This second project requires you to work with command line Linux and some attack
tools to craft TCP/IP attacks.
You will set up a virtual network and use pre-built VMs as the lab environment.
The lab is provided by Professor Wenliang Du from Syracuse University.
You need to install VirtualBox on your machine.
You can obtain this from here.
Now you should download the VM needed for the exercise and install it.
Follow these instructions.
There is a manual on using the images with VirtualBox.
We are going to the TCP/IP attacks that is found here.
There are five tasks:
- Task 1: SYN flooding attack
- Task 2: TCP RST Attacks on telnet and ssh Connections
- Task 3: TCP RST Attacks on Video Streaming Applications
- Task 4: TCP Session Hijacking
- Task 5: Creating Reverse Shell using TCP Session Hijacking
If you cannot solve the task you should document what you have done and move onto the next.
Note that Eth1 is the first physical ethernet adapter (often called
ifconfig) and eth2 is the second physical ethernet adapter.
You do not need to specify the device all the time for netwag or netwox.
Instead of telnet, try running a simple webserver on the victim.
python -m SimpleHTTPServer
I suggest visiting http://www.quirksmode.org/html5/tests/video.html.
Note that you will be using the first ethernet adapter in this case to send the
request via the NAT interface.
You might find it easiest to launch the attack on the Victim from the victim
itself. That is using the first interface.
Use the LAN network for the attack, you need to be able to sniff the TCP packets
from another machine in order to work out the correct TCP sequence number.
Previously people found it easier to implement attack using the scapy option.
You should submit a lab report (as a PDF). The report should cover the following sections:
- Design: The design of your attacks, including the attacking strategies, the packets that you use in your attacks, the tools that you used, etc.
- Observation and Explanation: Is your attack successful? How do you know whether it has succeeded or not? What do you expect to see? What have you observed? Is the observation a surprise to
The following grading rubric will be used.
|SYN flooding attack: design|
|SYN flooding attack: observation|
|TCP RST Attacks on telnet and ssh Connections: design|
|TCP RST Attacks on telnet and ssh Connections: observation|
|TCP RST Attacks on Video Streaming Applications: design|
|TCP RST Attacks on Video Streaming Applications: observation|
|TCP Session Hijacking: design|
|TCP Session Hijacking: observation|
|Creating Reverse Shell using TCP Session Hijacking: design|
|Creating Reverse Shell using TCP Session Hijacking: observation|
1 = standard not met
2 = standard partially met
3 = standard met
4 = exceed expectations
- describes the principles behind the attack
- specifies the network architecture (IP addresses, ethernet devices)
- sets out how the attack is implemented (tools, commands, packets etc.)
For observation and explanation:
- explain how you know if the attack was successful or not
- screenshots showing the results of the attack
- explain whether your results show whether the attacked worked or not
- should it not work - why not? should it work - how protect against it?