STL 1 Assignment 4

# STL 1 Assignment 4 ![](https://hackmd.io/_uploads/SyD1stEwh.png) ![](https://hackmd.io/_uploads/B1rliKNw2.png) 3 Networks (R1, R2, R3) ![](https://hackmd.io/_uploads/rkLLptVPn.png) ![](https://hackmd.io/_uploads/Hk4YpKND2.png) ![](https://hackmd.io/_uploads/SJXq6t4Dn.png) ### R1 ![](https://hackmd.io/_uploads/ryDJZ9Ew3.png) ### h1-1, h1-2, h1-3 ![](https://hackmd.io/_uploads/ByQDg5VD2.png) ### R2 ![](https://hackmd.io/_uploads/r1FG-9NPh.png) ![](https://hackmd.io/_uploads/ryBhbcEwh.png) ### R3 ![](https://hackmd.io/_uploads/BkwVxi4D2.png) ![](https://hackmd.io/_uploads/SkNuljEw2.png) ## BGP Network Diagram ![](https://hackmd.io/_uploads/Hk3d1jVD3.png) ![](https://hackmd.io/_uploads/rJlmH5Vvn.png) ![](https://hackmd.io/_uploads/ry-sS5VP3.png) ![](https://hackmd.io/_uploads/SyLCHc4D3.png) ![](https://hackmd.io/_uploads/BkfxI54D3.png) One is for external, the other is for internal ![](https://hackmd.io/_uploads/r1HGOcNv3.png) ![](https://hackmd.io/_uploads/r1fQO94D3.png) ![](https://hackmd.io/_uploads/Hkgz95Vwn.png) No response from 13.0.1.1 (h3-1) From R1 to R3 : ![](https://hackmd.io/_uploads/ByuUSZsDn.png) ![](https://hackmd.io/_uploads/H1hwq9VDh.png) ![](https://hackmd.io/_uploads/r1eLiq4v2.png) ping to R2 is successful ![](https://hackmd.io/_uploads/rJ9C094Pn.png) traceroute to 13.0.1.1 fails after R2 ![](https://hackmd.io/_uploads/BkOo_G9w3.png) No route to 9.0.0.1, meaning there's no route to send back the ping from R3 to R1. To repair the connectionb between R1 and R3, run the following command to add a gateway that connects both of them again: `route add default gw 9.0.1.1` ![](https://hackmd.io/_uploads/BJ_LEMoDh.png) R1 can now ping back once the hosts in R3 ![](https://hackmd.io/_uploads/r1qA4zjDn.png) However at this point, R3 cannot ping the hosts in R1, if we want to do it we can add in the default gateway in R1: `route add default gw 9.0.0.2` ![](https://hackmd.io/_uploads/H1FTSfjwh.png) ![](https://hackmd.io/_uploads/HkT8LMovn.png) ![](https://hackmd.io/_uploads/B1YAHfsvn.png) (The second last command is before the command is run) # BGP Attack 1 To check the available routes we can use the traceroute command as shown: `traceroute -n 13.0.1.1` ![](https://hackmd.io/_uploads/Hk1OvGoDh.png) Since R4 is not yet on the default website will be coming from R3 ![](https://hackmd.io/_uploads/BklV_Givh.png) To execute the Attack: Modified the network address from **14.0.0.0/8** to **13.0.0.0/8** in `conf/bgpd-R4.conf` in R1: ![](https://hackmd.io/_uploads/rJ_-wDoDh.png) to ![](https://hackmd.io/_uploads/Hkf2YMov3.png) To start the malicious website `./start_rogue.sh` ![](https://hackmd.io/_uploads/rJxQ9fivh.png) Note when `./website.sh` is run it is connecting to the attacker web server: ![](https://hackmd.io/_uploads/r1EVqfoP2.png) For the wireshark, we will be observing R1 connecting to R4, other than the KEEP ALIVE message, OPEN and UPDATE messages are also observed: ![](https://hackmd.io/_uploads/rJ3scmjD3.png) ![](https://hackmd.io/_uploads/H1tU5mjP3.png) Now the traceroute takes 2 hop to reach 13.0.1.1 since it goes through 9.0.4.2: ![](https://hackmd.io/_uploads/BJxiGwiw3.png) ## R4 ![](https://hackmd.io/_uploads/rkLXQviPn.png) ![](https://hackmd.io/_uploads/rkdfXvow2.png) ![](https://hackmd.io/_uploads/r1cdTXiPn.png) ![](https://hackmd.io/_uploads/BJy2J4jD2.png) ![](https://hackmd.io/_uploads/rkke-NiD2.png) # BGP Attack 2 ![](https://hackmd.io/_uploads/HkT2j4jPh.png) To do a DOS, we can use `hping3` command to send out mutiple pings at the same time. `hping3 --flood 11.0.1.1` ![](https://hackmd.io/_uploads/Hkz2mPiDh.png) ONce this is done the virtual box becomes very laggy. To combat this we can do a black hole routing in order to combat the DOS attack. This can be done by using the following: `route add 9.0.4.2 gw 127.0.0.1 lo` Black hole routing, also known as black hole filtering or packet black hole, is a network routing technique where incoming network traffic is dropped or discarded without any notification or forwarding. In other words, when a network device encounters a black hole route, it discards all packets destined for that route, essentially "swallowing" them. Basically, the black hole command is done to make it such that if the ping is done it show network is unreachable as seen: ![](https://hackmd.io/_uploads/HyXFdwsDh.png) ![](https://hackmd.io/_uploads/SyWauDsPh.png) continuous retransmission. This suggests that black hole routing is preventing the DOS attack.