Search This Blog

Monday, 8 February 2016

Mitigating distributed denial of service attacks – a practical approach

Abstract
Distributed Denial of Service attacks present a real threat to the security and reputation of industries across the globe. This report looks at why DDoS attacks occur, who are likely targets of DDoS attacks, types of DDoS and strategies to mitigate against attacks.

Introduction
The first Distributed Denial of Service (DDoS) attack tool appeared in June of 1998 labelled FAPI. FAPI could direct TCP, UDP and ICMP traffic from multiple attack sources causing a victim to become unresponsive to legitimate requests (Lin & Tseng, 2004). Since FAPI, DDoS tools and techniques have provided a lucrative avenue for cyber-crime. With more organisations and businesses connecting critical infrastructure to the internet, the impact of DDoS strikes is becoming increasingly prevalent.

Why Who and What?
DDoS attacks can be used for masquerading other attack activity, revenge, hacktivism and more typically extortion (Symantec Corporation, 2015). It is common with extortion attacks where an organisation will be given an ultimatum for money or else its online presence or internet services will be affected, usually during a critical time for the business (Mansfield-Devine, 2011).
Figure 1 - Size and Frequency of DDoS attacks
(Akamai Technologies, Inc, 2015)

Cyber criminals use DDoS because botnets are cheap, highly effective and hard to detect. Botnets can go for as little as $5 per hour, use normal connections and consistently bring down internet services like clockwork (Florian, 2012). DDoS targets are usually broken down into different industries with over half of all attacks in 2015 directed towards gaming and software and technology entities (Akamai Technologies, Inc, 2015).

Figure 2 - Attacks by Industry (Akamai Technologies, Inc, 2015)

DDoS attacks are growing in frequency and intensity each year, the likelihood of businesses being targeted is ever increasing. DDoS attack vectors generally fall into two categories – Layer 3 network or infrastructure floods and Layer 7 application attacks (Mansfield-Devine, 2011). Infrastructure attacks utilise network protocols such as TCP, UDP, ICMP, NTP, SSDP, DNS and CHARGEN; these network layer attacks account for over 95% in frequency and volume of all DDoS traffic in 2015 (Akamai Technologies, Inc, 2015).

Application layer attacks on the other hand exploit web servers by flooding the service with a large number of HTTP GET, POST or PUSH requests. These requests aim to overwhelm the server's resources until the service is rendered unusable or unavailable (Iyengar, Banerjee, & Ganapathy, 2014).
Figure 3 - Attacks by Type (Akamai Technologies, Inc, 2015)

A trend towards the use of non-botnet based resources such as open proxies has recently been observed. This shift may lead to an increase in reflective DDoS attacks that abuse web application frameworks making DDoS mitigation exceedingly challenging (Akamai Technologies, Inc, 2015).

Mitigation Strategies
Many different mitigation strategies exist depending on client base size, content type, business requirement and funding capital. Four traditional mitigation tools exist which can be used independently or in conjunction with other mitigation methods such as white listing and cloud security services. Mitigation tools include bandwidth defence, rate filtering, signature filtering and moving target (Hunter, 2003).
Bandwidth defence aims to mitigate bandwidth attacks. A bandwidth attack involves large traffic throughput which can be upwards of 10GBp/s as shown in figure one. This attack aims to overwhelm the connection pipe to the web site to disrupt service. Bandwidth defences usually involve the use of multiple service provider internet links and the ability to increase internet throughput on demand (Mansfield-Devine, 2011). Content Distributed Networks (CDN) such as Akamai and Sandpiper also assist with bandwidth defences however usually is expensive. Organisations should intelligently monitor their infrastructure bandwidth to ensure sufficient normal capacity and the ability to detect bandwidth attacks when they occur (Hunter, 2003).

Rate filtering looks to counter DDoS attacks through preservation of resources on the victim end. A DDoS SYN flood attack aims to exhaust finite bandwidth, CPU, memory and buffer resources.

Figure 4 – Traditional single tier data centre.
Adapted from “Three Tier Network Architecture to mitigate DDoS Attacks on Hybrid Cloud Environments” by Bhardwaj, Subrahmanyam, & Sastry, 2015.

Each connection allocates system resources. Once resources are saturated, subsequent requests are dropped causing service outages. Limiting half-open connections, packet throughput and monitoring resources can mitigate these types of attacks. Access control lists (ACL) also preserve system resources through network packet filtering. Filtering should be placed as close to the network perimeter as possible to limit device resource allocation. In the event rate filtering is problematic, distribute the filtering over multiple inline perimeter devices to share mitigation load (Beitollahi & Deconinck, 2012).
Vendors which provide commercial rate filtering devices include Hewlett Packard Enterprise, Riorey Checkpoint, Juniper, F5, Fortinet and Cisco. Low bandwidth DDoS and application layer attacks cannot be mitigated by rate filtering, cloud security services or signature filtering can assist with these types of attacks.

Signature filtering relies on recognizing signatures created for typical attack patterns. These devices are efficient and less likely to suffer from performance problems, however could block legitimate traffic (Hunter, 2003). Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS) are great examples of signature filtering devices. WAFs and IPS’ execute deep packet inspection on HTTP/S requests and their payload to identify and prevent attacks. Akamai recommends WAFs which utilise flexible comprehensive rule sets, situational awareness, black and white listing, GEO blocking, behavioural controls and origin cloaking (Akamai, 2014).

WAFs and IPS’ should be placed inside or outside (or both) of the perimeter network. Inline open source perimeter IPS devices which support custom signature and the ability to capture DDoS traffic for analysis include Suricata or Snort.
The Moving Target Defence involves switching services to a new IP address in the event of an attack, DDoS attack traffic will then be delivered to the old IP address mitigating the attack. For added protection the IP addresses can be changed periodically to provide further defence against attack. This option has the advantage of reducing the risk of an attack since multiple end points are possible and the process of changing service IP addressing is frequently tested. Attackers can circumvent this defence by using DNS requests to identify the new service IP address. Moving target defence should not just protect public web addresses; it should also protect DNS servers and core network infrastructure (Hunter, 2003). Cloud security services can provide moving target defences since the web services public address points to the cloud security service. Cloud security edge servers act as a distributed firewall. Traffic is scrubbed and cleaned before clean traffic is forwarded to the origin server (Gillman, Lin, Maggs, & Sitaraman, 2015).

Moving target defence can be costly due to the number of servers and network addresses required to keep shifting services, not to mention the attacker can easily identify current infrastructure addresses. This is where white listing can improve defence success.
White listing can be done by a VIP list (user based) or cloud security services white listing (service based).

Figure 5 - VIP whitelist overview (Yoon, 2010)

Very important IP addresses (VIPs) are collected IP addresses from previous successful applications logins to make a whitelist under normal network conditions.

The VIP or whitelist is installed on a perimeter network device and activated when a DDoS attack is detected. White listing is similar to GEO protection however instead of permitting or blocking based on country, the whitelist is permitted based on previous successful user authentications.

Figure 6 - CloudFlare security services

Due to the nature of internet users and public IP allocation, users can often be assigned a new public address when connecting to the internet. Yoon observes public IP addresses of client users do not change all that frequently however when it does, the network address portion remains the same since most service providers are allocated a static range and use a contiguous block. This can be exploited to maximize the usefulness of the VIP list by introducing network subnets to the VIP whitelist. (Yoon, 2010).

 
Figure 7 – Cloud security services with CloudFlare. Retrieved January 2015, from https://www.cloudflare.com/overview/overview.png. Copyright 2016 CloudFlare, Inc.

Leading cloud security services offer CAPTCHA, IP ACLs, GEO blocking, WAF, DNS protection and analytics. According to Forrester Wave, cloud security, DNS and CDN services are best provided by Prolexic (now Akamai technologies), CloudFlare and CenturyLink (Holland & Ferrara, 2015).
At minimum a single tier data centre design with VIP white listing should be used for self mitigating small scale attacks. Multi-tier cloud security services and CDN is recommended for large scale high attack bandwidth mitigation. DDoS mitigation should be part of all businesses disaster recovery plans, be implemented and tested prior to DDoS attacks and include monitoring for ongoing detection (Florian, 2012).

Summary
Distributed Denial of Service (DDoS) attacks present a real threat to the security and reputation of industries across the globe. With more organisations and businesses connecting critical infrastructure to the internet, the impact of DDoS strikes is becoming increasingly prevalent. Mitigation strategies include bandwidth defence, rate filtering, signature filtering, moving target, white listing and cloud security services. At minimum a single tier data centre design with VIP white listing should be used for self mitigating small scale attacks. Multi-tier cloud security services and CDN is recommended for large scale DNS and high bandwidth attack mitigation. DDoS mitigation should be part of all businesses disaster recovery plans, be implemented and tested prior to DDoS attacks and include monitoring for ongoing detection.

References
Akamai Technologies, Inc. (2015). [state of the internet] / security Q3 2015 report. Cambridge, Massachusetts: Akamai Technologies, Inc.
Akamai. (2014). Threats and Mitigations. A guide to multi-layered web security. Retrieved from Akamai ebook guide to multi layered web security: http://www4.akamai.com/dl/akamai/akamai-ebook-guide-to-multi-layered-web-security.pdf
Beitollahi, H., & Deconinck, G. (2012). Analyzing well-known countermeasures against distributed denial of service attacks. Computer Communications , 1312-1332.
Bhardwaj, A., Subrahmanyam, G., & Sastry, H. (2015). Three Tier Network Architecture to mitigate DDoS Attacks on Hybrid Cloud Environments. arXiv .
Florian, M. (2012). Simple ways to dodge the DDoS bullet. Network Security , 18-20.
Gillman, D., Lin, Y., Maggs, B., & Sitaraman, R. K. (2015). Protecting Websites from Attack with Secure Delivery Networks. Computer , 26-34.
Holland, R., & Ferrara, E. (2015). The Forrester Wave™: DDoS Services Providers, Q3 2015. Cambridge: Forrester Research, Inc.
Hunter, P. (2003). Distributed Denial of Service (DDOS) Mitigation Tools. Network Security , 12-14.
Iyengar, N., Banerjee, A., & Ganapathy, G. (2014). A Fuzzy Logic based Defense Mechanism against Distributed Denial of Service Attack in Cloud Computing Environment. International Journal of Communication Networks and Information Security , 233-245.
Lin, S.-C., & Tseng, S.-S. (2004). Constructing detection knowledge for DDoS intrusion tolerance. Expert Systems With Applications , 379-390.
Mansfield-Devine, S. (2011). DDoS: threats and mitigation. Network Security , 5-12.
Symantec Corporation. (2015). 2015 Internet Security Threat Report. California, USA: Symantec Corporation.
Yoon, M. (2010). Using whitelisting to mitigate DDoS attacks on critical Internet sites. IEEE Communications Magazine , 110-115.

Wednesday, 3 February 2016

Belkin F5U257 USB to Serial Driver installation Windows 10

Recently upgraded to Windows 10 and noticed there was no driver available for the Belkin F5U257 USB to serial adapter on the below official link:

http://www.belkin.com/us/support-article?articleNum=4644


Managed to extract the driver from the Windows 7 package (Belkin-F5U257-Win7-Vista driver.zip) using the following steps:

Download the driver (Belkin-F5U257-Win7-Vista driver.zip) from the above URL.


Extract the driver files (ser2co.inf, ser2co.cat, ser2co.sys, ser2co64.sys) from the driver000.cab to the same driver folder directory

Update the USB-Serial Controller device driver by locating the local folder. Windows 10 should find the driver in the folder and complete successfully.



The Serial port should now work successfully!

Sunday, 13 September 2015

Testing wireless networks - do people really use bad computer passwords?

You regularly read about how people use silly passwords that are easy to guess. I thought I would see how true this is in the wild, based on the wireless networks near my house. For the record this was not done to steal wireless internet or access files, more an an exercise to see if people are actually using these passwords for more than just their eBay or Ashley Madison account.

Getting Started

So first of all one good thing noticed out of the gate is that all the local wireless networks are using network encryption. It's great to see network equipment manufacturers taking the secure by design approach.

Testing began by collecting WPA authentication transactions from multiple networks (7 in total) and putting my video card (or GPU) to work using common passwords from the RockYou dictionary (RockYou dictionary explanation here). Only custom SSID's were chosen to test since its likely if the user was capable of changing the WIFI name then they are also likely to be able to customise the password.

So can anyone do this you may ask? Short answer would be yes, though how long it will take comes down to the speed of your PC. Take mine for example, I wouldn't say its cutting edge but not too bad in this day and age. Specifications of PC used listed below, check your own using dxdiag (windows).



Time to generate some heat

In the past only CPUs were available for this type crunching. Along came OpenCL CUDA which allowed the use of GPU's to do the heavy lifting though it was not exactly straight forward, there was minimal tools available and hardly any documentation. These days it is easy, painless and super quick. Take hashcat/oclhashcat for instance. Portable executables, multi platform and architecture, rich in features and for use with CPU and GPU right out of the box.

After a couple of clicks, downloads, verification, cap to hcap conversions and a quick benchmark (oclHashcat64.exe -b) we were ready to start. Turns out this run of the mill desktop PC can churn out the 64482 WPA hashes per second using the GPU (benchmarks here) and 4000 hashes per second using the CPU (benchmarks here). Notice the difference between CPU and GPU performance!




So lets start with the standard set of RockYou passwords across the 7 different wireless networks using the following string from the CLI (switch syntax available here).

oclHashcat64.exe -m 2500 -gpu-temp-retain=60 -o cracked.txt 6346_1441356908.hccap dict-rockyou.txt

So the time taken to run through this list (14,344,392 passwords) on each of the wireless networks was about 4 minutes each (14,344,392 divide 64482). Results show that none of the 7 wireless networks were susceptible to the list of RockYou passwords.




For good measure rules and permutations were applied to each of the passwords across the networks using hashcat rules (can be found here). This added an additional ~ 127 mins per network to check:

  • First letter upper-case
  • All letters upper-case
  • Adding 1 and 2 digits to the end of the string.
  • Substituting o's for 0's
  • Substituting i's for 1's
  • Substituting e's for 3's
  • Substituting s's for 5's
  • Substituting a's for @'s


oclHashcat64.exe -m 2500 -r rules/custom.rule -gpu-temp-retain=60 -o cracked.txt 6346_1441356908.hccap dict-rockyou.txt

After less than 24 hours or leaving the computer run over night, of the 7 networks 0 was susceptible.


Crack me if you can

So most routers use a random decimal or hexadecimal string by default. These strings are mostly between  8 - 16 characters long (usually a maximum of 64 characters). To extrapolate how easy or hard it is to break this we can simulate some scenarios.


If the WPA password was 8 decimal characters long, using normal PC hardware it would only take a mere ~27mins to break.

oclHashcat64.exe -m 2500 -gpu-temp-retain=60 --attack-mode 3 -o cracked.txt 6346_1441356908.hccap ?d?d?d?d?d?d?d?d



















10 decimal characters = ~ 2 days 3 hours cracking time.

oclHashcat64.exe -m 2500 -gpu-temp-retain=60 --attack-mode 3 -o cracked.txt 6346_1441356908.hccap ?d?d?d?d?d?d?d?d?d?d












And finally 16 decimal characters would take over 10 years!

oclHashcat64.exe -m 2500 -gpu-temp-retain=60 --attack-mode 3 -o cracked.txt 6346_1441356908.hccap ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d












Same tests but including HEX times are:

oclHashcat64.exe -m 2500 -gpu-temp-retain=60 --attack-mode 3 -1 ?dabcdef -o cracked.txt 6346_1441356908.hccap ?1?1?1?1?1?1?1?1

8char = ~ 21 hours
10char = ~224 days
15+char = > 10 years

Obviously there are techniques to reduce this time but to put it into perspective, it doesn't take any complex or much computing hardware to decrypt simple passwords within reasonable time frames.

Also its probably worth a mention that hashcat supports many commonly used password protected or encrypted formats.

Thursday, 18 June 2015

Travel Bucket List

Below is a list of places in the world i have been privileged enough to visit.

This little side project is just to keep track of the bucket list of places to go, ill up date it as I go and put it on the andrew map.


Saturday, 30 November 2013

East Africa and the Middle East


This trip was mainly to see the wildlife in Africa, Climb Mt Kilimanjaro and see some sights in the Middle East
Highlights!

Ground work

So before going to Africa you may want to consider vaccinations. I did some research online (mainly trip advisor) before going to try and work out what to get and what I don’t need to worry about. The only one that most people said you need is yellow fever (apparently some countries won’t let you in / out without the proof of vaccination). I ended up visiting a GP who specialises in travel vaccinations and this is what they said about Kenya and Tanzania (from http://www.travelhealthadvisor.com.au/):
•           Kenya
Yellow Fever occurs in Kenya
Risk of Yellow Fever is lower in the following areas so that for travel to these areas alone, Yellow Fever Vaccination is NOT usually recommended, but anti-mosquito measures are strongly advised (see Note 1): the entire North Eastern Province; the states of Kilifi, Kwale, Lamu, Malindi and Tanariver in the Coastal Province; & the cities of Mombasa & Nairobi than in rural areas.
For travel to other areas, especially rural areas, Yellow Fever Vaccination is recommended for travellers aged 9 months or more. Likewise, if uncertain about travel plans in Kenya, Yellow Fever Vaccination is recommended unless there are contra-indications to the vaccine. For travellers aged less than 9 months and other persons who are unable to have the Yellow Fever Vaccine, specialist advice should be sought as travel to areas of significant risk is not advised for unvaccinated travellers.
Note 1: Yellow Fever Risk is generally so low in these areas that Yellow Fever Vaccination is not generally recommended, but may be required for certain individuals in whom risk of Yellow Fever virus infection may justify vaccination (eg long term travel and exposure to mosquitoes in these areas). For such individuals, one should balance the risk of Yellow Fever against the risks of serious adverse effects from the Yellow Fever Vaccination (See our Fact Sheet “Yellow Fever Vaccination Risk Assessment”).
Note 2: Although the above advisory for Yellow Fever Vaccination is for personal protection, some countries may require either a valid Yellow Fever Vaccination Certificate or an Exemption Certificate, for entry purposes, for travellers who have been in Kenya in the previous 6 days, irrespective of where in Kenya the traveller has been.
AUSTRALIAN CUSTOMS & IMMIGRATION COUNTRY REQUIREMENT: Travellers entering Australia require a valid yellow fever vaccination certificate (or a valid exemption certificate if yellow fever vaccination is contra-indicated), IF arriving in Australia within 6 days of leaving yellow fever risk areas in this country, having stayed overnight or longer in such yellow fever risk areas in this country.
•           Tanzania
Australian authorities require a valid yellow fever vaccination certificate from travellers over 1 year of age within 6 days of returning from this country, having stayed overnight or longer in this country.
Risk of Yellow Fever is lower in the following areas so that for travel to these areas alone, Yellow Fever Vaccination is NOT usually recommended, but anti-mosquito measures are strongly advised:
Dar es Salaam, Zanzibar & Pemba
For travel to other areas of Tanzania, especially rural areas, Yellow Fever Vaccination may be recommended, although the World Health Organisation (WHO) advises that, for travel in Tanzania, Yellow Fever Vaccination is generally NOT recommended.
Potential candidates for Yellow Fever vaccination include persons travelling to rural areas of Tanzania with prolonged travel, extensive mosquito exposure, inability to adequately protect oneself against mosquitoes (which transmit Yellow Fever Virus). For such persons, or persons with uncertain travel plans, Yellow Fever Vaccination may be advisable providing there are no contra-indications to having the vaccine. See our Fact Sheet on Yellow Fever Vaccination Risk Assessment.
NOTE: Although the above advisory for Yellow Fever Vaccination is for personal protection, some countries may require either a valid Yellow Fever Vaccination Certificate or an Exemption Certificate, for entry purposes, for travellers who have been in Tanzania, including Zanzibar & Pemba, in the previous 6 days, irrespective of where in Zanzibar & Pemba or Tanzania the traveller has been.
Vaccinations at the end of the day are more of a risk mitigation thing rather than a guarantee (fortunately I had no issues and haven’t heard anyone whom has from the trip). Below are the vaccinations I ended up going with and their rough costs:
•           Yellow Fever $90
•           Typhoid $70
•           Polio $78
•           Hep A  & B ($70 – you need to get 3 additional boosters at $30 per booster)
•           Malaria meds (tablet form – Doxycycline)
I also got a script for Diamox (medical treatment for altitude sickness) though if you want more info on this read the Kilimanjaro section
Visas
We applied for our Kenya and Tanzania Visas in Australia before leaving. Some people got these over there on our tour which didn’t seem to difficult, though I figured if you have them already you can’t get hassled / scammed. Also worth mentioning that if you’re only visiting countries in theEast African Community you don’t need to get a multiple entry (just tell customs where you plan on going)
Egypt and Jordan also require visas for Australians though getting the Jordanian one at customs was easy (20 JD) and we only went to Sinai so a visa wasn’t required.
Language
Some handy words / translations to get you by.

Swahili
Hello = Jumbo
Goodbye = Kwa Heri
Yes = Ndio
No = Hapana
Please = Tafadhali
Thankyou = Asente (thank you very much = Asente Sana)
Excuse me = Samahani
Bill/Cheque = Billie
How are you = Habari Yako
I dont speak much Swahili = Siwezi Kusema Swahili Mengi

Arabic
Hello = Marhaba / Ma Salaam
Goodbye = Ma Salaama
Yes = Na`am
No = Laa
Please = Min Fadlak
Thankyou = Shukran
Excuse Me = ismahli

Itinerary

Wednesday, 23 October 2013 "Fly out 16:50 Sydney (EK5001) - Leave Newcastle approx 11am.
Arrive in Dubai at 12:35:00 AM"
Thursday, 24 October 2013 2 nights in Dubai hotel
Friday, 25 October 2013 Depart Dubai 10:45:00 AM (EK719) arrive in Nairobi
Saturday, 26 October 2013 Join tour in Nairobi Day 1
Sunday, 27 October 2013 Day 2 - Kisii
Monday, 28 October 2013 Day 3 - Cross border, Lake Victoria
Tuesday, 29 October 2013 Day 4 - Serengeti National Park
Wednesday, 30 October 2013 Day 5 - Serengeti National Park
Thursday, 31 October 2013 Day 6 - Ngorongoro crater
Friday, 1 November 2013 Day 7 - Meserani
Saturday, 2 November 2013 Day 8 - Marangu - 1300m
Sunday, 3 November 2013 Day 9 - Start trek Mandara Hut 1860m
Monday, 4 November 2013 Day 10 - Horombo Hut 3780m
Tuesday, 5 November 2013 Day 11 - Kibo Hut 4740m
Wednesday, 6 November 2013 Day 12 - Uhuru Peak/Summit 5896m
Thursday, 7 November 2013 Day 13 - Decent Horombo Hut 3780m
Friday, 8 November 2013 Day - 14. Tour finishes, free day in Marangu - Kilimanjaro to Zanzibar
Saturday, 9 November 2013 Zanzibar
Sunday, 10 November 2013 Zanzibar
Monday, 11 November 2013 Flight from Zanzibar to Nairobi (10:20) to Dubai (16:40)
Tuesday, 12 November 2013 Flight from Dubai to Amman (8:00 - 10:30am) - Dead Sea
Wednesday, 13 November 2013 Andy's Bday! - Dead Sea
Thursday, 14 November 2013 - petra
Friday, 15 November 2013
Saturday, 16 November 2013
Sunday, 17 November 2013 - sharm
Monday, 18 November 2013 - sharm
Tuesday, 19 November 2013 - sharm
Wednesday, 20 November 2013 - sharm
Thursday, 21 November 2013 - Flight Sharm el Sheikh to Amman to Dubai (17:30  - 21:30)
Friday, 22 November 2013 Dubai
Saturday, 23 November 2013 Fly out of Dubai 9:45:00 AM (EK5002)
Sunday, 24 November 2013 Arrive in Sydney, 6:30:00 AM

Flights

We booked a multi stop flight between Sydney and Nairobi transiting in Dubai with Emirates. We just extended our dates in Dubai to allow for our trip up to Egypt and Jordan.
Egypt and Jordan was flown with Royal Jordanian and around Africa was Fly 540 and Precision Air

Tours

GeckoAdventures // Exodus // Intrepid just some of the tour companies which operate in Africa. We ended up booking with Intrepid and the tour chosen is listed below which included what we were after. Safaris’ and Kili climb!
Some pros and cons of the tour:
Pro – get to see a lot of country side of the 2 countries
Pro – meet people with similar interests
Pro – meals, accommodation and travel included
Pro – Kilimanjaro climb included
Con – long days driving and sitting on the bus
Con – having to pack up / setup a tent every day (doesn’t leave much time for relaxing)
Con – more time spent driving than actually out on safari

Accommodation

Flora Creek Hotel Apartments (Dubai) – 2 Nights
Nice – Clean – Located near Deira City Centre, short walk to the metro and only a few stops from the airport
Holiday Inn Express (Dubai) – 1 Night
Across the road from Dubai airport, was transiting next/same day – note you cannot walk to this hotel since the road between the the airport and hotel is a multi lane highway. Shuttle goes every 15/30 mins from each terminal
Copthorne Hotel (Dubai) - 2 Nights
Nice – Clean – Located near Deira City Centre, short walk to the metro and only a few stops from the airport
Kempinski Hotel (Dead Sea) - 2 Nights
Stunning hotel right on the dead sea (Jordan side), pools, food and rooms were all nice.
Little Petra Bedouin Camp (Petra) - 2 Nights
Interesting little camp just outside of little Petra, well priced and run by a local family where you can enjoy local cuisine and local hospitality.
Intel Arab Divers Village (Aqaba) - 1 Night
Needed a place to stop over before transiting between Aqaba and Nuweiba. Not too far from the port (7JD Cab), nice clean and free Wi-Fi.
Xperience Sea Breeze Hotel (Egypt – Sharm El Sheikh) - 2 Nights
Nice hotel in Sharks Bay with all inclusive meals and drinks which backs right on to the red sea.
Kivi Milimani Hotel (Nairobi) - 2 Nights
This hotel is where the Intrepid trip left from. Hotel is a bit run down but has a nice pool, slightly out of the main CBD but convenient for the trip.
Maru Maru Hotel (Zanzibar) - 2 Nights
Right in the heart of Stone Town
Intrepid Tour Accommodation (Kenya / Tanzania)
on the tour the entire trip was camping in tents with the exception of Kisi which was in a Adventist Church kind of boarding school like accommodation


On the ground

Staying Safe
After talking to our tour leader in Africa he explained that most local people look at foreigners as a way to get money and while I’m sure this is not the case with everyone you meet, it did feel like it from time to time.
I guess it’s understandable when the average annual income is less than $1000 per year. On the flip side I’m sure people are genuine and kind hearted when you get to know them though it’s a bit hard when you’re only passing through!
Probably worth a mention that we were threatened in Zanzibar however with a “hospital visit” since we did not want to pay an exuberant price for some street food (should have paid up front and asked the price of EVERYTHING) – best advice is to be vigilant, aware, firm, and friendly.

$$$$$
As usual visa debit and 28degrees credit card was fine for getting cash out and paying for things.
Getting around – East Africa
Apart from the tour bus most modes of transport taken was a taxi (not the cheapest means but probably the most convenient and safest). Some other people on our tour took the public bus (matatu) places but more planning to get the right one is needed.
Getting around – Middle East
The only real means of transport in Jordan or Egypt/Sinai is taxi though with that said taxis can be reasonably priced if you negotiate well. Prices we paid to get an idea were:
Jordan:
Dead Sea – Petra $90 JD (Was difficult to negotiate when coming from a fancy hotel and no city / cabs driving by – We heard the going rate from Petra to Dead Sea to Amman is $75)
Petra – Aqaba $35 (JD)
Taxi’s around Aqaba $5/7 (JD)
Another option would be to hire a car (the roads/traffic seem not too bad) though it would most likely cost about the same as a getting round by taxi.

Egypt/Sinai:
Nuweiba to Sharm el-Sheikh $350 LE (extremely good value – during the Egypt unrest)
Around Sharm El-Sheikh we were paying about 20~50 LE for a taxi and 70 LE to the airport
It was also possible to take a bus between Nuweiba and Sharm el-Sheikh for 35LE – the bus I believe only runs a couple of times a day


Getting around – Dubai
Dubai is a very easy city to get around; the Metro system covers most of the areas you might want to visit however it only runs between approx. 6am ~ 12am, see HERE for the timetable and map. Also Friday is a holiday and most things don’t start till around 1pm (including the metro). Metered taxis are also a reasonable mode of transport for getting around.

Sightseeing

Nairobi
•           National Museum – Explore Kenya’s past and present cultural and natural heritage
•           Carnivore Restaurant – famous for its meats, listed as one of the worlds top 50 restaurants (2006)
•           National Park Safari Walk – Home to many of Africa’s animals, worth a look if you are strapped for safari time.
•           Giraffe Center – Feed Giraffe’s by hand
•           Kibera - largest club in Nairobi and the largest urban slum in Africa.
•           Karen Blixen museum – African home of Danish author Karen Blixen (famous for the book Out of Africa)

MT Kilimanjaro
See my separate post HERE for Hiking Mt Kilimanjaro
Zanzibar
•           Stonetown - Capital of Zanzibar, rich in history and one of the last places to produce saffron. Catch a spice tour for under $20
•           Slave Market - Trading hub during the 19th century, takes less than 30 mins to look around but maybe look at getting a tour guide if you would like to know more on the historical side.
•           Forodhani Gardens - Place where locals and tourists congregate after hours with many stalls selling all different kinds of seafood. Poorly lit and not many police / security guards around though just make sure to pay for your meals up front and ask the price of everything.
•           Jozani Forest- Home to the Red Colobus Monkeys
•           Kendwa beach - Nice beaches if you want to get away from the hustle and bustle of stone town and get some quality R & R.

Tanzania & Kenya
Outside Mt Kilimanjaro and Nairobi (and our organised tour) which are covered separately the following I think would be worth a look
•           Maasai Mara - National game reserve belonging to the Maasai people (similar to the Serengeti)
•           Mt Kenya - Highest mountain in Kenya (5199m) and second highest in Africa
•           Olduvai Gorge - Home to Homo Habilis (approx 1.9 million years ago) and the earliest evidence of mankind’s evolution.

Dubai
•           Burj Khalifa - 828 metres and 160 floors, this is the world’s tallest building (taller than the next contender by 300m)
•           Burj al-Arab Hotel - (self proclaimed 7 star) reservations checked at the gate. The Al Iwan buffet (though expensive) was very nice
•           Palm Island / Atlantis Hotel – artificial island shaped like a palm leaf and probably on par with the Burj Khalifa in ritzyness.
•           Mall of the Emirates - Another big mall in Dubai with an indoor ski/snowboard slope
•           Dubai Mall - Dubai’s largest mall with an ice rink, aquarium and right next door to the Burj Khalifah.
•           Dubai Fountains - Worlds largest dancing fountains
•           Bur Dubai Abra Dock – Where you can take a boat ride across Dubai Creek for 1 AED. Many reviews hype this up as a must to do though I would compare it with a ferry ride in Sydney harbor
•           Gold/Spice Souk - Historic markets in Dubai even if you’re not in the market for any gold or spice its worthwhile just as a tourist attraction.
•           Sheikh Mohammed Centre for Cultural Understanding - If you’re interested in the social or historical aspect of Dubai this is the place for you.

Jordan
•           Dead Sea - The worlds saltiest body of water and lowest point on earth (427m below sea level)
•           Petra – Carved into the red sandstone walls and featured in Indiana Jones last crusade (a childhood favorite), Petra is a city where many great empires had settled during their reign. Labelled as being half as old as time itself if you’re in the area a visit to Petra is a must. While we spent 1 day exploring (we didn’t see the monastery) if you wanted to do it at a more leisurely pace 2 days would be better. Some tour groups offer starting at the monastery which allows you to do the whole city in 1 day (cost to do it this way was an extra 60JD split between the travelling party)
There are also a handful of places where bibliographical things supposedly  happened which can be found HERE

Egypt – Sinai
•           Dahab – The hippie Mecca of the middle east
•           Nuweiba - Port city where you can ferry across to Aqaba (Jordan)
•           Sharm El-Sheikh - Popular tourist destination (understandably with the temperature and marine life)
•           St Katherine / Mt Sinai - Where Moses received the Ten commandments

Cost

VISAs – $150 AUD (Kenya / Tanzania)
Travel Insurance = $147.10 (
TID - 10% DISCOUNT CODES: TIDTHANKS)
Flights to/from Australia/Dubai/Nairobi = $2230AUD
Connecting flights = $
 1143.91AUD ( Zanzibar $487.25 | Amman $387.72 | Egypt $268.93 )
Intrepid tour = $3043.05 (including Mt Kilimanjaro and kitty money)
Accommodation = $ 1290AUD (per person Dubai | Jordan | Zanzibar | Sharm El-Sheikh)

Food
Burj Al Arab banquet + Drinks = $178.54 (584 AED)
Atlantis Palm Dubai (Kaleidoscope – Lunch) = $51.64 (169 AED)
500ml Coca-Cola (Supermarket) = 61c (2 AED)
200g Rump = $18.30 (60 AED)
Cheese Burger = $12.20 (40 AED)
500ml Coca-Cola (Supermarket) = $72c (55 KES)
500ml Tusker Beer (Supermarket) = $1.55 (55 KES)
Juicy Fruit (Supermarket)= $20c (15 KES)
Dairy Milk chocolate bar (Supermarket)= $3.85 (295 KES)
Potato Crisps = $40c (30 KES)
Beer (Zanzibar – Safari/Kilimanjaro) = $2.85 (4011 TZS)
Mineral Water (Zanzibar – 1L) = $2.85 (4011 TZS)
Wine (Zanzibar – Red) = $4.30 (6000 TZS)
Chicken Curry and Rice (Zanzibar) = $13.50 (19000 TZS)
Beer (Petra) = $8.30 (5.25 JD)
Risotto = $30.20 (19 JD)
Beer Amstel = $10.35 (6.50 JD)
Soft Drink = $5.60 (3.50 JD)
Misc
Serengeti balloon ride = $ 526.37 (40,255 KES)
TAXI – Nairobi to Giraffe Centre = $55.50 (1500 KES one way)
Airport transfer JKIA to Nairobi = $26.20 (2000 KES)
Petrol = $1.55/l (120 KES/l)
Kibera tour = $13 (2500 KES)
Slave market/museum = $4.50 (6000 TZS)
Petrol = $1.59/l (2237 TZS/l)
Dubai All day Metro ticket = $4.90 (16 AED)
Petrol = $1.28/l (.810 JD/l)
TAXI – Petra to Aqaba = $55.50 (35JD)
Ferry From Aqaba to Nuweiba = $80 (50JD)
Petra entrance = $80 ($50 JD)



APPROX TOTAL PRICE = $8800 + spending money ($1600 for food, partying and random expenses).

Final words.

This trip was definitely an Adventure! While at times we felt like we needed to be on guard, the cultural side was definitely eye opening. Highlights were certainly the wildlife and Mt Kilimanjaro and the last few relaxing days in Egypt were welcoming. Definitely would recommend if you are keen for something off the beaten path.