Constructing Virtual Laboratory for

Research and Education

(Progress Report --- Week 7)

Team members: Melissa Nichols and Nathan Torrez

Mentor: Dr. Anyi Liu
Outline
Timeline
List of Tasks (Updated)
Schedule and Achievement of Week 7
Successfully detecting attacks using Snort
Creating detection rules with Snort
Continuing to troubleshoot router ACTIVE status
Researching OpenStack SDK and CLI
The Plan of Week 8
Testing
References
Timeline
Week Six Write the module that can change
network topologies using OpenStack
API (Part 2)
Start working on the module that
can change the routing rules (Part 2)

Week Seven Continue working on the module

that can change the routing rules

(Part 2)
Draft the research paper
We are here
Week Eight Improve the performance and
efficiency of the virtual laboratory
Refine the user interface
Work on the poster
Continue work on research paper

Week Nine Conduct tests in virtual laboratory

environment
Revise research paper
Continue work on poster
If possible, work with VMI library
(libVMI)
Week Ten Finalize research paper
Finalize poster
Finalize tests and scripts
List of Tasks
Task
Getting familiarized with CloudLab,
Amazon EC2, and SSH clients
Adding function that lists virtual
machine images to confirm
connection to TesterScript
Downloading VM images from
CloudLab and running them locally
Creating better documentation on
how to run TesterScript and
MasterScript
Writing documentation
Adding functionality that allows
creation of multiple virtual machine
images at once using TesterScript
Using multithreading to speed up
creation of virtual machine images
Uploading VM images from local
machine and using SSH to connect
to them in CloudLab
Uploading an experiment from XML
document
Fixing XML Importation issues
regarding router interfaces
Status
Complete (Week One + Week Two)
Complete (Week Two)
Complete (Week Two)
Complete (Week Two)
In Progress (Week Two)
Complete (Week Three)
Complete (Week Three)
Complete (Week Two + Three)
Complete, but still need to automate
creation of router interfaces (Week
Three)
Complete(Week Four)
Finding better open-source SSH client Complete (Week Four)
Examining Python code in depth Complete (Week Four)
Running attack scenario on local Complete (Week Four)
computers
Creating virtual machine images for Complete (Week Five)
use with Attack Scenario
Running attack scenario in the cloud Complete (Week Five)
Creating documentation for instructors In Progress (Week Five)
and students to run Attack scenario
Experimenting with libvmi tools In Progress (Week Five)
Familizarizing ourselves with Snort, Bro, Complete( Week Five)
and nmap (Tools for detecting attacks)
Improving the performance and In Progress (Week Five)
efficiency of the virtual laboratory
Automating router interface recreation Found Alternative (Week Six)
from XML
Writing the module that can change In Progress (Week Six + Seven)
network topologies
Using a proxy to distribute IP addresses In Progress (Week Six + Seven)
for Attack scenario
Writing the module that can change To be completed
routing rules
Writing research paper To be completed
Creating the poster To be completed
The Achievement of Week 7
Day 1: Day 4:
Successfully detecting attack using Snort Continued researching port creation
using OpenStack SDK
Continued to research port creation
using OpenStack SDK Continued researching port creation
using OpenStack CLI
Day 2: Continued adding rules to detect
Continued researching port creation exploits using Snort
using OpenStack SDK Day 5
Researching port creation using Continued researching port creation
OpenStack CLI using OpenStack SDK
Continued adding rules to detect Continued researching port creation
exploits using Snort using OpenStack CLI
Day 3: Continued adding rules to detect
exploits using Snort
Continued researching port creation
using OpenStack SDK
Continued researching port creation
using OpenStack CLI
Continued adding rules to detect
exploits using Snort
 Day 1: Successfully detecting
attack using Snort
Snort allows the user to create a list of
rules that detect when there is unusual
activity on a certain port
Most attacks and exploits use
uncommon port numbers
We were successfully able to detect
the Unreal IRCD Daemon exploit,
however, the attack wasnt detected
until much later after the exploit had Snort rules and output when an attack is
already been run detected
Along with troubleshooting the delay in
detecting an attack, we continued to
troubleshoot router port creation
Day 2: Adding more rules using Snort and Continued
Troubleshooting Router Port Creation
OpenStack has multiple ways to
handle objects in the cloud: The
OpenStack SDK, OpenStack CLI,
and the OpenStack Dashboard
GUI client
We researched other ways we
could create router ports using
these methods to see if we could
find a way to fix our Router ACTIVE
status problem
We continued to add rules to Snort
to detect other exploits

Documentation for OpenStack Python SDK [1]

Days 3, 4, and 5: Adding more rules using Snort
and Continued Troubleshooting Router Port Creation

We were unable to find a fix for our router issues with the
OpenStack SDK or CLI
Router interfaces will have to be created manually, but
this does not take more than a few minutes
We were able to improve the time it takes for an exploit
to be detected using Snort and added this list of rules to
our Control Virtual machines
We also researched writing Snort rules that will block
certain port numbers.
Plan For Week 8

Continuing to write experiment documentation

Continue developing web client for experiment
Testing!
Our plans are to have the experiment ready for
testing by Thursday
References

[1] OpenStack Python SDK. (n.d.). Retrieved from

https://docs.openstack.org/user-guide/sdk.html