Practical lab.md

Practical lab

Overview

This second project requires you to work with command line Linux and some attack
tools to craft TCP/IP attacks.

You will set up a virtual network and use pre-built VMs as the lab environment.

The lab is provided by Professor Wenliang Du from Syracuse University.

Getting Started

You need to install VirtualBox on your machine.

You can obtain this from here.

Now you should download the VM needed for the exercise and install it.

Follow these instructions.

There is a manual on using the images with VirtualBox.

The Lab

We are going to the TCP/IP attacks that is found here.

There are five tasks:

  • Task 1: SYN flooding attack
  • Task 2: TCP RST Attacks on telnet and ssh Connections
  • Task 3: TCP RST Attacks on Video Streaming Applications
  • Task 4: TCP Session Hijacking
  • Task 5: Creating Reverse Shell using TCP Session Hijacking

If you cannot solve the task you should document what you have done and move onto the next.

Notes

Task 1

Note that Eth1 is the first physical ethernet adapter (often called eth13 when
you use ifconfig) and eth2 is the second physical ethernet adapter.

You do not need to specify the device all the time for netwag or netwox.

Task 2

Instead of telnet, try running a simple webserver on the victim.

python -m SimpleHTTPServer

Task 3

I suggest visiting http://www.quirksmode.org/html5/tests/video.html.

Note that you will be using the first ethernet adapter in this case to send the
request via the NAT interface.

You might find it easiest to launch the attack on the Victim from the victim
itself. That is using the first interface.

Task 4

Use the LAN network for the attack, you need to be able to sniff the TCP packets
from another machine in order to work out the correct TCP sequence number.

Previously people found it easier to implement attack using the scapy option.

Lab Report

You should submit a lab report (as a PDF). The report should cover the following sections:

  • Design: The design of your attacks, including the attacking strategies, the packets that you use in your attacks, the tools that you used, etc.
  • Observation and Explanation: Is your attack successful? How do you know whether it has succeeded or not? What do you expect to see? What have you observed? Is the observation a surprise to
    you?

Grading

The following grading rubric will be used.

Criteria 1 2 3 4 Feedback
SYN flooding attack: design
SYN flooding attack: observation
TCP RST Attacks on telnet and ssh Connections: design
TCP RST Attacks on telnet and ssh Connections: observation
TCP RST Attacks on Video Streaming Applications: design
TCP RST Attacks on Video Streaming Applications: observation
TCP Session Hijacking: design
TCP Session Hijacking: observation
Creating Reverse Shell using TCP Session Hijacking: design
Creating Reverse Shell using TCP Session Hijacking: observation

1 = standard not met

2 = standard partially met

3 = standard met

4 = exceed expectations

For design:

  • describes the principles behind the attack
  • specifies the network architecture (IP addresses, ethernet devices)
  • sets out how the attack is implemented (tools, commands, packets etc.)

For observation and explanation:

  • explain how you know if the attack was successful or not
  • screenshots showing the results of the attack
  • explain whether your results show whether the attacked worked or not
  • should it not work - why not? should it work - how protect against it?