Date: 2020-03-04
PLAGIARISM SCAN REPORT
Exclude Url : None
Content Checked For Plagiarism
ASSIGNMENT TCP/IP Attack Lab Student Name: University Name: February 21, 2020 ? Table of Contents Task 1: SYN Flooding Attack 3
Solution: 3 Step# 01: 6 Step# 02: 6 Step# 03: 7 Step# 04: 8 Step# 05: 9 Step# 06: 10 Step# 07: 11 Task 2: TCP RST Attacks on telnet and
ssh Connections 12 Solution: 12 Telnet Connection: 12 Step# 01: 12 Step# 02: 14 Step# 03: 16 Step# 04: 17 Step# 05: 18 SSH
connection: 19 Step# 01: 19 Step# 02: 20 Step# 03: 21 Step# 04: 22 Step# 05: 22 Step# 06: 23 Task 3: TCP RST Attacks on Video
Streaming Applications 24 Solution: 24 Step# 01: 24 Step# 02: 25 Step# 03: 26 Step# 04: 27 Task 4: TCP Session Hijacking 28 Solution:
28 Step# 01: 28 Step# 02: 28 Step# 03: 31 Step# 04: 31 Step# 05: 32 Step# 06: 33 Step# 09: 34 ? Task 1: SYN Flooding Attack Solution:
First of all, let’s list the IPv4 addresses of the virtual machines: Figure 3.1.1: IPv4 address of SEEDUbuntu Figure 3.1.2: IPv4 address of
SEEDUbuntu_Hacker Figure 3.1.3: IPv4 address of SEEDUbuntu_User Let’s list all the IPv4 addresses below for convenience:
SEEDUbuntu 192.168.56.101 SEEDUbuntu_Hacker 192.168.56.102 SEEDUbuntu_User 192.168.56.103 Step# 01: Check the status of
cookies in the victim machine: sysctl net.ipv4.tcp_syncookies Figure 3.1.4: Cookies status in the victim compute As we can see in Figure
3.1.4, in the victim machine, the cookies is on because the value is 1. Step# 02: In the victim machine, let’s use the command: netstat -anp |
grep ":23” Figure 3.1.5: netstat -anp | grep ":23 " As we can see in Figure 3.1.5, initially in the victim machine port 23 is open and listening
for any incoming packets. Step# 03: Feed the parameters in “Netwag” and “generate” the command for the attacker’s terminal: Figure 3.1.6:
Terminal command generated in Netwag Step# 04: Initiate the SYN Flooding Attack from the attacker using the command: netwox 76 --dst-
ip 192.168.56.103 --dst-port 23 --spoofip "raw" Figure 3.1.7: SYN Flooding Attack Here, sudo -s command was used to utilize the root
privilege for the netwox command. Without the root privilege, the command returns an error. As we see in Figure 3.1.7, the attacker used
netwox 76 to send spoofed SYN request to the victim under port 23. The packet type must ALWAYS be raw or else the attacker would send
an ARP request for the MAC address of the spoofed source IPv4 address. Step# 05: Observer observes the network traffic on Wire shark.
Figure 3.1.8: Wireshark output observed by observer As we can see in Figure 3.1.8, the observer can see the spoofed TCP SYN packets
with different IP address being sent to the victim. Step# 06: Let’s type the command netstat -anp | grep ":23 " in the victim machine while
the attack is in progress: Figure 3.1.9: netstat –na | less As we can see in Figure 3.1.9, there is no effect of the SYN attack in the victim
computer. It is because in Step# 01, we saw that the SYN Cookie is enabled, which is protecting the victim machine against the SYN
flooding from the attacker machine. Step# 07: Now let’s turn off the SYN cookie in the victim machine with command sysctl -w
net.ipv4.tcp_syncookies=0 and using sysctl net.ipv4.tcp_syncookies, see the change. After that repeat Step# 04, Step# 05 and Step# 06.
The results are as follows: Figure 3.1.10: Step# 07 + Repetition of Step# 04, Step# 05 and Step# 06 for a Successful SYN Flood Attack As
we can see in Figure 3.1.13, as the victim’s syn queue gets filled up it sends out the SYN-ACK packet and waits for the ACK which can be
seen as SYN_RECV which indicates that the connection is in half opened state. Below is the updated Wireshark observation on a random
transmission packet: Figure 3.1.11: Wire shark output observed by observe Task 2: TCP RST Attacks on telnet and ssh Connections
Solution: Telnet Connection: Figure 3.2.1: Telnet connection from the victim to the observer Step# 01: Establish telnet connection from the
victim to the observer: As we can see in Figure 3.2.1, when there is no TCP RST attack the victim can make a telnet connection to the
observer. The ifconfig command shows that the victim now possess the observer’s IPv4 address as displayed in Figure 3.2.2: Figure 3.2.2:
Victim possesses observer’s IPv4 address Figure 3.2.3: Wireshark observation of packet transmission Figure 3.2.4: Packet# 01 telnet data
As we can see in Figure 3.2.3 and Figure 3.2.4, the attacker watches the connection made between the victim and observer and the packet
being sent these two machines between utilizing Wire shark. Step# 02: After the connection is established, the ls command in the victim
machine shows the folder listing of the observer (Figure 3.2.5), which is verified by taking a screenshot of folders from the observer
55% Plagiarised
45% Unique
900 Words
6508 Characters
machine (Figure 3.2.6): Figure 3.2.5: ls command in victim machine displays the folders in the observer machine Figure 3.2.6: Screenshot
of folders from the observer machine Step# 03: Let's start the attack! The attacker sends out the forged TCP RCT packet to the victim by
modifying the source IP address as observer. The filter can also be changed to host 192.168.56.103 and dst port 23. Command in the
attacker: sudo -s netwox 78 --device "Eth0" --filter "host 192.168.56.103" --spoofip "raw" --ips "192.168.56.101" Figure 3.2.7: netwag
generated command Figure 3.2.8: TCP RST Attack on telnet Step# 04: The attacker prepares and waits for any victim packet in LAN.
Once the victim types any further command inside observer the TCP RST packet is sent to the victim and forces it to terminate the telnet
connection. Figure 3.2.9: telnet connection terminated Step# 05: The attacker can see the TCP RST packet sent by the observer to the
victim forcing it to terminate the connection utilizing Wire shark. Figure 3.2.10: Wireshark observation (Boxed in Blue: Frame# 13) Figure
3.2.11: Wireshark observation of Frame# 13 SSH connection:
35% Plagiarised
... filled up it sends out the SYN -ACK packet and waits for the ACK which can be seen as SYN_RECV which indicates that the
connection is in half opened state.
https://www.coursehero.com/file/p3bcaj1/16856103-Victim-Purple-background-Step-01-Check-the-status-of-cookies-in-the/
3% Plagiarised
3.2 Task 2: TCP RST Attacks on telnet and ssh Connections Using Ubuntu Seedlabs complete the following task: The TCP RST
Attack can terminate an ...
https://www.coursehero.com/file/49097634/32-Task-2-TCP-RST-Attacks-on-telnet-and-ssh-ConnectionsUsing-Ubudocx/
15% Plagiarised
Page 13 of 27 Figure 3.2.10: Wireshark observation (Boxed in Blue: Frame# 13) Figure 3.2.11: Wireshark observation of Frame# 13
SSH connection: Step# 01 : Before the attack the victim can make successful SSH connection with observer ...
https://www.coursehero.com/file/p1nv2c2v/In-this-task-you-need-to-launch-an-TCP-RST-attack-to-break-an-existing-telnet/
3% Plagiarised
Once the victim types any further command inside observer the TCP RST packet is sent to the victim and forces it to terminate the
telnet connection. Observation: ...
https://www.coursehero.com/file/p5df345p/The-attack-can-be-more-effective-if-the-following-parameters-are-changed-in/