Lab 7: TCP Network Attacks

SYN flooding, TCP reset, and TCP hijack

Due Thursday November 10th

Overview

The learning objective of this lab is for students to gain first-hand experience on vulnerabilities, as well as on attacks against these vulnerabilities. Wise people learn from mistakes. In security education, we study mistakes that lead to software vulnerabilities. Studying mistakes from the past not only help students understand why systems are vulnerable, why a “seemly-benign” mistake can turn into a disaster, and why many security mechanisms are needed. More importantly, it also helps students learn the common patterns of vulnerabilities, so they can avoid making similar mistakes in the future. Moreover, using vulnerabilities as case studies, students can learn the principles of secure design, secure programming, and security testing. The vulnerabilities in the TCP/IP protocols represent a special genre of vulnerabilities in protocol designs and implementations; they provide an invaluable lesson as to why security should be designed in from the beginning, rather than being added as an afterthought. Moreover, studying these vulnerabilities help students understand the challenges of network security and why many network security measures are needed.

Setup

You will utilize docker to emulate users communicating over a network. You will need to git pull to pull the most recent changes from the course github. Within the TCP_attacks folder, you can find the docker-compose file and the python files for this lab.

Instructions

Lab 2 instructions: https://www.cs.montana.edu/pearsall/classes/fall2022/476/labs/Lab7.pdf

Follow the instructions above and complete the tasks in your SEED Labs VM. Your solutions/output/observations will all be put into a lab report. See the next sections for the lab report.

Lab report expectations

The lab report is to help me see that you did the lab and followed the instructions. For each task, you should include a screenshot to show you completed the task. If the task asks you to write down observations, you should also include those in your lab report. For the tasks that requires you to do some thinking and find ways to exploit a program, you should write a brief description about your approach and the steps you took to get your output.

This is a lab report taken from a previous offering of this course. This is a good example of how you should format your lab report: https://www.cs.montana.edu/pearsall/classes/fall2022/476/labs/SampleLabReportFormat.pdf