1 / 64

W4140 Network Laboratory Lecture 8 Oct 30 - Fall 2006 Shlomo Hershkop Columbia University

W4140 Network Laboratory Lecture 8 Oct 30 - Fall 2006 Shlomo Hershkop Columbia University. Announcements. Last lab will be due next week due to hardware issues will be working on it today: Group presentations please save questions for end if you have an idea, please share

jaron
Download Presentation

W4140 Network Laboratory Lecture 8 Oct 30 - Fall 2006 Shlomo Hershkop Columbia University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. W4140 Network LaboratoryLecture 8Oct 30 - Fall 2006Shlomo HershkopColumbia University

  2. Announcements • Last lab will be due next week due to hardware issues • will be working on it • today: Group presentations • please save questions for end • if you have an idea, please share • need to coordinate between groups/racks

  3. Here are the group presentations

  4. Virtual Private Networks Gilbert Hom (gch2102@columbia.edu) Mohit Vazirani (mcv2107@columbia.edu) Eric Zhang (ehz2101@columbia.edu)

  5. Purpose • Learn about how VPNs establish secure channels in a volatile and inherently insecure environment • Explore VPN options in Windows and Linux and learn about how different implementations interact

  6. Phase 1 Goals • Set up a VPN server and several VPN clients • The VPN server will run Windows 2000/2003 Server; the clients will run Windows XP • Observe traffic flow and encryption between machines with Ethereal/tcpdump

  7. Network Setup Router2 E0/0: 10.0.2.2/24 E0/1: 10.0.3.1/24 PC3 E0/0: 10.0.4.4/24 Server/PC1 E0/0: 10.0.1.11/24 Router4 E0/0: 10.0.3.4/24 E0/1: 10.0.4.1/24 Hub Hub PC4 E0/0: 10.0.4.3/24 Router1 E0/0: 10.0.1.1/24 E0/1: 10.0.2.1/24 Router3 E0/0: 10.0.2.3/24 E0/1: 10.0.3.2/24 PC2 E0/0: 10.0.4.2/24 This topology simulates the internet: The server and clients are on different subnets, and there may be multiple paths available to the server from the client.

  8. Tools • Windows 2000 Server, Windows XP – Built-in support for VPN connections and firewalls through network configuration options • Linux – Openswan (Open source IPsec implementation for Linux) for VPN and iptables for firewalling • Ethereal – To monitor network traffic and verify that the communication is encrypted. • OpenSSL – To generate certificates needed for authentication.

  9. Research Papers • M. Blaze, J. Ioannidis, and A. Keromytis. “Trust Management and Network Layer Security Protocols.” In Proceedings of the 1999 Cambridge Security Protocols International Workshop, 1999. http://citeseer.ist.psu.edu/643312.html • R. Gawlick, C. Kamanek, and K.G. Ramakrishnan. “On-line routing for virtual private networks.” Unpublished manuscript, February 1994. http://citeseer.ist.psu.edu/186679.html

  10. Man-in-the-middle Attackusing ARP Poisoning Arezu Moghadam (amm2141) Armando Ramirez (alr2106) Mark Tabry (met2105)

  11. Project Objective • ARP protocol insecure by design • Possible to impersonate routers/clients • Nature of wireless networks compound the problem • Inject our attacker between client and router, and manipulate traffic

  12. Phase One Goals • Poison ARP caches of router and client • Set up attacker’s IP forwarding • Man-in-the-middle without analysis or data manipulation

  13. Phase Two Goals • Actively intercept and reply to HTTP requests • If time, attack other protocols

  14. AP Client Attacker Network Setup To router I am router I am client

  15. AP Client Attacker Network Setup To router

  16. Systems and Tools • Laptop with Linux kernel (attacker) • Linux IP forwarding • Linux library for packet construction • libnet? • Interest Lab Access Point/Client • Network Sniffer • Ethereal

  17. Research Papers • S. Manwani. ARP cache poisoning prevention and detection. Technical report, Faculty of Computer Science, San Jose State University, December 2003.

  18. StealingWireless HTTPS Auth Casey Callendrello Eric Garrido {cdc2107,ekg2002}@columbia.edu

  19. The Big Idea • Use the inherent insecurity in wireless networking to steal passwords. • Exploit HTML vulnerabilities to silently grab passwords.

  20. What’s the problem with WiFi? • You have no idea where your packets are going or where they’re coming from. • Anybody can name their AP “Columbia University”

  21. Phase 1 Goal • Using a Linux PC, impersonate an AP • Intercept traffic and insert HTML exploits. Use these to capture passwords • Two “exploit vectors” • DNS hijacking • Man-in-the-middle HTML injection

  22. Exploit • Send a bogus DNS response to a website we control. • Man in the middle attack • Send a TCP reset to the server • Send traffic to the client with our exploit

  23. Javascript • Simply sends us keypresses. • Posts to same domain as requested site (same origin) or uses trickery*. * - Signed code, DNS Pinning attack, etc.

  24. Setup

  25. Extending • Ultimate goal: Make TCP Reset attacks work. • Make attack work from another client.

  26. Tools • iptables • http://gnucitizen.org • dsniff • dnsspoof • webmitm

  27. W 4140 Networking Laboratory Final Project: Wireless Network

  28. Team Member • Matt (Yu-Ming Chang) • yc2345@columbia.edu • Yitao Wang • yw2226@columbia.edu • Alexandre Ling Lee • al2537@columbia.edu

  29. Problem to be solved in this project: How to choose from the a access point with higher bandwidth?

  30. The Goal of Phase I • Set up experimental environment. • Install and configure 2 wireless adapter on one laptop • Set up 2 access points • Build the network between the adapters and APs, analysis the traffic by looking into the captured packets

  31. Analysis tools • iperf (end-to-end bandwidth measurement tool) voip clients such as yate http://yate.null.ro and the tools from Hennings web page for path measurement and characterization for VoIP. • Also, read about how 802.11a/b/g LAN/MAN Wireless standard works and some papers about multipath routing and tun http://vtun.sourceforge.net/tun/

  32. Reference • http://vtun.sourceforge.net/tun/faq.html • http://yate.null.ro/pmwiki/index.php?n=Main.WhatsYate?

  33. MiniDoS:Denial of Service Attacks Over Small Networks Al Hwang (ah2200) Mike Lynch (mtl2103) Cindy Liao (cl2229)

  34. Project Objective • Investigate the resilience of network equipment and hosts against denial of service attacks in a small network. • To do this, we will existing malicious networking tools to

  35. Phase 1 Goals • Research different types of DoS attacks: • SYN Floods, ACK Floods, ICMP Flood, Smurf Attacks • Testing attacks and documenting resilience of target hosts • Analyze means to improve effectiveness of attack.

  36. Network Topology PC 1 hub Router1 PC 2 (Zombie) PC 3 (Zombie) Hub hub Router2 Router3 hub PC 4 (Master)

  37. Tools • We will look into various published malicious tools to employ these attacks, including: • mstream – primitive tool, contains errors, but still causes significant disruption to network • trinoo – employs SYN attacks with encrypted communications between master and zombie attackers • TFN (Tribe Flood Network) – advanced tool that implements a number of different DoS attack methods

  38. Research Papers • Security Analyses by Dr. David Dittrich (University of Washington): • “The ‘mstream’ Distributed Denial of Service Attack Tool” (http://staff.washington.edu/dittrich/misc/mstream.analysis.txt) • “The DoS Project's ‘trinoo’ Distributed Denial of Service Attack Tool” (http://staff.washington.edu/dittrich/misc/trinoo.analysis.txt) • “The ‘Tribe Flood Network’ Distributed Denial of Service Attack Tool” (http://staff.washington.edu/dittrich/misc/tfn.analysis.txt)

  39. Research Papers (cont’d) • “DDoS Attacks and Defense Mechanisms: Classification and State-of-the-art” by Christos Douligeris and Aikaterini Mitrokotsa (Oct. 13, 2003) • Overview of DDoS attacks in general and concepts involved in preventing them

  40. Project Outline/Proposal for: Project 3: Resilience of network equipment and hosts against Denial of Service Attacks (DoS)

  41. Group composition • Roberto Martin (rrm2112@columbia.edu) • Darren Tang (tt2191@columbia.edu)

  42. Main point of the entire project • The question we are trying to answer is: how resilient are networks against the DOS attacks (as will be defined)?

  43. Phase 1 goals Phase1 (network level attacks) • As the project outline states this will involve Arp poisoning attacks and also router resilience to packet fragmentation and address spoofing. We will take the following approach to investigate these attacks: • Arp Poisoning • First we will clearly define what this means and investigate exactly how it is done. From this information we will gather all the tools needed to carry out such an attack, then we will experiment with this in the lab and observe the resilience of the switches. • Address Spoofing • Again we will clearly define what this means and as above gather tools needed to carry out and measure the effects of such attacks.

  44. Network Topology 1

  45. Network Topology 2

  46. Tools being used • Ethereal (to view packets) • Ettercap (arp poisoning/spoofing)

  47. Resources [1] Jelena Mirkovic, Sven Dietrich, David Dittrich, Peter Reiher. Internet Denial of Service: Attack and Defense Mechanisms, Prentice Hall, 2005. [2] Ettercap Web Page:http://ettercap.sourceforge.net/ [3] Ed Skoudis, Tom Liston Counter Hack Reloaded

  48. Defence Mechanisms • 1. Use static ARP tables between important hosts (not very practical in most cases).2. Use ARPWatch to spot when someone is pulling off an ARP poisoning attack.

  49. Securing Networks and CommunicationsVPN and Firewall Setup and Configuration Sharmini Ilankovan si2137@columbia.edu Sharmistha Roy sr2488@columbia.edu KaoFu Lai kl2252@columbia.edu

More Related