REG : Project Proposal - GSOC 2014

[Sriharsha Karamchati <leo.harsha93 () gmail com>]

 Hi,


This is a draft of my proposal for GSoC 2014.Any feedback/Suggestions on
this are appreciated!

I. Basic/Contact Information

Name: Sriharsha Karamchati

Email Address: leo.harsha93 () gmail com, I also use
sriharsha.karamchati () students iiit ac in

Instant messenger names and protocols (if any):

Nick : Chati ,I'm available on IRC (#nmap) daily.

Telephone number (optional): Available for future mentor only.

URL for résumé/CV:
http://web.iiit.ac.in/~sriharsha.karamchati/Btech_Sriharsh%20Karamchati_201102037.pdf

Personal/blog/LinkedIn/Twitter URLs:

I have none.


<https://stackexchange.com/users/1097930/d33tah?tab=accounts>II. Project
Selection

Top Project Choice (If choosing one from the Nmap ideas page):

New IPv6 OS SCAN FEATURES

For Details visit :
https://secwiki.org/w/GSoC_community_ideas#New_IPv6_OS_scan_features

Are you willing and able to do other projects instead?

Absolutely, with pleasure! While preparing for this proposal I only looked
into IPv6 fingerprinting and basic scanning features so far, but I will
definitely love to work on any other project instead. This would be a great
opportunity to learn more about the projects from the Nmap family.

I could also work with any of these projects below, I found them
interesting and very much related with work I have done so far:

Refer  https://svn.nmap.org/nmap/todo/nmap.txt for details.

1)Consider implementing both global and per-host congestion control in the
IPv6 OS detection engine.

2)Move advanced IPv6 host discovery features from NSE into core Nmap

3)Do more thinking/researching/investigating the way our machine  learning
IPv6 OS detection system decides whether a match is perfect and/or how
close the match is.

4) Improvements to the Nmap multicast IPv6 host discovery scripts


III. Skills/Experience

1. Please describe in a few lines your C/C++ knowledge or experience (if
any):

My best achievement in C/C++ programming is the Selection in the most
privileged Coding Contest. ACM ICPC REGIONALS - 2013. The most practical
use of my C++ skills is to create a terminal Made an OS Shell which
supported almost all commands (Background processes , Redirection, I/O etc)
of the Linux terminal and also some additional user defined commands.  I
have also made an Application Level file sharing protocol with support for
upload/download , indexed searching and File Hashing to enable two network
clients listening for requests waiting to share files and made use of this
protocol among my friends. I have also created an rpg game ,using OpenGL
with the character moving in a 3D world having different levels and with
different objectives and obstacles at each level using rendering
mechanisms, optimizations and algorithms.Being a coding freak, I regularly
participate in all the online coding contests I come across.

2. Please describe any Lua, Python, Perl, or other scripting language
knowledge/experience:


I am new to Lua,no knowledge about lua prior to this project  and have
learnt quite a bit in past few days

Python experience

-Made a robot game (Diffusing Bombs) using Python as a course project using
curses library.

-Made a portal for photo sharing, The users using this portal will be able
to upload, share, delete, modify, like and also comment on others  pictures
 using Web2Py (An Interface similar to Facebook was built)

-I also write python scripts for pen testing the start-up websites of my
friends.



3. Please describe any Windows development experience:

I participated in Windows-8 development workshop which gave me have
hands-on working with Microsoft Visual Studio (C# )..Developed an App in
that workshop and was the Finalist in the that workshop which was conducted
across the country.

4. Please describe any UNIX development experience:

I tried to mimic the terminal using C++,to test my C++ skills.In which I
have implemented Background processes, Redirection, I/O etc.,) with some
other user defined functions

I wrote a plugin which searches YouTube, Picks the first result and Plays
it in VLC in the background.Inspired from my friend's Idea of a similar
thing.User has functions to pause, resume, enqueue was an add on.

5. Please describe any Mac development experience:

None at all, I know very little about this OS.

6. Please describe any previous/explus Nmap usage experience:


I used nmap as a pentester in various Capture The Flags and other security
contests i've participated (Haccon'14) .

I also used nmap for Determining the
<http://en.wikipedia.org/wiki/Operating_system>operating system and
hardware characteristics of network devices.

7. Please describe any previous Nmap development experience:

No this is my first time .


8.Please describe any previous Open Source development experience:

I have created many apps and have all my codes under free license , My love
towards App Hacking started when I went through an open source App ,thus
motivating me to leave my hacks for public use , the major ones being
Microsoft.code.Fun.Do (Habit cultivator - Finalist 4th Position) and
Banglore Hacckathon'14 (2 hacks on packet sniffing and distributed
computing - SemiFinalist) .



9. If possible, include a link to source code you've written, such as a
school or personal project:

https://github.com/chati/Wiki-search-master  - A Search Engine for 43 GB
Wikipedia Data.

https://github.com/chati/linux-shell-terminal -  - This is an imitation of
the terminal using C++,to test my C++ skills.In which I have implemented
Background processes, Redirection, I/O etc.,) with few special user defined
function.

https://github.com/chati/File-sharing-protocol - Application Level file
sharing protocol with support for upload/download ,indexed searching and
File Hashing to enable two network clients listening for requests waiting
to share files and made use of this protocol among my friends

https://github.com/chati/Habitcultivator - App which helps to cultivate
habits (Written using C#)

https://github.com/chati/Quality-Of-Services-IPv6 - This is the white paper
on "Quality Of Services in IPv6" which was prepared as a report after going
through various documentations and RFCs.


10. Have you participated in any previous Summer of Code projects? If so
(and it wasn't Nmap), please describe your projects and experience. Be sure
to mention the years involved and the name of your former mentors.

No I haven't.

11. Have you applied for (or intend to) any other 2014 Summer of Code
projects? If so, which ones?

Not at the moment. I considered applying to IPv6 related projects in
Haiku-os, ns-3 simulator.

IV. Education

1. What school do you attend?

IIIT-HYDERABAD (International Institute of Information Technology ).

2. What degree are you pursuing (include the specialty/major)?

Btech + MS by Research in Computer Science.  Currently doing my research in
CSTAR (Center For Security Theory And Algorithmic Research) Labs , My
Stream of Research being Quality of Services in IPv6 and Packet
Classification .Currently Setting up IPv6 workbench in our Institute.


3. How many years have you attended there?

This is my third year.

4. When do you expect to graduate?

2016.

5. What city/country will you be spending this summer in?

Hyderabad,INDIA..

6. How much time do you expect to have for this project? Please list jobs,
summer classes, and/or vacations that you'll need to work around:

I have no problem working up to 7 hours a day.As this will be my summer
vacation, the only other work which I would have is my Research work which
is also in IPv6 and Networking , this shall boost up my work towards the
GSoC project as well.

V. Project Proposal

1. Please describe your proposed project in detail, including deliverables
and expected timeline with milestones (this is the long answer):

Motivation for the project and the deliverables:

When I have been working on Packet classification in IPv6, I found that the
DSCP code values can be changed accordingly to provide privileged
services.I thought this can be used while probing , as when we send the
packets across the network to scan the Operating Systems for ports, we can
mark these packets separately by modifying the DSCP(Differentiated Services
Code Point) values so that they get higher preference in the network
traffic and do not get stuck in the network, thereby ensuring a more
reliable port scanning with a higher probability of reaching out to all the
systems.This ensures Advance probing in IPv6.


My implementation attempts:

I already read whole
https://svn.nmap.org/nmap-exp/luis/ipv6tests/vectorize.py in order to get
an overview of the problems Nmap developers..I have read the OS-detection
part completely in the nmap-book and started understanding the vectorize.py
code , understood the Idea behind each function by reading through the
comments, Since the code used Scapy(Python).

I learnt scapy and coded a patch which modifies the DSCP code values of the
packets and send them from one router to other. This code clearly shows the
difference between the packets with high DSCP code and the lower ones.




This is the link to patch of code which I have written (Read-me clearly
mentions on how to run the code):

https://github.com/chati/Packet-Classification-OS-Probing





Tentative Timeline (in 3 Sessions):




Note : This is a very first sample of a timeline. not the final timeline .
I will make that with precise details during the first week of the bonding
period with my mentors



First Session (From 19th May):

- Get much more acquainted with IPv6 fingerprinting and OS scanning.

- Try to find out the missing features so that I could include them along
with the advance        features I am planning to add to the packets which
are sent for probing.

- Check the compatibility of my code with the given nmap code vectorize.py

- I will get acquainted with community members.

- And then discuss my ideas and make a complete and clear list of
deliverables and schedule.

- Learn how the current FP engine.cc and Vectorize.py scripts work.

- Learn more about Lua.


Mid Session (From June 16th ):

- I will add my code into the vectorize.py and try out working the whole
code at once.

- Make sure the whole code is working .Check the complexity and latency
,see if the addition of my code affects the original code , try to optimize
the code.

- Check out for more optimizations possible in the tool by use of packet
classification,I am sure I will find at least 2-3 places where this might
be a useful.

- A deadline for each script will be decided on between me and my mentor.
The scripts will be submitted to the mailing list as and when they are
completed.


End Session (From 28th July):

- I will wrap up things and test it in order to find the bugs and fix them
 up .And merge them with the original code, Bugs can be expected here hence
would solve them if they arise.

- I am quite sure that I would be getting some Ideas throughout my
implementation process (May be even after my submission),Ill see If they
can be added easily else will try to work on that after my submission.





2. Why are you well suited to perform this project? (This can be a long
answer too if you don't

have a résumé/CV link.)

I loved the way Nmap works in my first interaction with it itself.And this
is literally my dream project. My research stream being in IPv6 and
networking is a big bonus for me as I have read many RFCs related to IPv6
already and have a good grip of the subject.I never give anything less than
my best for the things which I love to do, this project being one of them.I
am a kind of person who can come with a number of creative Ideas
spontaneously irrespective of the domain .So you can always look up to me
if you want to come up with new features .I would love to work with this
organisation even after the GSoC and stay with the team , as this really
attracted me.

I am a self motivated passionate coder and very quick learner (which was
proved as I have learnt  Scapy as soon as I found that the code which was
given in the link used the same and wrote the code overnight) .I love to
take up challenges. In my last semester took up  3 Advance courses in
parallel , one of them was considered to be the toughest course in the
institute (Advance Computer Networks) and received an 'A' grade(Top grade)
in all the 3 (which was never achieved in past 2-3 years) . I always wanted
to do something for the social good.But It makes me much more enthusiastic
when I am doing it through my expertise - Coding!

.
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/