Tasks related to h6 presentations Scoring - 1 point per problem for trying it out and reporting results. Partial credit if you don't get it working. Due by May 9. 1 - MAC address randomization * Is it possible to turn on MAC address randomization on your device(s)? + Moto x4, Android 9 - Default is to use random MAC address when scanning for access points, and use the "real" global MAC address after connecting - Turn on developer mode options - https://wccftech.com/how-to-enable-android-9-0-pie-developer-options-tutorial/ - Then it is an option in the developer options. - Verify: before turning it on, check your MAC address. After turning it on, turn off/on wireless and check your MAC address again. - Does it make anything not work? = For Jeff, home kid internet filter (which uses MAC address to decide what a device is allowed to do) = Seems to require reboot to revert back to just using global MAC address + MacOS X - https://osxdaily.com/2008/01/17/how-to-spoof-your-mac-address-in-mac-os-x/ - It apppears that MacOS randomization is not included as part of MacOS but can be done by third-party programs. - It also appears that MAC spoofing overall was disabled in some versions of MacOS X - https://stackoverflow.com/questions/52421789/cant-spoof-mac-address-in-a-macbook 2 - MAC address change / ARP spoofing * Can you change your MAC address to a specific value on your system? + See MAC Spoofing slides in General channel in Teams + Open wireshark, filter for ARP + Change your MAC to something not on the network right now, check in wireshark that you see this MAC address come up in wireshark + Change your MAC to something that is already on the network, look in wireshark to see what happens - do both devices compete for listing themselves with this MAC? Also, what is behavior on the two devices - does the internet still seem to work? + Mac OS X - https://osxdaily.com/2008/01/17/how-to-spoof-your-mac-address-in-mac-os-x/ - get current MAC address: sudo ifconfig en0 ether - set MAC address: sudo ifconfig en0 ether [new:mac:address] - Tested host being MacOS X, target being phone Android 9 = before changing MAC, laptop 100Mbps download 10Mbps upload, phone 50Mbps download 10Mbps upload = change MAC on laptop to match phone phone .9 Mbps download .4 Mpbs upload laptop internet speed test fails turn off phone wifi, laptop works fine on spoofed MAC change MAC of laptop back to normal, both devices work normal again = conclusion: can spoof MAC address, both devices severely impacted 3 - ARP spoofing, ettercap * Install ettercap and use it to target one of the systems on your network * Verify that targeting is working by observing change in behavior on that device * See https://sycamoresindstate-my.sharepoint.com/:p:/g/personal/akumar3_sycamores_indstate_edu/EeKbG66qLF9LgvLmKwvL6R0Bk_h4ls69iWfwykAhPH0EjA?e=ebrNxJ * Scan for a host, ARP spoofing for that host 4 - IP spoofing * Set a static IP address for your system, and change it to something that is not on your network * Verify in wireshark that you see the changed IP address. Does everything still work? * Now set static IP to an address that is already in use. Does everything still work on both systems? What does it look like in wireshark - do you see both systems repeatedly sending ARP messages to claim this IP address? * Testing on MacOS X Catalina, Android 9 + Discover which IP addresses are in use: sudo nmap -sn 10.0.0.1/24 + Change IP address to that of phone: https://www.macinstruct.com/node/550 = IP address of the laptop does not actually change until turn off wifi, turn back on on the laptop network on the phone remains okay, not useable on the laptop turn off network on phone, network on laptop becomes useable/normal with phone's IP address turn phone network back on, it gets its IP address again, network on phone is okay, network on laptop is not useable again put laptop back to DHCP, it gets its old IP address and internet is normal again = In wireshark, use filter arp.src.hw_mac == (host MAC) - to see just the ARP messages from the host What I see on my laptop: turn off / turn on, it sends ARP to ask who has the IP address I am trying to target, it gets an answer from my phone and then doesn't do anything else - seems to check if it's IP address is in use, and when it finds that it is then it doesn't do anything Note - it seems that macos is playing nice and basically stopping once it finds another system with the same IP address. Is the behavior different if we change it's IP address with PentMenu or ettercap? = In wireshark, use filter arp.src.proto_ipv4 == 10.0.0.12 (or arp.dst.proto_ipv4, and use IP address you are using) 5 - IP spoofing, pentmenu * Try out pentmenu to spoof IP address * Does it work? 6 - DoS, stress testing * Try out JMeter to stress test network/systems, DoS 7 - DoS, ping flood * For two systems on your home network, try out a ping flood sudo ping -f IP_ADDRESS_ON_LOCAL_NETWORK For example, try ping flooding your phone. Run an internet speed test on the phone before doing the ping flood, and run it during the ping flood. What is the speed in both cases? Try running two copies of the ping flood at once, in two different terminals, and see if the speed test is the same or not. * Does your home router or switch have settings that allows you to block a certain IP address or MAC address? If yes, try running the ping flood with the IP or MAC of the attacker blocked, and how does the internet speed on the target behave? 8 - nmap * Use the nmap program to check on a given system which ports are open nmap 192.168.1.28 would check for that IP address nmap google.com would check google.com nmap 192.168.1.0/24 would scan every system on your home network, assuming you are on a subnet that uses the last byte of the IP address. nmap -sS 192.168.1.28 checks more ports but requires root permissions. nmap -p 22 192.168.1.28 checks the specific port 22 to see if it is open. Note that you can try this on the CS systems if you don't have it on your computer. Note that you can download a copy to run on Windows and MacOS as well. * If you scan your router, which ports are open? * Same question for your phone and laptop/desktop?