Slashdot Mirror
The Spinning Cube of Potential Doom
An anonymous reader writes "This month's Communications of the ACM (does not seem to have a link to online text) has an article about The Spinning Cube of Potential Doom, a security visualization tool that I first saw at SC2003. The cube displays data from Bro along 3 axes and creates interesting visual results (port scans, barber poles, lawnmower). This definitely makes patterns in all that 'boring log data' jump out. This is a very interesting development, the ability to monitor in real time and replay historical security related information. Definitely a step towards the new types of tools we will need to secure hosts and networks."
When the eventual goal of having this data displayed in a real time setting the applications of usefulness will be startling. Data that had to be updated manually during the conference, will be available to researchers to do tci-square analysis to approximate the optimum network efficencies. Even use in the business sector and th ability to analyze huge databases will be quite amazing, although at least a half-decade down the road. Besides the primary educational aspect of the Cube, the secondary goal of the Cube will see fruition as to how investigate new techniques in visually analyzing network traffic and also to develop a tool that would potentially assist those involved with computer security. Really fascinating stuff.
Too bad Cisco didn't have this a couple weeks ago when they needed it!
The best way to predict the future is to invent it. -Alan Kay
I live in the spinning cube of potential doom. At least that's what my co-workers call it.
Sounds like the Time Cube.
But then, you stupid ignorant mind-traitors cant understand time cube having been manipulated by your word god.
I don't need no instructions to know how to rock!!!!
Now we need tools that scan in a pattern that causes little devil faces to appear inside the cube, just to freak the sysadmin out. Words could be fun too.
I Am My Own Worst Enemy
Man, when I heard it could display data along 3 axes I was hoping for a error message featuring a little projection of somebody saying "Help me Obi-Wan Kenobi, you're my only hope."
Sad.
The Human Cow - bringing you scrumtrelescence since 1995
Okay, so I see the pretty pictures, but what do they mean. Can anyone explain how to interpret that data?
--AC
is this Cube.
this cube of doom?
The Technonaut
This is old news.
Security companies are just reacting to Swordfish...which used the opposite tool...it was spinning cubes that joined together when you successfully exploited the system.
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
Wonder if they've got one of these monitoring DOS attacks now that they've been posted on Slashdot.
Here's the 31 meg AVI if you want to make it spin faster.
If this becomes a trend, and "Secutiry Visuallization Tools" become widespread... then people will begin to say that movies like Hackers and such were just "before their time."
Do we really want that?
And it's a good damn thing I've got a wireless LAN connection, so my cat5 cable won't get all twisted up.
The Spinning Cube of Potential Doom?
That sounds like a tool used by the Irken Armada.
Does it make you happy you're so strange?
"Definitely a step towards the new types of tools we will need to secure hosts and networks."
I'm sorry, but I do not agree. While it makes it easy to visually detect intrusion attempts, it is of no use in the daily life of a BOFH. I have the responsibility of quite a number of machines. Most of the time, they don't require attention. So I don't pay them any. Then, once in a while, something extraordinary is happening, and I'm being alerted by an automatic monitoring system. That means I can use my day on all the important things (like hanging out on IRC etc). Visualizing network intrusion attempts is cool, but it's not a tool for me.
I want my n-monitor system with that funny IDE that lets you code exploits with on-screen spinning lego and gets you fine wines and a hot babe like Halle Berry.
The cube displays data from Bro along 3 axes and creates interesting visual results (port scans, barber poles, lawnmower).
"So Cube...do you see anyone invading us from the 201.163.x.x range?" "YES"
"That's Tron. He fights for the Users."
I have a theory that the truth is never told during the nine-to-five hours. -- Hunter S. Thompson
They appear as complex crystalline structures with no obvious holes other than the known authentication interfaces.
Those who hack/defeat them are called "icebreakers" and they use software which has its own visual attack signature to distract or deflect(overload/DNS attack) the ice or to find hidden cracks (exploits)
Visionary stuff (pun partially intended).
You are in a maze of twisty little passages; all alike.
it looks like a great tool for ferretting out new styles of attack, even though it's use to an individual trying to protect his/her network is rather limited. the automated system that someone else mentioned sounds much more useful.
-ninjaneer
In fact, I was just talking to a coworker earlier about my new product idea. They need sanitary cube covers like those half ply protect-o toilet seat rings to protect the next victim from my blood, sweat and tears.
Besides the primary educational aspect of the Cube, the secondary goal of the Cube will see fruition as to how investigate new techniques in visually analyzing network traffic and also to develop a tool that would potentially assist those involved with computer security.
Yes. The Cube knows all. It will make everything all right again. The Cube has been sent to help us. We must trust the Cube.
All hail the Cube.
-Laxitive
Sorry, absolutely nothing of value to add to this. I just liked the way you referred 'the Cube' using proper-noun capitalization, and spoke of it as a single entity.
You spin me right round baby right round
Speak truth to power.
I was hacking teh Gibson, *I* would have gotten in Acid Burn's undies. :(
The Borg finally have the technology from The Last Starfighter! We are doomed!
I wonder what the 3D graph of a Slashdotting looks like...
All that we see or seem is but a dream within a dream.
I think the point of this interface is that the data is more easily interpreted, allowing the human-user to notice patterns that automated scripts would miss. This could be done either in real time, or as a visualization tool for historical files. The latter usage seems like it would be of interest if you're trying to determine the source of a break-in.
For real-time monitoring, your point about mutliple systems is very valid, but what if this approach could be scaled up to allow you to visually inspect the whole system for a number of problems? Perhaps an entire array of cubes, each for a subnet or an individual system, focusing on those that pique your interest.
This idea may be able to mesh with the glanceable objects idea (just the idea, not their chicken egg specifically). If it is informative enough, it could allow you to periodically check some aspects of your whole system for things that you either can't write scripts to do, or don't have time to write scripts for.
-Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
Warning: Pregnant women, the elderly and children under 10 should avoid prolonged exposure to the Spinning Cube of Potential Doom.
Caution: the Spinning Cube of Potential Doom may suddenly accelerate to dangerous speeds.
the Spinning Cube of Potential Doom Contains a liquid core, which, if exposed due to rupture, should not be touched, inhaled, or looked at.
Do not use the Spinning Cube of Potential Doom on concrete.
Discontinue use of the Spinning Cube of Potential Doom if any of the following occurs:
Itching
Vertigo
Dizziness
Tingling in extremities
Loss of balance or coordination
Slurred speech
Temporary blindness
Profuse sweating
Heart palpitations
If the Spinning Cube of Potential Doom begins to smoke, get away immediately. Seek shelter and cover head.
the Spinning Cube of Potential Doom may stick to certain types of skin.
When not in use, the Spinning Cube of Potential Doom should be returned to its special container and kept under refrigeration...
Failure to do so relieves the makers of the Spinning Cube of Potential Doom, Wacky Products Incorporated, and its parent company Global Chemical Unlimited, of any and all liability.
Ingredients of the Spinning Cube of Potential Doom include an unknown glowing substance which fell to Earth, presumably from outer space.
the Spinning Cube of Potential Doom has been shipped to our troops in Saudi Arabia and is also being dropped by our warplanes on Iraq.
Do not taunt the Spinning Cube of Potential Doom.
the Spinning Cube of Potential Doom comes with a lifetime guarantee.
the Spinning Cube of Potential Doom
ACCEPT NO SUBSTITUTES!
Back in the "what possible use would anyone have for 3D?" days, Silicon Graphics made gobs of 3D utilities such as this. Many exist today as viewers for their (awesome) Performance CoPilot system for IRIX and Linux. Over time they learned that most admins perfer text most of the time. But man, fddivis on a large monitor sure does make the NOC look way more productive to the suits!!
They even had a 3D intra-website link manager at one time!
See the cube in action here.
From the title, I made the quick assumption that this was either talking about the borg from star trek (quite confusing) or some variation on the rubik's cube, (which has baffled people since it came out). I was quite surprised to see security software instead (which is inherently confusing for almost everyone except slashdotters)...
"Operating systems suck: you're better off using only the BIOS" --trainsaw.com
"Code is currently not available, sorry!. I plan on releasing the source as soon as I get a version that is more polished."
:)"
release early and often, Im certainly not going to use something that claims to be a "security" tool if I cant view the source to see for myself just how "secure" it is. the whole point of having an open source community is so others can help you polish that code for later releases.
"put the [code] on the floor and back away slowly, sir. we can take it from here
those web sites didn't work. The urls have been Slashdotted already.
:)
Want to destroy a site's bandwidth, post a URL to it on Slashdot.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
would sound more interesting. The spinning cube
of potential doom sounds like a Humvee on an
icy road.
Did someone just discover that data can be graphed? What is the innovation here?
For great justice.
Got some slick, nobody's fool sysadmin you need to get past?
Well, cook up a portscan that will look like a giant, spinning Mr Goatse, or some racial slurs, etc..
Boss walks past, geek gets fired, replaced by bosses moron nephew who is more than happy to give you the keys to the server when you call and identify yourself as the Hamburglar.
I don't need no instructions to know how to rock!!!!
We all live in a spinning cube of doom!
(sorry, I'm infatuated with this phrase at the moment)
I wonder about this sometimes. There are so many port scans and intrusion attempts they aren't worth getting you knickers in a twist about. All the non-necessary ports are blackholed anyway.
What I do worry about are the connections that take place with actual open services. They are the ones that ought to be monitored for foul play. Log checkers and proactive HTTP request sanitizers are more use there.
I'm sorry if I haven't offended anyone
Reminds me of the "screen display" system teh Borg had in ST:TNG. They had several external images of the starship battles arranged on a rotating cube. Fits their ship.
I bet they didn't think of the potential doom of getting posted on slashdot. What would the cube look like as they are getting slashdotted? I'm thinking implosion would be cool...
this one
Technoli
...is don't talk about Spinning Cube of Potential Doom. You must now be punished for breaking the first rule.
Visible Decisions (acquired by Visual Insights in 2000) has been doing graphical visualization for 15 years - check this out for a demo.
Another innovation I can see is hooking this kind of tool up to network aware objects, like those little spheres that change colors.
I can see it now...
admin: "oh crap the ball on my desk just turned red, Ill have to call you back..."
Remember the ambient orb?
Thinkgeek used to sell them, but I couldn't think of something I would find it useful for. This would be perfect. Just have a globe on your desktop that changes colors based on the data provided by the cube matrix. If the orb starts turning crimson, you know that that your network is in need of administrative attention.
WURD!!
...I can see it now:
I know this... this is UNIX!
Would you like to play a game>
All hail the Cube.
from "Deep Space Homer"
Buzz: Homer Simpson was the real hero here. He jury-rigged the door closed using this.
Man 1: Hey, what is that?
Man 2: It's an inanimate carbon rod!
Everyone: Yay!
Time magazine cover: "In Rod We Trust"
Carthago delenda est!
About 18 months ago, Slashdot posted an article The Black Ops of TCP/IP: Paketto Keiretsu 1.0 Release with a nice collection of unconventional networking tools.
Included was a very cool tool, Phentropy, for visualizing arbitrary data using Strange Attractors. You may recall a paper on TCP/IP Sequence number analysis that highlighted the usefulness of Strange Attractors for data visualization.
Phentropy plots an arbitrarily large data source (of arbitrary data) onto a three dimensional volumetric matrix, which may then be parsed by OpenQVIS. Data mapping is accomplished by interpreting the file as a one dimensional stream of integers and progressively mapping quads in phase space.
OpenQVIS is a neat package and could fill a lot of arbitrary data viz needs.. But damned if I have been able to get the thing to build under Linux. The project could really use some help, and I think a lot of good could come of it. The Phd types who wrote it seem to have mostly moved on..
... After all the $$M spent on cute visualization and PR promotion of the technology, evil authors of port-scanners just add two lines:
/* this */ ...) ...){ /* and this */
pseed=urand(); iseed=urand();
for(port
for(ip
port ^= pseed; ip^=iseed;
probe(ip,port);
}
or use some fancier one-to-one mapping and the dots in your cube are again "random" to the naked eye.
(On a side note, why whoever implemented that "barberwire"-producing scanner did not do this at the time, I can not understand).
Paul B.
when you have been /.ed? (As it seems to be right now)
And what's more, that they can be graphed in a way that leaves human-recognizable patterns. That sounds pretty innovative to me. It's like discovering that you can distinguish a Beethoven composition from a Bach because the Bach tastes more like mango.
I busted out my laptop and sat down and started port-scanning some friendly IPs in front of the screen, only to be disappointed that I'd have to wait something like 10 minutes to see my spray coming out.
;p
It was still pretty cool, and I'm sure half of the traffic on it was people like who kicked off port scans just to see themselves on the screen
PC moderators can suck my White pierced, tattooed dick. If you think pride == hate, s/dick/Aryan meat mallet/g.
Is it possible this could also be the solution to identifying the problem of auditing user groups on a system where the groups are nested? Select a file or directory and then have the magic cube display in 3 dimensions the access of a user based on amount of potential privilege with each associated group. The more privilege you have the closer to the center. This has always been such a pain as a security auditor to have to pick through spreadsheet after spreadsheet on poorly managed systems to see if a nested user has group access to something. Would be nice to do a quick find of everything and feed the cube the results. Put on your magic glass and poof ... you can now see who can touch your goodies!
Could someone who has downloaded the movie please post a mirror? All of the existing links posted are already 404.
# fuser -v
#
The time is NOT a display variable in the Cube. Your "enhanced" scanner would produce the same pattern as it would without the randomization. The order in which the scan's packets reach its target, and the dots are put on the display does not even change the resulting picture.
Now, the "barbwire" scan tries a port on each host. This could be made less distinguishable by randomizing the port, rather than using linearly increasing port numbers for the IP range, which produces the evel-looking diagonal slashes in the picture.
And all you fools said that Hackers wasn't a realistic computer movie... Shows what you know!
-S
I see it now... What is the third axis then? (TFA was already /.ed by the time I tried clicking on it, but I assumed that any Cube would be 3D, right? ;-) )
Paul B.
You can't spoof your own IP if you expect to get any results from a port scan, so all your connections will be in the same Z plane. I expect that would show up quite well, especially if the cube was viewed from several different angles. Also, it displays a fairly large period of time simultaneously, so randomizing the connection order wouldn't be all that helpful.
Thanks for the /. and the comments folks, although I'm not sure if the web admins are gonna talk to me anymore. :-/ I got paged about the /. while I was watching Shrek 2. What happened to Fiona's Dad? Missed that part...oh well...
The Cube is still a work in progress. I originally developed it to keep wandering jaded conference attendees mesmerized by pretty moving colors. Hopefully it'll inspire people to develop new ways of educating the wormy masses that they need to take security seriously.
I, for one, welcome our new Borg overlords!
I work for a network research group ("WAND") at Waikato University in New Zealand. We have a similar visualisation which you can see various stages of evolution here, there are also some animations.
The universities internal network IP range is mapped onto the left hand face of the cube, the rest of the world is mapped onto the right face. They are mapped so similar addresses are clustered together and addresses further apart are uh, further apart. A box represents one packet, the volume of the particle is proportional to the size of the packet, and the colour is based on port number.
Also we "light" each end of the connection for a bit after the packet has been sent. So machines appear to be glowing in the colour of the traffic they are sending.
We use it to show off "networks" to people who think we just sit at computers and type into stuff, however it has been very useful to detect attacks and broken machines since they provde distinctive patterns. Portscans are a series of "sparkly" packets. Network scans are a row of marching lines. Virii infected machines appear as a cone centered on the infected machine.
Am I the only one who get an error saying invalid cert? If so, maybe they should spinning cube of doom themselves!
[o]_O
I thought this was going to be something cool, like that B.S. crap from Swordfish. (No, not H.B.'s boobs). Then I saw this, and it looks like B.S. crap, but not *cool* B.S. crap. Dammit! When do we, the non-gamers of the world, get some cool 3D graphics?
I think you've missed the primary use of pretty pictures and animation. A BOFH with prominently displayed active graphs and a device that goes "ping" every so often can greatly optimize IRC/Nethack time by responding to all queries by management in the following manner.
Manager: "Where are your TPS reports?"
BOFH: (pointing at large, flat screen display of Cube of Potential Doom with one hand while typing jjjjjjjjjj with the left) "TPS Reports! My God can't you see we're under attack. Quick! Call facility maintenance. We need to lock down the executive suite!"
You get the idea...
[-- Trust the Monkey --]
right on man, that would be *nice* Be able to just slide a user deeper or farther away from the center, and even add layers (jails), more spheres over spheres, on the fly.
I like it.
NERDS X-P
Snowden and Manning are heroes.
It's a brutal but compelling reminder that we should all avoid unencrypted telnet/pop3/imap.
Consider spending some time today getting STARTTLS running on your mail server. Or consider getting IMAP/SSL going. Or consider figuring out GnuPG or S/MIME email once and for all. Don't be part of the problem.
If I recall right (and have the spelling right), then to see it, all you need is a Star Trek Original Series episode called "The Corbomite Maneuver".
Anyone else quick read the title and expect this to be something about Doom III? I hope Carmack is well beyond spinning cubes at this stage of development ..
End Communication.
I just hacked up a script that will port scan their IP space in just the right port/ip/time pattern to form the goatse guy in all of his 3-d glory rendering this security tool useless because people will refuse to look at it. If that doesn't deter them I'll hit 'em with tubgirl. They'll be able to rotate it in 3-d and see the whole stream suspended in mid-air and everything. My next task is to hit them with successive animated images so if they play it back fast enough they can see the cavern opening and closing or the cascade flowing.
when will I learn to actually make the things I think of :/. Not that graphic representation is a genius idea, though they have a cooler name, "CUBE OF DOOM", than I would have thought of. I would have called mine something like "IP & Port Grapher version 1"... or maybe "IP & Port Grafix 3000XP+"
I'd really like to know how to draw a nonlinear line. Oh wait, would that be a curve ?
Spinning cube of doom, linear lines, and lawnmower plots that really look like an old-school SVGA game that doesn't quite grok the frame buffer. It all looks amateurish to me.
-Billco, Fnarg.com
This Cube of Doom is exactly what I need to make my security response work seem exciting for my peers. This Cube of Doom is sexy. An xterm with Snort logs is not.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
Only if it's a 4-corner faced natural harmonious Time Cube.
-no broken link
.. there is a section at the end where a similar technology used. I thought this was the least believable part of the story actually... that is until now...
I just skimmed through the site and looked at a couple of the images; and it brought to mind the imagery I've seen from the graphic presentation piece you can use with their box. http://www.sourcefire.com My slight disclaimer - we use several brands of network sensor including SourceFire and have a couple RNA boxes to play with right now.
I think with the interesting people, their lives can't possibly be wrapped up into a nice little package.