640 likes | 789 Views
W4140 Network Laboratory Lecture 8 Oct 30 - Fall 2006 Shlomo Hershkop Columbia University. Announcements. Last lab will be due next week due to hardware issues will be working on it today: Group presentations please save questions for end if you have an idea, please share
E N D
W4140 Network LaboratoryLecture 8Oct 30 - Fall 2006Shlomo HershkopColumbia University
Announcements • Last lab will be due next week due to hardware issues • will be working on it • today: Group presentations • please save questions for end • if you have an idea, please share • need to coordinate between groups/racks
Virtual Private Networks Gilbert Hom (gch2102@columbia.edu) Mohit Vazirani (mcv2107@columbia.edu) Eric Zhang (ehz2101@columbia.edu)
Purpose • Learn about how VPNs establish secure channels in a volatile and inherently insecure environment • Explore VPN options in Windows and Linux and learn about how different implementations interact
Phase 1 Goals • Set up a VPN server and several VPN clients • The VPN server will run Windows 2000/2003 Server; the clients will run Windows XP • Observe traffic flow and encryption between machines with Ethereal/tcpdump
Network Setup Router2 E0/0: 10.0.2.2/24 E0/1: 10.0.3.1/24 PC3 E0/0: 10.0.4.4/24 Server/PC1 E0/0: 10.0.1.11/24 Router4 E0/0: 10.0.3.4/24 E0/1: 10.0.4.1/24 Hub Hub PC4 E0/0: 10.0.4.3/24 Router1 E0/0: 10.0.1.1/24 E0/1: 10.0.2.1/24 Router3 E0/0: 10.0.2.3/24 E0/1: 10.0.3.2/24 PC2 E0/0: 10.0.4.2/24 This topology simulates the internet: The server and clients are on different subnets, and there may be multiple paths available to the server from the client.
Tools • Windows 2000 Server, Windows XP – Built-in support for VPN connections and firewalls through network configuration options • Linux – Openswan (Open source IPsec implementation for Linux) for VPN and iptables for firewalling • Ethereal – To monitor network traffic and verify that the communication is encrypted. • OpenSSL – To generate certificates needed for authentication.
Research Papers • M. Blaze, J. Ioannidis, and A. Keromytis. “Trust Management and Network Layer Security Protocols.” In Proceedings of the 1999 Cambridge Security Protocols International Workshop, 1999. http://citeseer.ist.psu.edu/643312.html • R. Gawlick, C. Kamanek, and K.G. Ramakrishnan. “On-line routing for virtual private networks.” Unpublished manuscript, February 1994. http://citeseer.ist.psu.edu/186679.html
Man-in-the-middle Attackusing ARP Poisoning Arezu Moghadam (amm2141) Armando Ramirez (alr2106) Mark Tabry (met2105)
Project Objective • ARP protocol insecure by design • Possible to impersonate routers/clients • Nature of wireless networks compound the problem • Inject our attacker between client and router, and manipulate traffic
Phase One Goals • Poison ARP caches of router and client • Set up attacker’s IP forwarding • Man-in-the-middle without analysis or data manipulation
Phase Two Goals • Actively intercept and reply to HTTP requests • If time, attack other protocols
AP Client Attacker Network Setup To router I am router I am client
AP Client Attacker Network Setup To router
Systems and Tools • Laptop with Linux kernel (attacker) • Linux IP forwarding • Linux library for packet construction • libnet? • Interest Lab Access Point/Client • Network Sniffer • Ethereal
Research Papers • S. Manwani. ARP cache poisoning prevention and detection. Technical report, Faculty of Computer Science, San Jose State University, December 2003.
StealingWireless HTTPS Auth Casey Callendrello Eric Garrido {cdc2107,ekg2002}@columbia.edu
The Big Idea • Use the inherent insecurity in wireless networking to steal passwords. • Exploit HTML vulnerabilities to silently grab passwords.
What’s the problem with WiFi? • You have no idea where your packets are going or where they’re coming from. • Anybody can name their AP “Columbia University”
Phase 1 Goal • Using a Linux PC, impersonate an AP • Intercept traffic and insert HTML exploits. Use these to capture passwords • Two “exploit vectors” • DNS hijacking • Man-in-the-middle HTML injection
Exploit • Send a bogus DNS response to a website we control. • Man in the middle attack • Send a TCP reset to the server • Send traffic to the client with our exploit
Javascript • Simply sends us keypresses. • Posts to same domain as requested site (same origin) or uses trickery*. * - Signed code, DNS Pinning attack, etc.
Extending • Ultimate goal: Make TCP Reset attacks work. • Make attack work from another client.
Tools • iptables • http://gnucitizen.org • dsniff • dnsspoof • webmitm
W 4140 Networking Laboratory Final Project: Wireless Network
Team Member • Matt (Yu-Ming Chang) • yc2345@columbia.edu • Yitao Wang • yw2226@columbia.edu • Alexandre Ling Lee • al2537@columbia.edu
Problem to be solved in this project: How to choose from the a access point with higher bandwidth?
The Goal of Phase I • Set up experimental environment. • Install and configure 2 wireless adapter on one laptop • Set up 2 access points • Build the network between the adapters and APs, analysis the traffic by looking into the captured packets
Analysis tools • iperf (end-to-end bandwidth measurement tool) voip clients such as yate http://yate.null.ro and the tools from Hennings web page for path measurement and characterization for VoIP. • Also, read about how 802.11a/b/g LAN/MAN Wireless standard works and some papers about multipath routing and tun http://vtun.sourceforge.net/tun/
Reference • http://vtun.sourceforge.net/tun/faq.html • http://yate.null.ro/pmwiki/index.php?n=Main.WhatsYate?
MiniDoS:Denial of Service Attacks Over Small Networks Al Hwang (ah2200) Mike Lynch (mtl2103) Cindy Liao (cl2229)
Project Objective • Investigate the resilience of network equipment and hosts against denial of service attacks in a small network. • To do this, we will existing malicious networking tools to
Phase 1 Goals • Research different types of DoS attacks: • SYN Floods, ACK Floods, ICMP Flood, Smurf Attacks • Testing attacks and documenting resilience of target hosts • Analyze means to improve effectiveness of attack.
Network Topology PC 1 hub Router1 PC 2 (Zombie) PC 3 (Zombie) Hub hub Router2 Router3 hub PC 4 (Master)
Tools • We will look into various published malicious tools to employ these attacks, including: • mstream – primitive tool, contains errors, but still causes significant disruption to network • trinoo – employs SYN attacks with encrypted communications between master and zombie attackers • TFN (Tribe Flood Network) – advanced tool that implements a number of different DoS attack methods
Research Papers • Security Analyses by Dr. David Dittrich (University of Washington): • “The ‘mstream’ Distributed Denial of Service Attack Tool” (http://staff.washington.edu/dittrich/misc/mstream.analysis.txt) • “The DoS Project's ‘trinoo’ Distributed Denial of Service Attack Tool” (http://staff.washington.edu/dittrich/misc/trinoo.analysis.txt) • “The ‘Tribe Flood Network’ Distributed Denial of Service Attack Tool” (http://staff.washington.edu/dittrich/misc/tfn.analysis.txt)
Research Papers (cont’d) • “DDoS Attacks and Defense Mechanisms: Classification and State-of-the-art” by Christos Douligeris and Aikaterini Mitrokotsa (Oct. 13, 2003) • Overview of DDoS attacks in general and concepts involved in preventing them
Project Outline/Proposal for: Project 3: Resilience of network equipment and hosts against Denial of Service Attacks (DoS)
Group composition • Roberto Martin (rrm2112@columbia.edu) • Darren Tang (tt2191@columbia.edu)
Main point of the entire project • The question we are trying to answer is: how resilient are networks against the DOS attacks (as will be defined)?
Phase 1 goals Phase1 (network level attacks) • As the project outline states this will involve Arp poisoning attacks and also router resilience to packet fragmentation and address spoofing. We will take the following approach to investigate these attacks: • Arp Poisoning • First we will clearly define what this means and investigate exactly how it is done. From this information we will gather all the tools needed to carry out such an attack, then we will experiment with this in the lab and observe the resilience of the switches. • Address Spoofing • Again we will clearly define what this means and as above gather tools needed to carry out and measure the effects of such attacks.
Tools being used • Ethereal (to view packets) • Ettercap (arp poisoning/spoofing)
Resources [1] Jelena Mirkovic, Sven Dietrich, David Dittrich, Peter Reiher. Internet Denial of Service: Attack and Defense Mechanisms, Prentice Hall, 2005. [2] Ettercap Web Page:http://ettercap.sourceforge.net/ [3] Ed Skoudis, Tom Liston Counter Hack Reloaded
Defence Mechanisms • 1. Use static ARP tables between important hosts (not very practical in most cases).2. Use ARPWatch to spot when someone is pulling off an ARP poisoning attack.
Securing Networks and CommunicationsVPN and Firewall Setup and Configuration Sharmini Ilankovan si2137@columbia.edu Sharmistha Roy sr2488@columbia.edu KaoFu Lai kl2252@columbia.edu