Week 3

7 files changed, 145 insertions, 0 deletions

diff --git a/netsec-assignment3-S4498062/exercise1 b/netsec-assignment3-S4498062/exercise1
new file mode 100644
index 0000000..62316b3
--- /dev/null
+++ b/netsec-assignment3-S4498062/exercise1
@@ -0,0 +1,23 @@
+a:  You send an IP packet with someone else's IP as source IP. For example, if some server holds a list with administrator IPs (that being the only protection), you could IP-spoof an administrator (assuming you know their IP) and do some stuff. However, in the most basic form you don't get the reply, because it's directed at the spoofed IP address.
+
+    You don't need to do anything special. Just send the packet. That does mean you need access to a somewhat lower level (you would need root rights). It would also be good to know the IP of the machine you want to pretend to be.
+
+b:  Both protocols have a checksum in the header that won't be valid any more after modifying the source IP address
+
+c:  The handshake:
+
+    Mallory             Alice               Bob
+    SYN-SENT    --->    LISTEN                          # the SYN, supposed to flood Alice
+                        SYN-RECEIVED  --->  ESTABLISHED # Alice SYN-ACKs the SYN to Bob
+                        ESTABLISHED   <---  ESTABLISHED # Bob could, depending on the implementation, ACK the SYN-ACK, establishing a connection
+
+    If the latter happens, the connection doesn't remain in the SYN queue, and as a result the SYN queue will never flood.
+
+d:  Mallory             Alice                           Gateway
+    SYN-SENT    --->    LISTEN
+                        SYN-RECEIVED  --find Ursula-->  FIND-URSULA
+                        LISTEN        <--unreachable--  NOT-FOUND
+
+    Alice will make an attempt to reach Ursula through a gateway using ICMP. The gateway however cannot find Ursula, and will respond with a `Destination Unreachable' ICMP message. Alice will then no longer expect to get her SYN-ACK to Ursula ACKed, so she will remove the connection from the SYN queue. Again, the SYN queue will never flood.
+
+e:  
diff --git a/netsec-assignment3-S4498062/exercise2 b/netsec-assignment3-S4498062/exercise2
new file mode 100644
index 0000000..e3506b5
--- /dev/null
+++ b/netsec-assignment3-S4498062/exercise2
@@ -0,0 +1,9 @@
+Server:
+    
+    # sed -i.bak 's/Port [[:digit:]]\+/Port 80/g' sshd_config
+    # service ssh restart
+
+Client:
+
+    $ ssh hostname:80
+
diff --git a/netsec-assignment3-S4498062/exercise3/exercise3a b/netsec-assignment3-S4498062/exercise3/exercise3a
new file mode 100644
index 0000000..b7d911a
--- /dev/null
+++ b/netsec-assignment3-S4498062/exercise3/exercise3a
@@ -0,0 +1,20 @@
+Note: I didn't notice in time I needed the homework network for this, so can't give any results. The output is example output from another network, at my home.
+
+# nmap -sP 192.168.84.1/24
+
+Starting Nmap 6.47 ( http://nmap.org ) at 2015-09-24 22:29 CEST
+Nmap scan report for ZyXEL.Home (192.168.84.1)
+Host is up (0.0034s latency).
+MAC Address: 4C:9E:FF:C5:63:E1 (ZyXEL Communications)
+Nmap scan report for 192.168.84.66
+Host is up (0.056s latency).
+MAC Address: A0:E4:53:44:EB:DA (Sony Mobile Communications AB)
+Nmap scan report for 192.168.84.68
+Host is up (0.0093s latency).
+MAC Address: 94:3B:B1:28:D8:6D (Kaonmedia)
+Nmap scan report for 192.168.84.70
+Host is up (0.0097s latency).
+MAC Address: B8:27:EB:22:C0:0E (Raspberry Pi Foundation)
+Nmap scan report for 192.168.84.75
+Host is up.
+Nmap done: 256 IP addresses (5 hosts up) scanned in 1.76 seconds
diff --git a/netsec-assignment3-S4498062/exercise3/exercise3b b/netsec-assignment3-S4498062/exercise3/exercise3b
new file mode 100644
index 0000000..a06f0ca
--- /dev/null
+++ b/netsec-assignment3-S4498062/exercise3/exercise3b
@@ -0,0 +1,22 @@
+# nmap -O 192.168.84.10         # (for example)
+
+Example output:
+
+Starting Nmap 6.47 ( http://nmap.org ) at 2015-09-24 22:30 CEST
+Nmap scan report for 192.168.84.10
+Host is up (0.000078s latency).
+Not shown: 997 closed ports
+PORT    STATE SERVICE
+25/tcp  open  http
+80/tcp  open  http
+111/tcp open  rpcbind
+443/tcp open  https
+Device type: general purpose
+Running: Linux 3.X
+OS CPE: cpe:/o:linux:linux_kernel:3
+OS details: Linux 3.7 - 3.15
+Network Distance: 0 hops
+
+OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 92.05 seconds
+
diff --git a/netsec-assignment3-S4498062/exercise3/exercise3c b/netsec-assignment3-S4498062/exercise3/exercise3c
new file mode 100644
index 0000000..49ba174
--- /dev/null
+++ b/netsec-assignment3-S4498062/exercise3/exercise3c
@@ -0,0 +1,54 @@
+All outputs are example outputs, generated on my own local network (mapping a raspberry pi with Raspbian; Linux pi 3.18.0-trunk-rpi #1 PREEMPT Debian 3.18.5-1~exp1+rpi19 (2015-08-08) armv6l GNU/Linux). See exercise3a.
+
+# nmap 192.168.84.10        # (for example); basic 1000 TCP ports scan
+
+Starting Nmap 6.47 ( http://nmap.org ) at 2015-09-24 22:36 CEST
+Nmap scan report for 192.168.84.75
+Host is up (0.0000040s latency).
+Not shown: 997 closed ports
+PORT    STATE SERVICE
+80/tcp  open  http
+111/tcp open  rpcbind
+443/tcp open  https
+# nmap -sS 192.168.84.10    # TCP SYN scan; only check handshake (doesn't need that many connections)
+
+Starting Nmap 6.47 ( http://nmap.org ) at 2015-09-24 22:44 CEST
+Nmap scan report for 192.168.84.75
+Host is up (0.000054s latency).
+Not shown: 997 closed ports
+PORT    STATE SERVICE
+80/tcp  open  http
+111/tcp open  rpcbind
+443/tcp open  https
+
+Nmap done: 1 IP address (1 host up) scanned in 89.55 seconds
+# nmap -sT 192.168.84.10    # TCP connect scan; if TCP SYN doesn't work
+
+Starting Nmap 6.47 ( http://nmap.org ) at 2015-09-24 22:46 CEST
+Nmap scan report for 192.168.84.75
+Host is up (0.00016s latency).
+Not shown: 997 closed ports
+PORT    STATE SERVICE
+80/tcp  open  http
+111/tcp open  rpcbind
+443/tcp open  https
+
+Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds
+# nmap -sU 192.168.84.10    # UDP
+
+Starting Nmap 6.47 ( http://nmap.org ) at 2015-09-24 22:46 CEST
+Nmap scan report for 192.168.84.75
+Host is up (0.000054s latency).
+Not shown: 995 closed ports
+PORT     STATE         SERVICE
+68/udp   open|filtered dhcpc
+111/udp  open          rpcbind
+631/udp  open|filtered ipp
+1900/udp open|filtered upnp
+5353/udp open|filtered zeroconf
+
+Nmap done: 1 IP address (1 host up) scanned in 187.41 seconds
+
+
+I would use others from the manual if these fail.
+
diff --git a/netsec-assignment3-S4498062/exercise3/exercise3d b/netsec-assignment3-S4498062/exercise3/exercise3d
new file mode 100644
index 0000000..a0f352a
--- /dev/null
+++ b/netsec-assignment3-S4498062/exercise3/exercise3d
@@ -0,0 +1,16 @@
+# nmap -sV 192.168.84.10
+
+Example output:
+
+Starting Nmap 6.47 ( http://nmap.org ) at 2015-09-24 22:40 CEST
+Nmap scan report for 192.168.84.10
+Host is up (0.0000090s latency).
+Not shown: 996 closed ports
+PORT    STATE SERVICE VERSION
+25/tcp  open  http    nginx 1.6.2
+80/tcp  open  http    nginx 1.6.2
+111/tcp open  rpcbind 2-4 (RPC #100000)
+443/tcp open  http    nginx 1.6.2
+
+Here, 25 is a non-standard port for HTTP. Normally, 25 is used for SMTP.
+
diff --git a/netsec-assignment3-S4498062/exercise4 b/netsec-assignment3-S4498062/exercise4
new file mode 100644
index 0000000..bad609e
--- /dev/null
+++ b/netsec-assignment3-S4498062/exercise4
@@ -0,0 +1 @@
+As explained last week: I spent a lot of time working on the homework network when something was wrong with it, and wasted a lot of my time for something that wasn't my fault. I don't have the time to now do it again (and, to be completely honest, don't think that would be reasonable). If you want to give me an NSI for that, well, we'll see what to do about that.