GSoC Candidate Intro and Project Discussion

["Dautenhahn, Nathan Daniel" <dautenh1 () illinois edu>]

Hey All-

My name is Nathan Dautenhahn. I am a second year PhD student at the University of Illinois at Urbana-Champaign and am 
interested in working with the Nmap project for GSoC 2011. With this message I would like to get to know some of the 
devs, as well as outline my initial thoughts for the project.

I would like to participate in the enhancement of Nmap's IPv6 capabilities. As I'm a researcher, I'm inclined to tackle 
more complex problems such as OS detection. I have previous experience in using statistical packet analysis to perform 
classification of encrypted traffic.

At this point I still need to specify in greater detail my ideas and scope for the project, but figured it would be 
good to start here to make sure that I'm getting the right feedback throughout the process. I will say I don't know how 
current IPv4 host detection occurs, and assume that I should start there. The following lists an initial approach I 
would take in order to develop host detection:


 *   Review IPv4 host recognition techniques and other literature on the subject
 *   Review IPv6 RFC Specification
 *   It seems as though host detection is very specific to the OS and other implementation specific issues, and as such 
profiling the different systems seems like a good first step. I would manually review packet traces from each OS in 
order to find any unique state produced by the system.
 *   Review other state output visible to the network. This task would be focused on exposing any unexpected state that 
could be used for host detection.
 *   After manually analyzing these traces and other output from the hosts I would start to develop some type of 
classification of different types of data we find valuable in performing host recognition.
 *   Would need to analyze and define what type of pattern/classification technique we will use.
 *   The next thing would be to build some type of initial prototype and see how it does.
 *   Then make modifications and recurse over testing and modification until the application performs as desired.

Like I said this is a very raw initial approach. Please provide any feedback to point the project in a direction that 
would better serve Nmap.

I have a few questions:

 *   What is the potential for publication coming from this work? Would Nmap be okay if attempted this, and would there 
be interest from Nmap to participate in this?
 *   Is this too advantageous of a project, or would I also need to add in some other work?

Additionally, the following link returns a 404 error: http://socghop.appspot.com/gsoc/org/home/google/gsoc2011/nmap

As well as: http://www.google-melange.com/gsoc/org/home/google/gsoc2011/nmap

These are the application and application template links.

Thanks,
::nathan::
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/