Monthly Archives: January 2024

 In this lab, students need to conduct attacks on the TCP/IP protocols. They can use the Netwox tools and/or other tools in the attacks. All the attacks are performed on Linux operating systems. However, instructors can require students to also conduct the same attacks on other operating systems and compare the observations. To simplify the “guess” of TCP sequence numbers and source port numbers, we assume that attackers are on the same physical network as the victims. Therefore, you can use sniffer tools to get that information. The following is the list of attacks that need to be implemented. 3.1 Task 1 : SYN Flooding Attack ` ` User Server SYN SYN+ACK ACK Active TCP Connection ` ` Attacker Server SYN Spoofed Addresses SYN+ACK ` Legitimate User SYN No Reply Normal TCP 3-way handshake between user and server SYN Flood: attacker sends many SYN to server without ACK. The server is not able to process request from legitimate user 1 2 3 4 1 2 3 Figure 2: SYN Flooding Attack SEED Labs – TCP/IP Attack Lab 4 SYN flood is a form of DoS attack in which attackers send many SYN requests to a victim’s TCP port, but the attackers have no intention to finish the 3-way handshake procedure. Attackers either use spoofed IP address or do not continue the procedure. Through this attack, attackers can flood the victim’s queue that is used for half-opened connections, i.e. the connections that has finished SYN, SYN-ACK, but has not yet gotten a final ACK back. When this queue is full, the victim cannot take any more connection. Figure 2 illustrates the attack. The size of the queue has a system-wide setting. In Linux, we can check the setting using the following command: # sysctl -q net.ipv4.tcp_max_syn_backlog We can use command “netstat -na” to check the usage of the queue, i.e., the number of halfopened connection associated with a listening port. The state for such connections is SYN-RECV. If the 3-way handshake is finished, the state of the connections will be ESTABLISHED. In this task, you need to demonstrate the SYN flooding attack. You can use the Netwox tool to conduct the attack, and then use a sniffer tool to capture the attacking packets. While the attack is going on, run the “netstat -na” command on the victim machine, and compare the result with that before the attack. Please also describe how you know whether the attack is successful or not. The corresponding Netwox tool for this task is numbered 76. Here is a simple help screen for this tool. You can also type “netwox 76 –help” to get the help information. Listing 1: The usage of the Netwox Tool 76 Title: Synflood Usage: netwox 76 -i ip -p port [-s spoofip] Parameters: -i|–dst-ip ip destination IP address -p|–dst-port port destination port number -s|–spoofip spoofip IP spoof initialzation type SYN Cookie Countermeasure: If your attack seems unsuccessful, one thing that you can investigate is whether the SYN cookie mechanism is turned on. SYN cookie is a defense mechanism to counter the SYN flooding attack. The mechanism will kick in if the machine detects that it is under the SYN flooding attack. You can use the sysctl command to turn on/off the SYN cookie mechanism: # sysctl -a | grep cookie (Display the SYN cookie flag) # sysctl -w net.ipv4.tcp_syncookies=0 (turn off SYN cookie) # sysctl -w net.ipv4.tcp_syncookies=1 (turn on SYN cookie) Please run your attacks with the SYN cookie mechanism on and off, and compare the results. In your report, please describe why the SYN cookie can effectively protect the machine against the SYN flooding attack. If your instructor does not cover the mechanism in the lecture, you can find out how the SYN cookie mechanism works from the Internet. 3.2 Task 2 : TCP RST Attacks on telnet and ssh Connections The TCP RST Attack can terminate an established TCP connection between two victims. For example, if there is an established telnet connection (TCP) between two users A and B, attackers can spoof a RST packet from A to B, breaking this existing connection. To succeed in this attack, attackers need to correctly construct the TCP RST packet. SEED Labs – TCP/IP Attack Lab 5 In this task, you need to launch an TCP RST attack to break an existing telnet connection between A and B. After that, try the same attack on an ssh connection. Please describe your observations. To simplify the lab, we assume that the attacker and the victim are on the same LAN, i.e., the attacker can observe the TCP traffic between A and B. The corresponding Netwox tool for this task is numbered 78. Here is a simple help screen for this tool. You can also type “netwox 78 –help” to get the help information. Listing 2: The usage of the Netwox Tool 78 Title: Reset every TCP packet Usage: netwox 78 [-d device] [-f filter] [-s spoofip] Parameters: -d|–device device device name {Eth0} -f|–filter filter pcap filter -s|–spoofip spoofip IP spoof initialization type {linkbraw} 3.3 Task 3 : TCP RST Attacks on Video Streaming Applications Let us make the TCP RST attack more interesting by experimenting it on the applications that are widely used in nowadays. We choose the video streaming application in this task. For this task, you can choose a video streaming web site that you are familiar with (we will not name any specific web site here). Most of video sharing websites establish a TCP connection with the client for streaming the video content. The attacker’s goal is to disrupt the TCP session established between the victim and video streaming machine. To simplify the lab, we assume that the attacker and the victim are on the same LAN. In the following, we describe the common interaction between a user (the victim) and some video-streaming web site: • The victim browses for a video content in the video-streaming web site, and selects one of the videos for streaming. • Normally video contents are hosted by a different machine, where all the video contents are located. After the victim selects a video, a TCP session will be established between the victim machine and the content server for the video streaming. The victim can then view the video he/she has selected. Your task is to disrupt the video streaming by breaking the TCP connection between the victim and the content server. You can let the victim user browse the video-streaming site from another (virtual) machine or from the same (virtual) machine as the attacker. Please be noted that, to avoid liability issues, any attacking packets should be targeted at the victim machine (which is the machine run by yourself), not at the content server machine (which does not belong to you). 3.4 Task 4 : TCP Session Hijacking The objective of the TCP Session Hijacking attack is to hijack an existing TCP connection (session) between two victims by injecting malicious contents into this session. If this connection is a telnet session, attackers can inject malicious commands (e.g. deleting an important file) into this session, causing the victims to execute the malicious commands. Figure 3 depicts how the attack works. In this task, you need to demonstrate how you can hijack a telnet session between two computers. Your goal is to get the the telnet server to run a malicious command from you. For the simplicity of the task, we assume that the attacker and the victim are on the same LAN. SEED Labs – TCP/IP Attack Lab 6 Note: If you use Wireshark to observe the network traffic, you should be aware that when Wireshark displays the TCP sequence number, by default, it displays the relative sequence number, which equals to the actual sequence number minus the initial sequence number. If you want to see the actual sequence number in a packet, you need to right click the TCP section of the Wireshark output, and select “Protocol Preference”. In the popup window, uncheck the “Relative Sequence Number and Window Scaling” option. The corresponding Netwox tool for this task is numbered 40. Here is part of the help screen for this tool. You can also type “netwox 40 –help” to get the full help information. You may also need to use Wireshark to find out the correct parameters for building the spoofed TCP packet. Listing 3: Part usage of netwox tool 40 Title: Spoof Ip4Tcp packet Usage: netwox 40 [-l ip] [-m ip] [-o port] [-p port] [-q uint32] [-B] Parameters: -l|–ip4-src ip IP4 src {10.0.2.6} -m|–ip4-dst ip IP4 dst {5.6.7.8} -o|–tcp-src port TCP src {1234} -p|–tcp-dst port TCP dst {80} -q|–tcp-seqnum uint32 TCP seqnum (rand if unset) {0} -H|–tcp-data mixed_data mixed data ` ` User Server ` Attacker Attacker hijacks the TCP session and sends “Z” to server on behalf of client Data: “A” Data: “Z” Seq No.: ? ACK 3-way Handshake Data: “B” ACK Sniffing Figure 3: TCP Session Hijacking Attack SEED Labs – TCP/IP Attack Lab 7 3.5 Task 5 : Creating Reverse Shell using TCP Session Hijacking When attackers are able to inject a command to the victim’s machine using TCP session hijacking, they are not interested in running one simple command on the victim machine; they are interested in running many commands. Obviously, running these commands all through TCP session hijacking is inconvenient. What attackers want to achieve is to use the attack to set up a back door, so they can use this back door to conveniently conduct further damages. A typical way to set up back doors is to run a reverse shell from the victim machine to give the attack the shell access to the victim machine. Reverse shell is a shell process running on a remote machine, connecting back to the attacker’s machine. This gives an attacker a convenient way to access a remote machine once it has been compromised. In the following, we will show how we can set up a reverse shell if we can directly run a command on the victim machine (i.e. the server machine). In the TCP session hijacking attack, attackers cannot directly run a command on the victim machine, so their jobs is to run a reverse-shell command through the session hijacking attack. In this task, students need to demonstrate that they can achieve this goal. 

In 200- 250 words

Learn About creating good password security.

An IT Security consultant has made three primary recommendations regarding passwords:

1. Prohibit guessable passwords
   • such as common names, real words, numbers only
   • require special characters and a mix of caps, lower case and numbers in passwords
2. Reauthenticate before changing passwords
   • user must enter old pw before creating new one
3. Make authenticators unforgeable 
   • do not allow email or user ID as password

Choose any two question (100-300 words).   

Discussion #1: How does prescriptive analytics relate to descriptive and predictive analytics? 

Discussion #2: Explain the differences between static and dynamic models. How can one evolve into the other?

 Discussion #4: Explain why solving problems under uncertainty some-times involves assuming that the problem is to be solved under conditions of risk.  

Discuss in 500 words or more the top 5 details that should be included in your cloud SLA.

 Assignment 1: 

According to Kirk (2016), most of your time will be spent working with your data. The four following group actions were mentioned by Kirk (2016):

· Data acquisition: Gathering the raw material

· Data examination: Identifying physical properties and meaning

· Data transformation: Enhancing your data through modification and consolidation

· Data exploration: Using exploratory analysis and research techniques to learn

Select 1 data action and elaborate on the actions preformed in that action group.

Textbook is attached, “Andy Kirk – Data Visualisation_ A Handbook For Data Driven Design-Sage Publications (2019)”.

Requirement: 

· ****Separate word document for each assignment****

· Minimum 300-350 words. Cover sheet, abstract, graphs, and references does not count.

· Add reference separately for each assignment question.

· Strictly follow APA style. 

· Include at least two citations (APA) from academic resources

· No plagiarized content please! Attach a plagiarized report.

· Check for spelling and grammar mistakes!

· $5 max. Please bid if you agree.

Assignment 2: 

Assume you are a security professional. You are determining which of the following backup strategies will provide the best protection against data loss, whether from disk failure or natural disaster:

· Daily full server backups with hourly incremental backups

· Redundant array of independent disks (RAID) with periodic full backups

· Replicated databases and folders on high-availability alternate servers

Answer the following question(s):

Which backup strategy would you adopt? Why?

Requirement: 

· ****Separate word document for each assignment****

· Minimum 300-350 words. Cover sheet, abstract, graphs, and references does not count.

· Add reference separately for each assignment question.

· Strictly follow APA style. Length – 2 to 3 paragraphs. 

· Sources: 2 References to Support your answer

· No plagiarized content please! Attach a plagiarized report.

· Check for spelling and grammar mistakes!

· $5 max. Please bid if you agree.

The rising importance of big-data computing stems from advances in many different technologies.  Some of these include:

• Sensors
• Computer networks
• Data storage
• Cluster computer systems
• Cloud computing facilities
• Data analysis algorithms

How does these technologies play a role in global computing and big data?

Objective

You are to implement a simple database using a sorted file of fixed length records. The data that you are to use for testing is in file: Parks.csv Windows compatible (cr lf). This data contains the visitation records for the US National Parks from 1904 to 2016.. The goal of this assignment is to understand and practice using file management techniques to implement a database system. Your file-based database needs to handle overflow by writing records to an overflow file that contains unsorted records.

First, create a file of fixed length records from the data provided interleaved with blank records. Your file should create space for insertions by writing one blank record between each real record. Meta-information should be stored in a non-fixed length way in a separate configuration file, e.g., “Parks.config”. The config file must also store useful data like the names of the fields (for display), the number of records, and anything else you would want to add.

So, the initial file will have 764 records, half of which are blank. When a record is inserted, the file is searched (using binary search) to find the correct location. If there is a blank record where the new record needs to go, then the blank record is simply overwritten. However, if there is no empty record available in the correct location, the original file should be re-written with new blanks inserted, including after the new record. For example, if we do 3 inserts into blank records, we would now have 385 real records in our file of 764 total records. If the next insert fails, we would create a new file with 770 total records in it (the 385 real records, each with one blank record after it).

You must not read the whole data file into memory at a time

Program Description

Create a program which offers the user the following menu of operations:

1) Create new database
2) Open database
3) Close database
4) Display record
5) Update record
6) Create report
7) Add record
8) Delete record
9) Quit

 You’re being provided with a 10 year data set of weather data of min max temperatures and rainfall as collected at Raleigh-Durham International Airport by NOAA. – The data set contains the dates of readings in oF, and rainfall in inches – Dates are in generic number format with 1/1/2007 = 39083 – Dates are non-sequential • Construct an Excel solution that evaluates the data set and finds the following. – The average monthly temperatures. – Total monthly rainfall 

Below is the Dataset

Briefly respond to all the following questions. Make sure to explain and backup your responses with facts and examples. This assignment should be include at least two references.

As you consider the reputation service and the needs of customers or individual consumers, as well as, perhaps, large organizations that are security conscious like our fictitious enterprise, Digital Diskus, what will be the expectations and requirements of the customers? Will consumers’ needs be different from those of enterprises? Who owns the data that is being served from the reputation service? In addition, what kinds of protections might a customer expect from other customers when accessing reputations?

HTML programming

Create a Design Document, outlining a website with at least 5 pages demonstrating the content from this course, relating to an interest or hobby the student has. 

Include:

· Brief Description of the following pages, including a layout mockup and a color palette 

o 1 text/terms 

o 1 images 

o 1 multimedia page 

o 1 links page 

o 1 user designed