Thursday, 30 April 2009

Some NS-2 code to simulate DoS and DDoS attacks

This is some basic TCL code that used for some simulations. This code works on the NS-2 network simulator.

Simple simulation with flow monitors. It creates 4 nodes: 1 UDP source and 1 TCP source (FTP), 1 destination node and 1 transit node. It monitors the flows coming in and out from the queue in the link between the transit and destination node. It dumps the trace data to a flow file.

Ping Flood . It creates two nodes. Node 1 floods ping packets to Node 2. It could be useful to simulate Denial of Service attacks.

Simple DoS Attack. It creates a topology of 7 nodes. Two nodes generate valid traffic (one UDP and another TCP in the form of FTP). Another node generates and UDP DoS.

Tuesday, 28 April 2009

SPAM and the commerce of fear

A few days ago I commented that the spammers would soon begin sending mails about medication against the swine flu and replacing the old viagra SPAM. Shortly after, the US-CERT warned of phishing attacks using this new vector for social engineering and the SANS published a list of sites that could generate malware/phishing /scams (according to the particular domain names selected).

Well today I received my first flu-related SPAM. Also, visiting a news site I found this ad from Google Ads. The ads are not malware sites (at least these three do not appear to be, but try them at your own risk), but certainly they plan to profit from the people's fear.

Well, I think that we humans are quite predictable.

Wednesday, 1 April 2009

The big news today about Conficker ... is that there is no news

For the moment everything looks calm. Although it is almost April 1 throughout the whole world there is not yet any news about of the end of the world. Today, the media expected big problems as result from the spreading of the worm conficker and the new "payload" that would be activated.

More than a result of a large patch campaign, I think that the famous worm exploited a large media campaign that exaggerated and overestimated its effects. I expect this to be just another day in the life of a security research. Anyway, if something happens, I will be updating my twitter and my tumbr (this is Spanish only). In case of infection or pro-action against the worm, here are some resources.