Changes between Version 11 and Version 12 of RubotSoftware
- Timestamp:
- Jul 9, 2010 8:18:06 AM (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
RubotSoftware
v11 v12 1 1 = Rubot Documentation = 2 !RuBot was created by Chris Lee to provide a framework in ruby to study different botnets in a safe environment. One of these botnets is a simple worm propagation which has each bot connect to an IRC server. This code will allow the user to initiate a worm in one node and have to worm propagate to multiple other nodes. The code works by starting a vulnerable server on each node the user wants to infect. If the node being attacked is running a vulnerable server then the attack is successful. Each time a node is compromised it will run a payload and connect to an IRC server to receive commands. All user commands can be given via SEER. The payload and additional IRC commands have to be specified by changing the code.2 !RuBot was created by Chris Lee to provide a framework in ruby to study different botnets in a safe environment. This page gives an example of how to access and configure that framework for experimentation in DETER. We describe a simple use of !RuBot that has been coordinated through [http://seer.isi.deterlab.net/trac SEER]. This example is a starting point from which researchers can explore SEER integration and the !RuBot package. 3 3 4 In order to have this worm run in your experiment through SEER you need to have rubot.tgz installed on each node. Inside of the NS file you need to have:[[BR]][[BR]] 4 == A Sample Worm Propagation == 5 6 Our example is uses one of the !RuBot botnets that demonstrates a simple worm propagation which has each bot connect to an IRC server. This code will allow the user to initiate a worm in one node and have to worm propagate to multiple other nodes. The code works by starting a vulnerable server on each node the user wants to infect. If the node being attacked is running a vulnerable server then the attack is successful. Each time a node is compromised it will run a payload and connect to an IRC server to receive commands. All user commands can be given via SEER. The payload and additional IRC commands have to be specified by changing the code. 7 8 In order to have this worm run in your experiment through SEER you need to have rubot.tgz installed on each node. Inside of the NS file you need to have: 9 10 {{{ 5 11 tb-set-node-tarfiles [set $node] /usr/ /proj/Deter/tarfiles/rubot.tgz 12 }}} 6 13 7 14 So the !RuBot framework will be loaded onto each node. Replace ‘$node’ with the node(s) you want to have !RuBot on. The ‘/usr/’ is where !RuBot will be unzipped. !RuBot needs to be unzipped in the /usr directory.