Computer Security- PROJECT LAB WORK

Purpose: For this lab, we will be creating a basic webpage and apply DoS/DDoS attack on it. Then, we will be monitoring the network through an Intrusion Detection System (IDS). Last, we will be adding a simple firewall rule to block the attacker by denying the IP. 1. Initial Steps We will be using the same VM we have used in the previous labs. First thing first, we need to update and upgrade the system sudo apt update sudo apt upgrade From your host, check your connection with SSH and make sure that the VM has an IP from DHCP server – for this, you need to make sure that the VirtualBox configuration for the VM network is set to the bridged. 2. Create a basic webpage Now, we will create a basic webpage using Apache webserver. Install apache: sudo apt install apache2 When you visit localhost from your browser (just enter localhost in your browser), you should be able to see some information about Apache webserver (it should say "Apache2 Ubuntu Default Page"). Now, let's put some basic content. Let's download this image: [login to view URL] content/uploads/2019/05/[login to view URL] Please copy the figure under /var/www/html/ Now, we need to update [login to view URL] in /var/www/html using the following code: <html> <head> <title>Basic DoS test</title> </head> <body> <p>This is our webserver <figure> <img src="[login to view URL]" alt="UNT"> <figcaption>Welcome to our webpage</figcaption> </figure> </body> </html> From the browser's private mode (or incognito mode) in your VM, please visit localhost again. Now, you should be able to see the UNT figure there. The main reason why we will be using the private mode in our browser from now on is not to have any cache stored in the browser; otherwise, we will have to clean our cache. If you are able to see the figure and webpage correctly, let’s move to the next step. From your host machine, when you open (from private mode or incognito of your browser), visit your VM using its IP. If you are able to see the figure and webpage correctly, let’s move to the next step. (Question 1) Provide a screenshot of it. 3. Monitor network traffic Now, we will be monitoring the traffic from the host to the VM. In case it is not installed at the moment, make sure that you have Wireshark installed. sudo apt-get install wireshark sudo wireshark Make sure that you are able to monitor the traffic from your host to the VM using Wireshark. You can use the IP filtering for this. (Question 2) Provide a screenshot. (Question 3) Explain in details what kind of traffic you can observe when you visit the VM from your host (i.e., what protocols, what ports, how many packets). If you are able to monitor the traffic, we can move on to apply some attack. 4. Running TCP SYN flood attack We will be using Hping3 to execute our TCP Syn flooding attack – we will run the attack from our host machine to the VM. First, let’s install Hping3: If your host is Ubuntu as well, you can install it easily by: apt-get install hping3 For Mac, you can use brew install hping For Windows, you can download it from [login to view URL] (an older version) Now, you need to run TCP Syn flooding using HPing3 – search for the right command. However, you need to make sure that you are running the attack on port 80 and you are not changing the source IP (not random source). (Question 4) Provide your command and explain why you have chosen it and how it works (you need to explain each parameter). While running the attack, you will be seeing a large amount of traffic on the VM; (Question 5) verify this by providing a screenshot. (Question 6) Observe the packets and verify how you are running TCP SYN flooding and explain it.