Project Overview and Setup. CS155: Computer and Network Security. Project Overview. Goals of the assignment. Setup (2) Setup

Similar documents
CS155: Computer and Network Security

Solution of Exercise Sheet 5

CS5008: Internet Computing

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

TCP/IP Security Problems. History that still teaches

Network Security in Practice

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Packet Sniffing and Spoofing Lab

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

Ethernet. Ethernet. Network Devices

Network Traffic Analysis

Linux Network Security

My FreeScan Vulnerabilities Report

Firewall Design Principles Firewall Characteristics Types of Firewalls

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Network Security: Workshop

Packet Sniffing with Wireshark and Tcpdump

Network Packet Analysis and Scapy Introduction

Network Forensics: Log Analysis

A S B

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Firewalls, Tunnels, and Network Intrusion Detection

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Networks: IP and TCP. Internet Protocol

Network Security. Internet Firewalls. Chapter 13. Network Security (WS 2002): 13 Internet Firewalls 1 Dr.-Ing G. Schäfer

Transport Layer Protocols

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

P Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis

A Research Study on Packet Sniffing Tool TCPDUMP

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points

Secure Software Programming and Vulnerability Analysis

Introduction to Firewalls Open Source Security Tools for Information Technology Professionals

Security: Attack and Defense

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA

EKT 332/4 COMPUTER NETWORK

Tcpdump Lab: Wired Network Traffic Sniffing

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

General Network Security

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

Network Security. Network Packet Analysis

Life of a Packet CS 640,

Network Security Fundamentals

Firewall Implementation

EE984 Laboratory Experiment 2: Protocol Analysis

Firewalls. Chapter 3

Network Security. Chapter 13. Internet Firewalls. Network Security (WS 07/08): 13 Internet Firewalls 1 Dr.-Ing G. Schäfer

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Tera Term Telnet. Introduction

Attack Lab: Attacks on TCP/IP Protocols

Practical Network Forensics

Introduction to Passive Network Traffic Monitoring

BASIC ANALYSIS OF TCP/IP NETWORKS

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Modern snoop lab lite version

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm,

Introduction to Computer Security

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

B-2 Analyzing TCP/IP Networks with Wireshark. Ray Tompkins Founder of Gearbit

Topics in Network Security

Protocol Security Where?

Unix System Administration

CIT 380: Securing Computer Systems

CMPT 471 Networking II

finger, ftp, host, hostname, mesg, rcp, rlogin, rsh, scp, sftp, slogin, ssh, talk, telnet, users, w, walla, who, write,...

How To Monitor And Test An Ethernet Network On A Computer Or Network Card

Host Fingerprinting and Firewalking With hping

Lab VI Capturing and monitoring the network traffic

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

What is a DoS attack?

Voice over IP. Demonstration 1: VoIP Protocols. Network Environment

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

How do I get to

Network and Services Discovery

Looking for Trouble: ICMP and IP Statistics to Watch

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Sniffing in a Switched Network

CS155 - Firewalls. Simon Cooper <sc@sgi.com> CS155 Firewalls 22 May 2003

Cryptography and network security

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues

Networking Attacks: Link-, IP-, and TCP-layer attacks. CS 161: Computer Security Prof. David Wagner

Device Log Export ENGLISH

Firewalls. Network Security. Firewalls Defined. Firewalls

CSCE 465 Computer & Network Security

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

A Critical Investigation of Botnet

Computer Networks Practicum 2015

Introduction to Computer Security

Chapter 11 Cloud Application Development

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Transcription:

CS155: Computer and Network Security Project Overview and Setup Programming Project 3 Spring 2004 Matt Rubens mrubens@stanford.edu Project Overview 1) Use standard network monitoring tools to examine different networking protocols 2) Use a packet capture library to automatically intercept FT P transfers 3) Write a program to perform an injection attack on the RLOGI N protocol Goals of the assignment Get some hands-on networking experience Learn how secure different protocols are Learn about common attacks on clear-text protocols DON T end up in jail Never test your code outside of the boxes environment! Setup Setup (2) You are given three cow images corresponding to three separate machines on the network Client, server, and attacker T here are a number of users on the client sending network requests to services on the server T he attacker (you!) is trying to perform different attacks (the assignment) on the client and server All three boxes are located on the same Ethernet hub Ethernet is a broadcas t medium Every machine sees every packet, regardless of address! Normally, packets not intended for a host are discarded by the network card But in promiscuous mode all packets are available! Client Attacker Server 1

Setup (3) Setup (4) T o start up the boxes, follow these steps xterm e./string & Make s ure to use the copy of string included with the cow images! Otherwise the attacker will not be to see the network traffic. xterm e [open closed]box clientcow 10.64.64.64 & xterm e [open closed]box servercow 10.64.64.65 & xterm e [open closed]box attackcow 10.64.64.66 & You must use these exact I P addresses! You are NOT given an account on the client and server machines I f you re good you might get one soon! Once you have a password, you can remotely shutdown the client and server with ssh [username]@[ipaddr ] /sbin/halt We installed halt as setuid-root (bad idea in general!) But until then, you won t be able to do a clean shutdown on clientcow and servercow So keep a backup of the original images to avoid fscking Quick T CP/I P Review T CP/I P Overview On this assignment, we are only dealing with protocols that run over TCP/IP We assume a basic knowledge on the level of packets and ports I f you re not that comfortable with this, stop by office hours Relevant Network Layers Cliffs Notes Version Each T CP packet that you see is actually a T CP packet wrapped inside of an I P packet wrapped inside of an Ethernet packet. From http://www.erg.abdn.ac.uk/users/gorry/course/images/ftp-tcp-enet.gif Ethernet Header I P Header T CP Header Application Data 2

T CP Flags Synchronize flag [SYN] Used to initiate a T CP connection Acknowledgement flag [ACK] Used to confirm received data Finish flag [FI N] Used to shut down the connection T CP Flags (2) Push flag [PSH] Do not buffer data on receiver side send directly to application level Urgent flag [URG] Used to signify data with a higher priority than the other traffic I.e Ctrl+C interrupt during an FTP transfer Reset flag [RST ] T ells receiver to tear down connection immediately Connection setup T hree-way handshake From http: //www.cs.colorado.edu/~tor/sadocs/tcpip/3way.png Connection termination Either side can initiate termination Note that the first FI N packet may still contain data! From http: //homepages.feis.herts.ac.uk/~cs2_sn2/sn2-img62.png T he actual assignment (finally!) Phase 1: Sniffing Goal: observe network traffic, learn about different protocols Also: gain access to client and ser ver machines in order to make Phases 2 and 3 easier! I nstalled tools (must be run as root): T cpdump Old faithful, just gives raw packet info T ethereal Like tcpdump, but with more smarts about protocols T cpflow Focuses on the payload of the packets Great for examining application level data (i.e passwords)! 3

T cpdump options Phase 2: File Eavesdropping All three network monitoring tools take similar command line options Can filter packets by address, port, protocol, length, TCP flags, etc. Make sure to read the tcpdump manpage closely! For your submission, we want you to list the options that you used to isolate the packets containing username/password information. Manual packet sniffing is an interesting exercise, but programmatically capturing packets is much more powerful I n this part of the assignment, you will write a program to reconstruct a sniffed FT P file transfer Libpcap Libpcap is a packet capture library written in C I t allows you to write code to automate packet sniffing attacks. T he library is fairly simple to use Pseudocode: while (true) { packet = pcap_next(); // do something with the packet } We give you starter code in /home/user/pp3/sniff.c on the attackcow image. What to do Figure out which packets correspond to an FT P file transfer Detect when a tr ans fer starts and create a local file to store the data Extract data fr om packets and write them to the file Figure out when the transfer completes, close the file, and exit the program What to do (2) Phase 3: Packet I njection T he hard part is figuring out how to parse the various layers of headers. You can find the header definitions at: Ethernet: /usr/include/net/ethernet.h I P: /usr/include/netinet/ip.h T CP: /usr/include/netinet/tcp.h You ll also need to figure out how FT P data transfers work Using the techniques you learned in Phase 1 might be more productive than poring over protocol docs RLOGI N - allows remote login session Very similar to T elnet Does not ask for password if the client machine is mentioned in /etc/hosts.equiv or ~/.rhosts (big convenience... even bigger vulnerability) After authentication - the rest of the traffic is in the clear! Uses one T CP channel for communication 4

Attacks Libnet Can spoof an entire T CP connection I f the spoofed sender is present in /etc/hosts.equiv or ~/.rhosts, server won't ask for password Already established session can be hijacked by spurious injections (what you will do) You can run any command on the server with the permissions of the client i.e. /sbin/halt (if halt is setuid-root), rm rf, etc. Packet injection library Allows you to modify each and every field of packet Build packets from top to bottom : TCP -> IP -> Ethernet Automatically calculates correct checksums - no need to worry about them Starter code is provided for you in /home/user/pp3/inject.c on the attackcow What to do Observe traffic generated by an ongoing rlogin session for each interactive action, 3 packets will be generated client -> server : with the data (for eg: "ls\r\n") server -> client : echo the data - ack the previous packet (also send results of command) client -> server : ack the server packet Find out the correct sequence number (and other fields) to put in your malicious packet What to do (2) Other information to take care of : T CP header T CP options - contain timestamps of the packet being acked port numbers window size I P header source/destination I P addr esses T OS : type of service IP flags I P I D Ethernet header source/destination Ethernet addresses What to do (3) Wrapup You might try to figure out a way to get your own rlogin account on servercow T hen you could easily test out your injection program T his whole assignment shouldn t take more than a couple hundred lines of code However, it requires a good understanding of what s happening on the network T he programs seem simple, but they can take more time than anticipated (remember pp1?) Enjoy yourself this is fun stuff! 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information