Assignment 2 TCP/IP Vulnerabilities

Similar documents
Instituto Superior Técnico, Universidade de Lisboa Network and Computer Security. Lab guide: Traffic analysis and TCP/IP Vulnerabilities

Lab I: Using tcpdump and Wireshark

Assignment 3 Firewalls

5. Write a capture filter for question 4.

Lab #9: Basic Linux Networking

CSC 574 Computer and Network Security. TCP/IP Security

Use of the TCP/IP Protocols and the OSI Model in Packet Tracer

Computer Security II Lab Network Security

Assignment 4 Buffer Overflows

Layered Networking and Port Scanning

Stateless Firewall Implementation

Lab 1: Introduction to Linux Networking

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

K2289: Using advanced tcpdump filters

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Computer Networks A Simple Network Analyzer PART A undergraduates and graduates PART B graduate students only

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

TCP/IP Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Environment Setup. SEED Labs TCP/IP Attack Lab 1

Software Engineering 4C03 Answer Key

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

ECE 4110 Internetwork Programming Lab 4: Network Traffic Analyzers and Other Tools. Lab Goals. Section I: Ping vs. Ethereal

NET311 Computer Network Management Tools, Systems and Engineering

Lab 4 - Network Traffic Analyzers and Other Tools

CLI COMMAND SUMMARY BY MODE

CIT 380: Securing Computer Systems. Network Security Concepts

Fundamentals of Computer Networking AE6382

ELEC5616 COMPUTER & NETWORK SECURITY

WhatsConfigured v3.1 User Guide

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

SECURITY+ LAB SERIES. Lab 3: Protocols and Default Network Ports Connecting to a Remote System

Lab 8: Introduction to Pen Testing (HPING)

Vulnerability Assessment using Nessus

ECE 697J Advanced Topics in Computer Networks

521262S Computer Networks 2 (fall 2007) Laboratory exercise #4: Multimedia, QoS and testing

Packet Capturing with TCPDUMP command in Linux

Network Traffic Analysis - Course Outline

Introduction to OSI model and Network Analyzer :- Introduction to Wireshark

Post Connection Attacks

Lab - TCP Traffic Generator

Agility2018-TCPdump Documentation

Packet Tracer - Investigating the TCP/IP and OSI Models in Action (Instructor Version Optional Packet Tracer)

Tcpdump. For this exercise you must again be root. Login and obtain root privileges: Note that we use three computers for this exercise.

Detecting Sniffers on Your Network

History Page. Barracuda NextGen Firewall F

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

Exercises: Basics of Networking II Experiential Learning Workshop

Chapter 6 Global CONFIG Commands

ETHICAL HACKING LAB SERIES. Lab 13: Exploitation with IPv6

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Configuring attack detection and prevention 1

1. Which OSI layers offers reliable, connection-oriented data communication services?

20-CS Cyber Defense Overview Fall, Network Basics

Lab - Using Wireshark to Examine TCP and UDP Captures

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Lab 4: Network Packet Capture and Analysis using Wireshark

Hands-On Ethical Hacking and Network Defense

This article explains how to configure NSRP-Lite for a NS50 firewall to a single WAN.

Lab Using Wireshark to Examine Ethernet Frames

F5 WANJet 200. Quick Start Guide. Quick Start Overview

Appendix B Policies and Filters

Network security - basic attacks

2 nd SEE 6DISS Workshop Plovdiv June Host Configuration (Windows XP) Athanassios Liakopoulos

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Introduction to Firewalls using IPTables

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

CS 4351/5352 Computer Security, assignment 4. Due date: Sunday, May 18, noon.

CS 716: Introduction to communication networks. Instructor: Sridhar Iyer Demo by: Swati Patil IIT Bombay

If you have a computer enabled with Intel Active Management Technology

Lab Using Wireshark to Examine Ethernet Frames

Session Overview. ! Introduction! Layer 2 and 3 attack scenarios! CDP, STP & IEEE 802.1q! ARP attacks & ICMP abuse! Discovering & attacking IGPs

Nessus Scan Report. Hosts Summary (Executive) Hosts Summary (Executive) Mon, 15 May :27:44 EDT

Module 19 : Threats in Network What makes a Network Vulnerable?

Selected Network Security Technologies

Guidelines of Ethernet for Using a Star Dvice. - Windows - Rev. 2.0

Packet Analysis - Wireshark

Network Analyzer :- Introduction to Wireshark

BSc Year 2 Data Communications Lab - Using Wireshark to View Network Traffic. Topology. Objectives. Background / Scenario

ECE 4110 Internetwork Programming Lab 2: TCP Traffic Generator. Lab Goals. Prelab

Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks

NETWORK SECURITY. Ch. 3: Network Attacks

MiPDF.COM. 1. Convert the decimal number 231 into its binary equivalent. Select the correct answer from the list below.

Man In The Middle Project completed by: John Ouimet and Kyle Newman

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

How to Restrict a Login Shell Using Linux Namespaces

WhatsConnected v3.5 User Guide

LAB THREE STATIC ROUTING

TCPDUMP. Chia-Tien Dan Lo Department of Computer Science and Software Engineering Southern Polytechnic State University

CompTIA Network+ Lab Series Network Concepts. Lab 3: TCP/IP Utilities

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

ch02 True/False Indicate whether the statement is true or false.

CSC 405 Introduction to Computer Security. Network Security

Table of Contents Chapter 1 Telnet Protection Configuration Commands

Lab 1: Packet Sniffing and Wireshark

Packet Header Formats

I Commands. iping, page 2 iping6, page 4 itraceroute, page 5 itraceroute6 vrf, page 6. itraceroute vrf encap vxlan, page 12

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

CIT 480: Securing Computer Systems

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

Secure Communications Over a Network

Spring 2017 Gabriel Kuri

Transcription:

LEIC/MEIC - IST Alameda LEIC/MEIC/MERC IST Taguspark DEASegInf Network and Computer Security 2012/2013 Assignment 2 TCP/IP Vulnerabilities Goals Gather information about the machines in the network. Explore some vulnerabilities of TCP / IP. Introduction to tcpdump, nemesis, nmap, nessus and Ethereal tools. 1. Listening to the network 1.1. Network topology Consider the network topology used in assignment 1. 1.2. Tcpdump The program Tcpdump allows you to listen the local network (man tcpdump). 1.2.1. Run tcpdump in machine 3 and detect the packet ICMP (using ping c 1) from machine 1 to machine 2. To identify the header, the IP address, the MAC address and protocol use tcpdump options X and XX. 1.2.2. Keeping tcpdump running, start a telnet connection between machine 1 and machine 2 (username: fireman, password: inseguro). Read the username and password of the user. Observe that username and password appear letter by letter in different packets. > tcpdump X dst host <IP destination> 1.2.3. Keep tcpdump running and start a ssh connection between machine 1 and machine 2. Observe that it is not possible to read the username or password.

1.3. Ethereal The program Ethereal has a similar functionality to that of TCPdump but provides a graphical user interface. 1.3.1. Run ethereal in command prompt. 1.3.2. Go to the ethereal - > Capture - > Options menu; 1.3.3. Choose interface eth0; 1.3.4. Select: Update list of packets in real time Automatic scrolling in live capture Hide capture info dialog 1.3.5. Click start; 1.3.6. Observe the network packets while executing: a) ping b) telnet i. See the IP and Ethernet headers. ii. In the analyze menu do follow tcp stream to observe both the username and password. c) ssh 1.4. Nmap The nmap tool provides information from remote machines (man nmap). 1.4.1. To obtain the open ports from a remote machine run: nmap <ip from remote machine> 1.4.2. To obtain the operating system from a remote machine run: nmap -O <ip from remote machine> 2. Vulnerabilities in TCP / IP 2.1. ARP redirect The arp table (man arp) maps ip addresses to mac addresses. It is possible to change this table to redirect packets. This vulnerability is important in situations where we have a network with a switch, which make it impossible to read

packets with tcpdump. To change the arp table of a remote machine do as follows: 2.1.1. Obtain the mac addresses from the target. From machine 2 do: ping -c 1 192.168.1.1 ping -c 1 192.168.1.3 2.1.2. See arp table from machine 1 and 3: 2.1.3. Know the mac address of the attacking machine (machine 2): Ifconfig eth0 2.1.4. Check the relation between IP address and mac address. In machine 1 do: ping -c 1 192.168.1.2 ping -c 1 192.168.1.3 2.1.5. By consulting the arp table it is possible to check if mac addresses are correct. To change the arp table in machine 1, you can use nemesis command (nemesis help). In machine 2 do: nemesis arp - v - S 192.168.1.3 - D 192.168.1.1 - h <MAC of machine 192.168.1.2> - m <MAC of machine 192.168.1.1> This command allows the injection of an arp packet, therefore changing the arp table in machine 1. When machine 1 receives this packet, it will assume that the mac address of machine 3 is the mac address of machine 2. To observe these attacks, in machine 1 do: If this procedure is carried out at regular intervals (every 10 sec, for example) all traffic from 192.168.1.1 to 192.168.1.3 machine is redirected to 192.168.1.2. If we do the same for 192.168.1.3 we can have our machine receiving all packets between the two other machines and forward them after reading them. 2.2. RST Hijacking The purpose of this attack is to reset a TCP connection. 2.2.1. Set a ssh connection between machine 1 and machine 2. 2.2.2. On machine3, check the sequence number of acknowledge and the port used by machine 1:

tcpdump -S -n -e -l tcp[13] & 16 == 16 1 2.2.3. Use nemesis to send a packet of reset, from machine 3 to one of the other machines, using the correct sequence number: nemesis tcp -v -fr -S 192.168.1.3 -x 22 -D 192.168.1.1 -y <port> -s <ack number> 2.2.4. Check if connection is closed. 2.3. Redirect response to icmp echo/request This attack allows a ping response to be sent to a machine that didn t make the request. 2.3.1. Run tcpdump to spy the source and destination in the packets. > tcpdump ip[9]=1 2.3.2. Send a ICMP packet with a wrong source: nemesis icmp - S < source IP> - D <destination IP> 3. Nessus (optional) This tool allows you to perform a security analysis on a remote machine. 3.1. Check what kinds of vulnerabilities the virtual machines have, using nessus. Before using this tool you have to configure nessusd server as specified in the annex. 3.2. Run nessus in machine 2. 3.3. On target enter the IP of the machine you want to analyze. 3.4. Start the scan. 1 The bit 13 of the header indicates that the packet has the ack.

Appendix 1. Nessusd Server configuration To properly install the nessus server (nessusd) you must follow the following steps: 1.1. Fix some issues in the nessus scripts, caused by different versions of bash. The files are in / usr / sbin and are: nessus-mkcert, nessus-adduser. The amendment is to replace the line "trap 0" to "trap - 0. 1.2. Create a certificate running the script nessus-mkcert. 1.3. Create root user running the script nessus-adduser. Enter the user name (root), a password at your choice and no rules. Consult man nessus-adduser for more information. 1.4. Launch the service nessusd. There are two possible methods (wait a significant period of time until all plugins are loaded): a. nessusd D b. /etc/init.d/nessusd start 1.5. Activate nessusd at startup: chkconfig nessusd on 2. Changing the display resolution To change the display resolution in graphics mode, use the application xlucas and follow the instructions. 3. Change the hostname and name resolution Change files /etc/hostname and /etc/hosts.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback