User Account

All Pages

How the arp cache poisoning attack work

Assignment Help Computer Networking
Reference no: EM131031968

Network Security Systems - TCP/IP Attack

Objective:

-Understand the vulnerabilities of TCP/IP protocols.
-Perform attacks on TCP/IP vulnerabilities.
-Study the countermeasures for the TCP/IP attacks.

Task 1: ARP cache poisoning:

The ARP cache is an important part of the ARP protocol. Once a mapping between a MAC address and an IP address is resolved as the result of executing the ARP protocol, the mapping will be cached. Therefore, there is no need to repeat the ARP protocol if the mapping is already in the cache. However, because the ARP protocol is stateless, the cache can be easily poisoned by maliciously crafted ARP messages. Such an attack is called the ARP cache poisoning attack.

In such an attack, attackers use spoofed ARP messages to trick the victim to accept an invalid MAC-to IP mapping, and store the mapping in its cache. There can be various types of consequences depending on the motives of the attackers. For example, attackers can launch a DoS attack against a victim by associating a nonexistent MAC address to the IP address of the victim's default gateway; attackers can also redirect the traffic to and from the victim to another machine, etc.

In this task, you need to demonstrate how the ARP cache poisoning attack work. Several commands can be useful in this task. In linux we can use command arp to check the current mapping between IP address and MAC.

Task 2: ICMP Redirect Attack:

The ICMP redirect message is used by routers to provide the up-to-date routing information to hosts, which initially have minimal routing information. When a host receives an ICMP redirect message, it will modify its routing table according to the message. Because of the lack of validation, if attackers want the victim to set its routing information in a particular way, they can send spoofed ICMP redirect messages to the victim, and trick the victim to modify its routing table.

In this task, you should demonstrate how the ICMP redirect attack works, and describe the observed consequence. To check the routing information in linux, you can use the command route.

Task 3: SYN Flooding Attack:

SYN flood is a form of DoS attack in which attackers send many SYN requests to a victim's TCP port, but the attackers have no intention to finish the 3-way handshake procedure. Attackers either use spoofed IP address or do not continue the procedure. Through this attack, attackers can flood the victim's queue that is used for half-opened connections, i.e. the connections that has finished SYN, SYN-ACK, but has not yet got a final ACK back. When this queue is full, the victim cannot take any more connection.

The size of the queue has a system-wide setting. In linux, we can check the system queue size setting using the following command:

# sysctl -q net.ipv4.tcp_max_syn_backlog

We can use command "netstat -na" to check the usage of the queue, i.e., the number of half-opened connection associated with a listening port. The state for such connections is SYN-RECV. If the 3-way handshake is finished, the state of the connections will be ESTABLISHED.

In this task, you need to demonstrate the SYN flooding attack. You can use the Netwox tool to conduct the attack, and then use a sniffer tool to capture the attacking packets. While the attack is ongoing, run the "netstat -na" command on the victim machine, and compare the result with that before the attack. Please also describe how you know whether the attack is successful or not.

SYN Cookie Countermeasure: If your attack seems unsuccessful, one thing that you can investigate is whether the SYN cookie mechanism is turned on. SYN cookie is a defense mechanism to counter the SYN flooding attack. The mechanism will kick in if the machine detects that it is under the SYN flooding attack. You can use the sysctl command to turn on/off the SYN cookie mechanism:
# sysctl -a | grep cookie (Display the SYN cookie flag)
# sysctl -w net.ipv4.tcp_syncookies=0 (turn off SYN cookie)
# sysctl -w net.ipv4.tcp_syncookies=1 (turn on SYN cookie)

Please run your attacks with the SYN cookie mechanism on and off, and compare the results. In your report, please describe why the SYN cookie can effectively protect the machine against the SYN flooding attack.

Task 4: TCP RST Attacks on Video Streaming Applications

For this task, you can choose a video streaming web site that you are familiar with (we will not name any specific web site here). Most of video sharing websites establish a TCP connection with the client for streaming the video content. The attacker's goal is to disrupt the TCP session established between the victim and video streaming machine. To simplify the lab, we assume that the attacker and the victim are on the same LAN. In the following, we describe the common interaction between a user (the victim) and some video-streaming web site:

The victim browses for a video content in the video-streaming web site, and selects one of the videos for streaming. Normally video contents are hosted by a different machine, where all the video contents are located. After the victim selects a video, a TCP session will be established between the victim machine and the content server for the video streaming. The victim can then view the video he/she has selected.

Your task is to disrupt the video streaming by breaking the TCP connection between the victim and the content server. You can let the victim user browse the video-streaming site from another (virtual) machine or from the same (virtual) machine as the attacker. Please be noted that, to avoid liability issues, any attacking packets should be targeted at the victim machine (which is the machine run by yourself), not the content server machine (which does not belong to you).

Task 5: TCP Session Hijacking

The objective of the TCP Session Hijacking attack is to hijack an existing TCP connection (session) between two victims by injecting malicious contents into this session. If this connection is a telnet session, attackers can inject malicious commands into this session, causing the victims to execute the malicious commands. We will use telnet in this task. We also assume that the attackers and the victims are on the same LAN.

If you use Wireshark to observe the network traffic, you should be aware that when Wireshark displays the TCP sequence number, by default, it displays the relative sequence number, which equals to the actual sequence number minus the initial sequence number. If you want to see the actual sequence number in a packet, you need to right click the TCP section of the Wireshark output, and select "Protocol Preference". In the popup window, uncheck the "Relative Sequence Number and Window Scaling" option.

Lab Report

You should submit a lab report with screen shots of each steps. The report should cover the following sections:

1) The design of your attacks, including the attacking strategies, the packets that you use in your attacks, the tools that you used.

2) Is your attack successful? How do you know whether it has succeeded or not? What do you expect to see? What have you observed? Some of the attacks might fail. If so, you need to find out what makes them fail. Attach screen shots of your observation.

It should be noted that because some vulnerabilities have already been fixed in Linux, some of the above attacks will fail in Linux, but they might still be successful against other operating systems.

Reference no: EM131031968

Questions Cloud

Examine the packaging for green works : Examine the packaging for Green Works What perceptual processes are evident in the design and in how consumers will perceive and interpret the Product?
How long could we afford to sustain the old system : The essence of our approach to ROI analysis was on what's focused and simplicity-Why did we need to replace the old system? How long could we afford to sustain the old system? What were people doing now that took so long?
Is connection in meteoritic material and life solar system : Is there any connection between meteoritic material and life in our Solar System? Explain your answer.
Find the long run probability that a caller is put on hold : Players and spectators enter a ballpark according to independent Poisson processes having respective rates 5 and 20 per hour. Starting at an arbitrary time, compute the probability that at least 3 players arrive before 4 spectators.
How the arp cache poisoning attack work : In this task, you need to demonstrate how the ARP cache poisoning attack work. Several commands can be useful in this task. In linux we can use command arp to check the current mapping between IP address and MAC
Develop a long-term professional relationship : In each case the client is attracted to the idea of working with a young architect / landscape architect / built environment professional, with whom they might develop a long-term professional relationship
Draw a single erd and identify primary and foreign keys : Draw a single ERD - clearly identify Primary and Foreign keys (state any assumptions made) and Create a view that would list all MIS required courses
Frederick mining had the following income and expense : Frederick Mining board of directors declares a $1.50-per-share dividend payable on 3/31/2016 to shareholders of record as of 3/15/2016. Frederick uses a dividends account to record dividends declared.
Indicate that both processes yield the same mean level : Reading down and left to right, draw a time series plot of all the data and comment on any features of the data that are revealed by this plot.

Reviews

Write a Review

Computer Networking Questions & Answers

  Craft an analytical report on strategies for the network

Craft an analytical report on strategies for hardening the network environment throughout the seven domains of a typical IT infrastructure.

  The interconnections between network devices

The interconnections between network devices

  Explain the purpose of individual networking devices

Define and exemplify circuit-switched and packet-switched networks. Understand and explain application, transport, network, and link layer protocols of the Internet. Explain the purpose of individual networking devices

  Solution for real-time analytical processing diminishes

When merging transaction and analytical processing problem occurs. Real-time analytical processing diminishes performance of transaction processing. Find the solution to this problem which many companies use?

  Write four addresses broadcast and network number

How many networks will be available? Write down the four addresses (broadcast and network number) for network starting at 131.204.18?

  Describe the interaction that should occur as client program

Describe the interaction that should occur as the client program encounters common network issues like delay, jitter or packet loss.

  Find features and capacities for web server computer

Find out the features and capacities (RAM, disk storage, processor speed) that Amy should include in the Web server computer that she will require for her site.

  Two of the characteristics of an ethernet 802.3 network

Two of the characteristics of an Ethernet 802.3 network are a shared bus and CSMA/CD. Explain in detail how a switch interacts with those characteristics.

  Attacking more than just the enterprise

Suppose you are a security director for a consulting firm that implements, secures, investigates, and supports point-of-sale (POS) for small and medium businesses (SMBs) in the retail industry.

  What is snmp and what are its major parts

What are the five areas of network management defined by the ISO - define the terms; managing entity, managed device, management agent, MIB, network management protocol.

  A name the url of the document requested by the browser

consider the following string of ascii characters that were captured by wireshark when the browser sent an http get

  Network discussionmodule 2 application layertopic for

network discussionmodule 2 application layertopic for discussion application layer collapsethis chapter covers lots of

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd