Brain Dump…

Today, a friend of mine and I had some wonderful time…

Not skiing, not playing a game, not chasing beautiful women, but rather chasing awesome thoughts, reverse engineering, and cracking into some software, and here’re some ideas…

In fact the idea of having a page containing such content (as this one) and calling it “Brain Dump” is his idea…

Port Hopping VPN

In today’s modern privacy invasion era, privacy becomes more valuable, SCE, Cisco’s Service Control Engine does analyze every bit of traffic that flows on the network, the analysis goes deep into L7, URLs, Emails (to and from), the usage of VPN protocols and to/from which ports, and more…

This gave me the idea of a stealth VPN using a unique idea; Port Hopping..

It’s similar to Frequency Hopping Spread Spectrum in telecommunications, but instead of using different frequencies, we’d used different ports…

The idea has been around in my mind for sometime now, I even proposed this to the OpenVPN IRC channel and forums

It can be done only on UDP tunnels as UDP sockets doesn’t need to SYN/ACK and all the crap needed for the TCP socket initiation …

Shared Cache DNS Server

This is simply s farm of DNS caching servers that share their cache by means of memcached server(s)…

I’m thinking seriously to write that entirely from scratch in C++…

The DNS instances would receive the requests from users, do the needed recursion, store their cached results into a single/farm of memcached server(s)…

If anyone has ever seen a similar implementation, please buzz me…

ePHRELD (enhanced PHRELD)

PHRELD is one of a kind piece of software that uses libpcap in conjunction with IPTables to do some serious rate limiting, and DoS defending…

It however lacks one feature that would make it unbeatable; matching with RegEx on the content of the packets…

This can be extended into PHRELD in two different ways:

  • Write a library/function in C++ and libboost add hooks for it in the main code to allow it to test the content of a packet before counting it, and compile the entire program at once
  • Write the previously mentioned library/function in Python, and call these function by some hook to inspect the packet before counting it

If this is to happen, this would easily become one of the best DoS defense lines for many services…

And More

There has been also two more ideas, but I can’t just speak of them now for two reasons:

  • They’re money making ideas: we do consider of implementing them as mini-projects
  • One of them isn’t mine
Advertisements
%d bloggers like this: