Lab6 - network attacks

From Inforail
Jump to: navigation, search

Warning

  • These projects can cause trouble to those who own the target servers, in the worst case - you can get your ass kicked really hard.
  • You must run these attacks against your own test-computers in the LAN, or in virtual machines running on top of your systems. It is strongly discouraged to test these on real servers, or on the servers of unsuspecting civilians.
  • It is not a good a bad idea to test this on servers of Moldova's government institutions; there are plenty of competent people at SIS and CTS.

Recommended testing procedure

There is an easy way to measure the effects of an attack, either using a test machine in your network, or a virtual machine running on the same system as the attacking program itself.

  • make a list of metrics, typically you'll be interested in:
    • CPU use
    • RAM use
    • size of the swap file
    • number of network connections
    • bandwidth used
  • take a snapshot of the system's resources at the time when the attack is not running
  • start the attack
  • observe how the resources are consumed

In the case of a virtual machine - use a RAM and disk space quota to restrict the amount of memory available (such that the virtual machine will become unresponsive due to lack of resources).

Draw a chart that shows how resource consumption varies in time, or as a function of the attack's settings (number of threads, payload size, upload speed, etc).

If you are able to show a clear correlation between the attacking mechanism and the target system - you've proved your point. The application of the attack in real world scenarios will be left as an exercise to the reader'


Implementation notes

Some attack types may not be successfully implemented on certain platforms, which may impose a limit on the maximum number of outgoing network connections. In such cases:

  • use a different platform, with relaxed constraints (or one that can be reconfigured)
  • stick to your current platform, hopefully you will be able to notice an effect on the target before you bump into the constraints
  • You can use libraries designed to make it easy to generate custom packets, such as ScaPy.

Keywords

network, client, server, TCP, IP, sockets, attack, denial of service, DoS


Objective

Learn how to use the network as an attack vector.

Choose one of the three attacks below:

TCP SYN flood

  • Due to the fact that it is a pretty old attack method, modern systems are immune to it out of the box. To conduct such tests and successfully bring the target down, it is a good idea to set up a test-machine with an old version of an operating system, known to be prone to SYN floods.
  • http://en.wikipedia.org/wiki/Syn_flood

HTTP Slowloris

HTTP slow POST


Grading policy

Do, or do not - there is no try. Implement it, document it and comment it and get a 10.

Besides the usual requirements, the report must include:

  • diagrams or data tables that illustrate the load of the target as the attack proceeds
  • conclusions that describe:
    • how to amplify the effect of the attack, and in which cases the attack is more effective
    • recommendations for developers and system administrators, that will help them avoid such attacks (or minimize the damage)


References