SIDEN

/* features | requirements | platforms | download | contact */

Latest Stable Version: None
Latest Developers Version: 0.1.0

SIDEN is a distributed network discovery tool used for intrusion detection research purposes. The current SIDEN architecture allows you to simulate coordinated/distributed network probes by a group of attackers. Using it, you can simulate such probes against one target or many targets. The point of this is to generate the traffic caused by distributed network probes, so that we can analyze it in order to understand distributed network probes better. This will hopefully help us improve how Intrusion Detection Systems are written.

SIDEN uses a client/agent architecture. The client is called the "master". An agent represents an attacker. To use it, you have to install the master on one machine, and the agents on a few other machines. You can then tell the master that you want to scan a set of ports using agents A, B, and C. The master will then allocate ports to these agents, and command them to execute the scan. The agents perform the scans and return the results back to the master.

You can also view this project on Sourceforge.

features

Among SIDEN's features are as follows:

Selective ports
Randomised scans
Concurrent scanning
Delays

requirements

To install and run SIDEN, you need the following software:

Perl 5.6 - http://www.perl.com/
Nmap 2.53 - http://www.insecure.org/nmap/
Net-ext Perl module - somewhere on CPAN
Net::RawIP Perl module - http://quake.skif.net/RawIP/
Digest::MD5 Perl module - somewhere on CPAN

tested platforms

master

Platform Perl version Results

OpenBSD 2.7 5.6 Looks good.

FreeBSD 2.2.6 5.6 Looks good.

agent

Platform Perl version Results

OpenBSD 2.7 5.6 Looks good.

FreeBSD 2.2.6 5.6 Looks good.

Slackware 4.0 (Linux 2.2.12) 5.005_03 Not too good. :-(

SIDEN has been tested successfully on the OpenBSD and FreeBSD platforms. If you try SIDEN and it works on any other platform, please contact me. Yes, it sounds interesting that I haven't even tested it out on the popular Linux platform. :-) There should be little reason why it won't work on other platforms (especially UNIX variants), since it's fully implemented in Perl.

Update: Tried the master on a Slackware 4.0 box running Linux 2.2.12 with Perl 5.005_03. Tried to get it to communicate with an agent on a FreeBSD 2.2.6 box with Perl 5.6. Results weren't good unforunately. Will try to hunt down the bug.

download

The current version of SIDEN is 0.1.0 (developers version). This is the first release ever, so expect bugs, problems, and unimplemented features. And, the fact that I'm writing SIDEN while learning Perl may contribute to even more problems! :) Comments and suggestions are okay, but flames can be sent to /dev/null.

Download the tarball here -
ftp://siden.sourceforge.net/pub/siden/siden-0.1.0.tar.gz
http://download.sourceforge.net/siden/siden-0.1.0.tar.gz
(MD5: b5f5da44d96230d8bf03326be0662dca)

contact

SIDEN is developed by Lawrence Teo. I was previously researching on distributed intrusion detection techniques for my Honours degree at the School of Computer Science and Software Engineering at Monash University in Melbourne, Australia. I am now based in the Department of Software and Information Systems at the University of North Carolina at Charlotte. You can contact me at <lcteo@uncc.edu>, or visit my academic homepage.

Thanks to Sourceforge for hosting SIDEN.

Last updated: $Id: index.html,v 1.6 2000/11/07 05:02:17 lteo Exp lteo $