This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006 - 2009 Wenliang Du, Syracuse University. The development of this document is funded by the National Science Foundation’s Course, Curriculum, and Laboratory Improvement (CCLI) program under Award No. 0618680 and 0231122. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation. A copy of the license can be found at http://www.gnu.org/licenses/fdl.html. 1 Lab Overview The learning objective of this lab is for students to gain the first-hand experience on the vulnerabilities of TCP/IP protocols, as well as on attacks against these vulnerabilities. The vulnerabilities in the TCP/IP protocols represent a special genre of vulnerabilities in protocol designs and implementations; they provide an invaluable lesson as to why security should be designed in from the beginning, rather than being added as an afterthought. Moreover, studying these vulnerabilities help students understand the challenges of network security and why many network security measures are needed. Vulnerabilities of the TCP/IP protocols occur at several layers. 2 Lab Environment 2.1 Environment Setup Network Setup. To conduct this lab, students need to have at least 3 machines. One computer is used for attacking, the second computer is used as the victim, and the third computer is used as the observer. Students can set up 3 virtual machines on the same host computer, or they can set up 2 virtual machines, and then use the host computer as the third computer. For this lab, we put all these three machines on the same LAN, the configuration is described in the following: Machine 1 Machine 2 Machine 3 192.168.0.122 192.168.0.123 192.168.0.124 | | | |_______________________|_______________________| | LAN or Virtual Network | | Gateway 192.168.0.1 | |_______________________________________________| | Internet Operating System. This lab can be carried out using a variety of operating systems. Our pre-built virtual machine is based on Ubuntu Linux , and all the tools needed for this lab are already installed. If you prefer to use other Unix operating systems, such as Fedora , you should feel free to use them; however, some of the commands used in this lab description might not work or exist in other operating systems. Netwox Tools. We need tools to send out network packets of different types and with different contents. We can use Netwag to do that. However, the GUI interface of Netwag makes it difficult for us to auto- Laboratory for Computer Security Education 2 mate our process. Therefore, we strongly suggest that students use its command-line version, the Netwox command, which is the underlying command invoked by Netwag ....
View Full Document
- Three '09
- Computer Security, Transmission Control Protocol, TCP session, security education, TCP RST, Computer Security Education