1. Performed by: Shai Yaakobovith Baroch Oren Instructor: Yivgeny Rivkin Cooperated with:PSL Lab המעבדה למערכות ספרתיות מהירות High speed digital systems laboratory הטכניון - מכון טכנולוגי לישראל הפקולטה להנדסת חשמל Technion - Israel institute of technology department of Electrical Engineering דו ” ח סיכום חלק א ’ Subject: WinCE Based TCP/IP Security Agent סמסטר אביב תש " ס 1

2. Abstract המעבדה למערכות ספרתיות מהירות High speed digital systems laboratory 2 The maintainance of large networks, containing distant segments, is sometimes problematic. The information on each segment is local, and will be visible only on this specific segment. Therefore we see the need of segmential maintainance agents, each responsible for his own segment. In our project, we try to design a protoype of a segmential agent, agent with minimal hardware and software requierements. Trying to be more practical with our task, we are dealing with a specific network maintainance problem: we try to offer security against the well-known problem of DNS attacks. Our effort has been stressed on building the software infrastructure of such an agent.

3. System description המעבדה למערכות ספרתיות מהירות High speed digital systems laboratory 3 Network Monitor WinCE based Agent WinCE based Agent WinCE based Agent

4. DNS Attack המעבדה למערכות ספרתיות מהירות High speed digital systems laboratory 4 WinCE based Agent Network

5. Suggested Sulotion המעבדה למערכות ספרתיות מהירות High speed digital systems laboratory The agent a PC dedicated for net security Sniffes all segment activity Relies on external update-able executable, downloaded from the monitoring server Reporting on suspected attackers to the monitoring server Assists the monitor in blocking forbidden net activity, upon its request 5 Consists of: Agents distributed along the different segments Monitoring server for central managment

6. Specification המעבדה למערכות ספרתיות מהירות High speed digital systems laboratory Hardware * CE PC computer - may be handheld in the future * TCP/IP Network card Software Windows CE operating system Agent Management – a program responsible for communicating with the monitor ATTACK, PROTECT – sample executables: simulating a DNS attacker, and a DNS protector agent 6

7. Agent_man Block Diagram המעבדה למערכות ספרתיות מהירות High speed digital systems laboratory 7 This is a process that manages the communication with the monitoring server. MonitorListener In charge of the communication with the server – mutual updates. InitProcess GetCommand ProcessCommand Initiates a TCP channel (socket), and begins listening on the monitoring agent port. Starts the GetCommand thread. A thread running a loop: reads commands from the TCP channel, and forwards them to process_command function. Parser – recognizes monitoring server ’ s commands and responds.

8. What has been done so far המעבדה למערכות ספרתיות מהירות High speed digital systems laboratory Future plans 1.Finish interfacing the monitoring server 2.Plan and implement the ATTACK/PROTECT processes 3.Test integrity of the whole system 4.Simulate an DNS attack/protect to prove ampirically that a DNS protector is reasnable sulotion to the DNS attack. 1.Introduction to the Windows CE OS 2.Building a specific OS platform = IMAGE 3.Design and implementation of the Agent_manegment process 8

9. Problems we have encountered המעבדה למערכות ספרתיות מהירות High speed digital systems laboratory 1.WinCE doesn’t include a lot of functions ; 2.some we had to implement by ourselfs 3.WinCE uses unicode characters, 4.while network traffic doesn’t 5.Cherry card malfunctions caused delays 6.WinCE 2.12 supports FTP only on x86 processors - we had to switch platforms 7.WinCE does not seem to support two processes concurrently working on FTP - we had to use another station 8.Platform builder appeard buggy - we switched to eMbedded IDE 9