Developing A Security Suite

Hello readers,

Recently I’ve been working alongside the folks at Cyber Rehab developing new software and new methodologies to combat some of the emerging threats in the Norwegian, European, and U.S. markets. Our work has focused at least in part on creating intelligent botnet prevention techniques that can be implemented at a variety of scales.

Some of the techniques include:

  • Adaptive scripting for port monitoring software
  • Honeypots and automating call to actions for negligent ISP’s
  • Rehabilitation strategies
  • Cloud based applications for port mirroring
  • Packet recursion for analysis purposes
  • Server software and hardware improvements

Putting together ideas and crafting prototypes is fun and challenging but testing them will be a lengthy process that could require plenty of time and patience so in the meanwhile we’ll be doing some related security work.

Scripting your own security suite consists mostly of knowing which tools you need and only implementing them case by case. This can be done easily in python, C++, SQL, and that isn’t as hard as it sounds – if you use bash you can probably figure it out. If you script your own firewall you certainly can.

In bash a script to add just the tools can be a simple install list – where as scripting just specific functions like port scanning is quite similar. You mostly need the library and if – else (or in this case try – except statements.) I’ll show an example from python for beginners:

#!/usr/bin/env python
import socket
import subprocess
import sys
from datetime import datetime

# Clear the screen'clear', shell=True)

# Ask for input
remoteServer    = raw_input("Enter a remote host to scan: ")
remoteServerIP  = socket.gethostbyname(remoteServer)

# Print a nice banner with information on which host we are about to scan
print "-" * 60
print "Please wait, scanning remote host", remoteServerIP
print "-" * 60

# Check what time the scan started
t1 =

# Using the range function to specify ports (here it will scans all ports between 1 and 1024)

# We also put in some error handling for catching errors

    for port in range(1,1025):  
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        result = sock.connect_ex((remoteServerIP, port))
        if result == 0:
            print "Port {}: 	 Open".format(port)

except KeyboardInterrupt:
    print "You pressed Ctrl+C"

except socket.gaierror:
    print 'Hostname could not be resolved. Exiting'

except socket.error:
    print "Couldn't connect to server"

# Checking the time again
t2 =

# Calculates the difference of time, to see how long it took to run the script
total =  t2 - t1

# Printing the information to screen
print 'Scanning Completed in: ', total

Naturally you’ll all be invited to bring your thoughts and strategies to the table – that is part of the fun.

Running in virtualbox

One of our tools is this OS developed on Suse Studios. It serves as a base upon which to build several of these strategies and works as a nice server distro even in virtualbox with 1 Gb Ram. It has a KDE desktop and many tools built in but is far from a completed project so bear that in mind while testing.

To get more involved with CyberRehab click here. In the subject line mention you heard about it from Brian. If you are doing any kind of scripting or coding you might very well find yourself contributing code sooner than later.

One of the python scripts we might adapt if we all agree it will benefit the project looks like this one taken from BinaryTides:

#Packet sniffer in python for Linux
#Sniffs only incoming TCP packet
import socket, sys
from struct import *
#create an INET, STREAMing socket
    s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
except socket.error , msg:
    print 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]
# receive a packet
while True:
    packet = s.recvfrom(65565)
    #packet string from tuple
    packet = packet[0]
    #take first 20 characters for the ip header
    ip_header = packet[0:20]
    #now unpack them :)
    iph = unpack('!BBHHHBBH4s4s' , ip_header)
    version_ihl = iph[0]
    version = version_ihl >> 4
    ihl = version_ihl & 0xF
    iph_length = ihl * 4
    ttl = iph[5]
    protocol = iph[6]
    s_addr = socket.inet_ntoa(iph[8]);
    d_addr = socket.inet_ntoa(iph[9]);
    print 'Version : ' + str(version) + ' IP Header Length : ' + str(ihl) + ' TTL : ' + str(ttl) + ' Protocol : ' + str(protocol) + ' Source Address : ' + str(s_addr) + ' Destination Address : ' + str(d_addr)
    tcp_header = packet[iph_length:iph_length+20]
    #now unpack them :)
    tcph = unpack('!HHLLBBHHH' , tcp_header)
    source_port = tcph[0]
    dest_port = tcph[1]
    sequence = tcph[2]
    acknowledgement = tcph[3]
    doff_reserved = tcph[4]
    tcph_length = doff_reserved >> 4
    print 'Source Port : ' + str(source_port) + ' Dest Port : ' + str(dest_port) + ' Sequence Number : ' + str(sequence) + ' Acknowledgement : ' + str(acknowledgement) + ' TCP header length : ' + str(tcph_length)
    h_size = iph_length + tcph_length * 4
    data_size = len(packet) - h_size
    #get data from the packet
    data = packet[h_size:]
    print 'Data : ' + data

While we won’t use this one itself – something quite similar will probably be implemented soon and if getting involved excites you but you don’t know how to code – perhaps visit If you complete a few courses there we can certainly get you involved.

Let us know in the comments what you think!

Spread the love

10 thoughts on “Developing A Security Suite”

  1. Thank you for another great post. Where else could anybody get that type of information in such a perfect way of writing? I have a presentation next week, and I am on the look for such information.

  2. It is difficult to find knowledgeable individuals on this subject, but you sound like you understand what you’re talking about! Thanks

  3. What’s Going down i am new to this, I stumbled upon this I have found It positively helpful and it has aided me out loads. I’m hoping to give a contribution & aid different customers like its aided me. Good job.

  4. I love your blog.. very nice colors & theme. Did you create this website yourself or did you hire someone to do it for you? Plz respond as I’m looking to create my own blog and would like to know where u got this from. cheers

  5. Hi exceptional website! Does running a blog similar to this take a lot of work? I’ve very little knowledge of computer programming however I had been hoping to start my own blog soon. Anyhow, should you have any suggestions or techniques for new blog owners please share. I know this is off topic nevertheless I simply wanted to ask. Kudos!

  6. Hi my friend! I want to say that this article is amazing, nice written and include almost all significant infos. I’d like to see more posts like this.

  7. It’s the best time to make some plans for the future and it is time to be happy. I have read this post and if I could I want to suggest you few interesting things or tips. Perhaps you could write next articles referring to this article. I want to read more things about it!

  8. Good day! I know this is kinda off topic but I was wondering which blog platform are you using for this website? I’m getting sick and tired of WordPress because I’ve had problems with hackers and I’m looking at alternatives for another platform. I would be awesome if you could point me in the direction of a good platform.

  9. Your place is valueble for me. Thanks!…

Leave a Reply

Your email address will not be published. Required fields are marked *