Changes between Version 3 and Version 4 of RubotSoftware


Ignore:
Timestamp:
Jul 8, 2010 5:28:33 PM (14 years ago)
Author:
arod
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • RubotSoftware

    v3 v4  
    1111Replace ‘/users/arod/seer_rubot’ with the path to your seer directory not the path to the wormAgent.py and replace ‘$node’ with each node in your experiment. 
    1212
    13 When you start SEER select the 'Worm' agent in the attack menu.  The 'IRC Host' variable specifies which node the IRC server will run on.  Make sure each node has a path to the IRC server so they can talk. This worm is started at one node and pointed towards other nodes within the network.  The node which the worm starts from is specified by the 'Worm Start' variable.  This node needs to be different from the IRC server.  The worm does not penetrate any defenses, but will successfully defeat a node if the node has a vulnerable server running on it (vulnserv.rb).  Select the nodes you want to become vulnerable in the 'Vulnerable Servers' variable.  The worm will branch out from the 'Worm Start' node and will attack the IP addresses you specify in the 'Target IPs' variable. 
     13When you start SEER select the 'Worm' agent from the attack menu.  The 'IRC Host' variable specifies which node will run the IRC server  Make sure each node has a path to the IRC server so they can talk. This worm is started at one node and pointed towards other nodes within the network.  The node which starts the worm is specified by the 'Worm Start' variable.  This node needs to be different from the IRC server.  The worm does not penetrate any defenses, but will successfully defeat a node if the node has a vulnerable server running on it (vulnserv.rb).  Select the nodes you want to become vulnerable in the 'Vulnerable Servers' variable.  The worm will branch out from the 'Worm Start' node and will attack the IP addresses you specify in the 'Target IPs' variable. 
    1414
    1515Once the vulnerable node has been 'attacked' by the worm it will run a series of commands embedded in vulnserv.rb.  These commands are running the payload, initiating communication with an IRC server, and attacking the next level of IP addresses.  The current payload is a get call to a website.  The communication between the bots and the IRC server is limited.  The bots will accept commands from the nick 'botmaster.'  The only commands they respond to are 'hi' and 'quit.'  For 'hi' each bot will respond with 'hi' and for 'quit' each bot will leave the IRC server and stop running vulnserv.rb.  More commands can be programed by altering vulnserv.rb.