving its traces everywhere. But there are some categories of people that cannot risk to reveal their identities on the Internet. Even if born to protect U.S. intelligence communications online, nowadays Tor is the most famous low-latency network, that guarantees both anonymity and privacy of its users. The aim of this thesis project is to well understand how the Tor protocol works, not only studying its theory, but also implementing those concepts in practice, having a particular attention for security topics. In order to run a Tor private network, that emulates the real one, a virtual testing environment has been configured. This behavior allows to conduct experiments without putting at risk anonymity and privacy of real users. We used a Tor patch, that stores TLS and circuit keys, to be given as inputs to a Tor dissector for Wireshark, in order to obtain decrypted and decoded traffic. Observing clear traffic allowed us to well check the protocol outline and to have a proof of the format of each cell. Besides, these tools allowed to identify a traffic pattern, used to conduct a traffic correlation attack to passively deanonymize hidden service clients. The attacker, controlling two nodes of the Tor network, is able to link a request for a given hidden server to the client who did it, deanonymizing him. The robustness of the traffic pattern and the statistics, such as the true positive rate, and the false positive rate, of the attack are object of a potential future work.

Ypres rally network

Along of this document the reader could find a suitable network design and solution for the Rally Championship of Ypres meeting all the requirements set by the organization of the rally. These requirements have brought many problems in accordance with the network standards, because the area where the boxes are located is pretty large nevertheless technologies to solve those problems are detailed in the project. It has been included different designs in the project, each one of them based on distinct characteristic as they could be efficient, performance… , and the most important, since the organization of the rally is non-profit , the budget. Nevertheless we didn’t dismiss the use of long-lasting devices, as CISCO devices, despite their price. Furthermore a configuration of routing/switching devices has been explained for those who will be commanded to implement this solution. This solution is design to supply internet access as well as video streaming to all boxes for what teams can follow the championship in live time. The maximum connection of internet service provider (ISP) is 160Mbps, this bandwidth has to be distributed for the boxes dynamically. Finally to ensure the network works out it has to be monitored, this is reachable by using network analysis tools which in this project Wireshark has been chosen. RESUMEN. A lo largo de este documento, el lector encontrara un posible diseño y una posible solución para la red local del circuito de Rally celebrado en Ypres, cumpliendo con todos los requisitos y especificaciones establecidos por la organización. Estos requisitos han causado problemas de conformidad con los estándares de la red, debido a que la zona donde se encuentran los Boxes de los equipos es bastante larga, sin embargo las tecnologías para resolver esos problemas se detallan en este proyecto. Se han incluido diferentes diseños, cada uno de ellos centrado en aspectos diferentes así como la eficacia, el rendimiento, el presupuesto, etc... Esta solución está diseñada para suministrar acceso a Internet, así como la transmisión dinámica de video a todos los equipos para que puedan seguir la competición en tiempo real. Finalmente para controlar y asegurar que la red funciona, será monitorizada mediante herramientas de análisis de redes (Wireshark).