Complete the "TCP/IP Attack Lab from the Syracuse SEED Labs. You do not need to do Task 3 (TCP RST attacks on Video Stream Applications).
Note that this lab requires multiple virtual machines running simultaneously. Each virtual machine can run with just 1GB of RAM, but with three VMs running simultaneously you will have problems on a machine with less than 8GB RAM. It is perfectly acceptable to do this lab with just two VMs, with the “attacker” tasks being executed on the client or server VMs. That’s a little less realistic, but you use and see all the same concepts.
Note: You really need to do this on your own system so that you can use GUI tools like Wireshark. If you don’t have a system that can support the necessary VMs, come talk to me and we’ll figure something out.
Tip: Make sure you follow the instructions in the SEED Lab VirtualBox setup manual for setting up multiple virtual machines (Appendix B). To make your work a little easier, you should look into the “Customization” directory on the SEED Lab VMs to make each VM look a little different (visual cues are very helpful!). Note that one step is missing: To install the custom icons in the Launch bar, the .desktop
files must be executable. Just go into the Customization
directory and execute the command “chmod a+x *.desktop
” to fix this problem.
And finally: Everything in this lab can be done with the netwox
tool automating the attacks. For up to 25 points extra credit, do the exercises by programming your own attacks using Scapy. Some of the information you need is in the SEED Lab, but you’ll need to do some tutorials to see how to make Scapy work (and you’ll need to be able to write simple Python programs). Note that a lot of modern security and penetration testing tools require using Python to script advanced attacks, so this is a very beneficial exercise if you have the time to take it on!