Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Current »

This is a work in progress.

Peer-to-Peer network node(s) need(s) to be robust enough to protect from DDoS attacks, malformed packets, brute-force attacks, and any unwanted or unauthorized access.

Network should have triggers that allow for back-off time periods or lock-out. You can incorporate the use of  https://suricata-ids.org/ and https://www.snort.org/ ideas into detection.  IDS/IPS/IMS.

Tests should run some sort of vulnerability assessment scanning method on host especially on exposed network sockets. Vulnerability assessment scanning tools like http://www.openvas.org/https://www.metasploit.com/, Nessus or https://www.kali.org/ have a good use case.

Custom security scripts for RChain could easily be written.

Load generator that can crank up traffic through RChain components and functions should be written. This could test network as well as component thresholds for functionality. You always want to find breaking points in something when it is not in production and then set mitigation controls.

The sooner you stop information in the OSI model (https://en.wikipedia.org/wiki/OSI_model) from a "bad actor" the better. It would be could to "lock-out" bad actors at network layer. You could use firewall on system to do this. Something to be considered.


Just testing the network through put of node.

Tools like iperf https://sourceforge.net/projects/iperf/ can test pure network throughput at different sized packets. We could use this or incorporate our own to test pure flow and reliability of network packets. You don't want dirty communications and dropped packets to be part of the store.

There are java implementations of this tool. https://github.com/ashishvshenoy/iperf-java


There is a lot of load testing software out there. Here are some examples. I think these are all on Kali Linux. Probably a whole lot more. 

https://github.com/httperf/httperf

https://software.microfocus.com/en-us/products/loadrunner-load-testing/overview

It's probably easier to use write your own load generators using BASH, curl and nmap.


More on Packet Crafting

Write your own code or use ...

You can use python scampy http://www.secdev.org/projects/scapy/ for packet mangling or crafting.

Netcat is nice as well. This has been used for ages by hackers.

http://help.ubidots.com/developer-guides/sending-tcpudp-packets-using-netcat

Looks like socat is an option. Looks very netcat like

https://discourse.criticalengineering.org/t/howto-crafting-arbitrary-network-packets-with-socat/51

  • No labels