MN502 Laboratory 6: Application And Networking Based Attacks Assessment Answer

pages Pages: 4word Words: 890

Question :

MN502 Network Security

Laboratory 6: Application and Networking Based Attacks

Description of the laboratory exercise:

In this laboratory, you will conduct two experiments: Hosts File Attack and ARP Poisoning.

  • In first experiment, you will play with local host table
  • In the second experiment, you will use ARP table.
  • In the third experiment, you will simulate and analyse ARP spoofing using arpspoof tool and Wireshark

Exercises 1: Simulating Hosts File Attack

Substituting a fraudulent IP address can be done by either attacking the Domain Name System (DNS) server or the local host table. Attackers can target a local hosts file to create new entries that will redirect users to their fraudulent site. In this project, you will add a fraudulent entry to the local hosts file. 

Pre-work:

  1. Launch Virtual Box
  2. Launch your Win8.1 VM
  3. Do all your exercises in the VM

Steps:

  1. Start your web browser. 
  2. Go to the Cengage website at www.cengage.com and then go to Google at www.google.com to verify that the names are correctly resolved.
  3. Now search based on IP address. Go to http://69.32.133.11 for Cengage and http://13.82.28.61 for MSN. 
  4. Click Start and All Programs and then Accessories
  5. Right-click Notepad and then select Run as administrator
  6. Click File and then Open. Click the File Type drop-down arrow to change from Text Documents (*.txt) to All Files (*.*).
  7. Navigate to the file C:\Windows\System32\drivers\etc\hosts and open it. 
  8. At the end of the file enter 13.82.28.61. This is the IP address of MSN.
  9. Press Tab and enter www.cengage.com. In this hosts table, www.cengage.com is now resolved to the IP address of MSN, 13.82.28.61.
  10. Click File and then Save
  11. Open your web browser and then enter the URL www.cengage.com. What website appears? 
  12. Return to the hosts file and remove this entry. 
  13. Click File and then Save
  14. Close all windows.

Exercises 2: ARP Poisoning 

Attackers frequently modify the Address Resolution Protocol (ARP) table to redirect communications away from a valid device to an attacker’s computer. In this project, you will view the ARP table on your computer and make modifications to it. You will need to have another “victim’s” computer running on your network (and know the IP address), as well as a default gateway that serves as the switch to the network.

Pre-work:

  1. Launch Virtual Box
  2. Launch your Win8.1 VM
  3. Do all your exercises in the VM 

Steps:

  1. Open a Command Prompt window by clicking Start and typing Run and then pressing Enter.
  2. Type cmd and then press Enter to open a command prompt window. 
  3. To view your current ARP table, type arp -a and then press Enter. The Internet Address is the IP address of another device on the network while the Physical Address is the MAC address of that device.
  4. To determine network addresses, type ipconfig/all and then press Enter.
  5. Record the IP address of the default gateway.
  6. Delete the ARP table entry of the default gateway by typing arp -d followed by the IP address of the gateway, such as arp -d 192.168.1.1 and then press Enter.
  7. Create an automatic entry in the ARP table of the victim’s computer by typing ping followed by that computer’s IP address, such as ping 192.168.1.100, and then press Enter.
  8. Verify that this new entry is now listed in the ARP table by typing arp -a and then press Enter. Record the physical address of that computer.
  9. Add that entry to the ARP table by entering arp -s followed by the IP address and then the MAC address.
  10. Delete all entries from the ARP table by typing arp -d. 
  11. Close all windows.

Exercises 3: ARP Spoofing with Kali Linux 

How to do arp poisoning / spoofing with Kali Linux using arpspoof and wireshark 

Pre-work:

  1. Launch Virtual Box
  2. Launch your Kali VM
  3. Do all your exercises in the VM 

Steps:

  1. Find the IP address of victim (the PC next to your one in the lab) using ifconfig (on the victim’s machine)
  2. Now check the arp table (using arp command), it will show only router’s mac address.
  3. Ping the victim machine

ping Victim-IP

  1. Again check the arp table using the arp command. You will see the entry added in the arp cache.
  2. For arp poisoning / spoofing we have to set up IP forwarding. 

echo 1 > /proc/sys/net/ipv4/ip_forward

  1. Check your default gateway (using ip route command)
  2. Find the network interface (using ifconfig command)
  3. Now start the arp poisoning / spoofing using the following syntax

arpspoof -i eth0 -t victimIP -r DefaultGateway

-i is for interface.

-t is for target.

-r is for default gateway.

  1. Now start wireshark
  2. Browse some website on victims machine
  3. Now apply a display filter (http) on wireshark (on your machine) to sniff the http traffic on victim’s machine.
  4. Analyse some of the packet and document your finding.
Show More

Answer :

For solution, connect with our online professionals.