--- tags: 48-INS --- 5 weeks Coursework 100%, released in wk5, deadline in wk9 # 1: Genral Concepts and Attacks <img src='https://i.imgur.com/JgiNnMg.jpg' width='90%'> --- ## Tools 1. OpenNebula 2. Wireshark 3. Scapy 4. Snort 5. OpenSSL ## Networks are insecure by default ## Key Reinstallation Attacks on WPA2 ## Attack Types (I) - Passive eavesdrops **Countermeasures**: end-to-end encryption ## Attack Types (II) - Active modify messages, inject new messages, replay sent messages **Countermeasures:** sender/receiver authentication ## MITM Attacks - Spoofing atk Masquerade as another entity - DoS atk ## TCP/IP Stack | Column 2 | Protocols | Attacks | |:----------------- |:---------------------------- |:--------------------------------------------------------- | | Application Layer | HTTP, DNS, FTP, Telent, SMTP | XSS, CSRF, SQL inj., ... | | Transport Layer | **TCP**, UDP | **SYN flooding**, **TCP spoofing**, **session hijecking** | | Internet Layer | **IPv4/6** | **IP spoofing**, **ICMP DoS Atk**, **Fragmentation Atk** | | Link Layer | **ARP**, NDP, MAC | jamming, **ARP spoogfing/poisoning**, **ARP mitm atk**, MAC flooding, packet sniffing | ## A man-in-the-middle atk is active atk True ## Can an adversary mount a man in the middle attack via ARP poisoning? Yes ## Can an adversary mount a DoS attack by abusing ARP? Yes ## DoS Mac flooding content addressable memory table ## Attacks on ARP ### ARP Protocol IP/MAC mapping ### ARP Spoofing/Poisoning # Lab 1: ARP Spoofing | | IP Addr. | HW Addr. | |:----- |:------------ |:----------------- | | Eve | 192.168.5.12 | 02:00:c0:a8:05:0c | | Alice | 192.168.5.10 | 02:00:c0:a8:05:0a | | Bob | 192.168.5.11 | 02:00:c0:a8:05:0b | ```python >>> arp_L3=ARP() >>> arp_L3.hwsrc= "<Eve’s HW address>" >>> arp_L3.psrc= "<Eve’s IP address>" >>> arp_L3.pdst= "<Alice’s IP address>" >>> pp=IP(dst="<Alice’s IP address>")/ICMP() ```