The assessment is divided into three questions related to packet capture and analysis, Cryptography and Denial of Service Attack Research. To complete the assessment, Virtual box software is required as it will provide a virtual environment. In the assessment, virtnet topology 5 will be used for performing the interception attack. All questions provided in the assessment will be solved by using the same topology 5.
Question 1: -
The question 1 is based on interception attacks which is needed to be performed by using the virtnet topology 5. In the virtual box, a base iso file is available on the link https://sandilands.info/sgordon/virtnet. From the same link, virtnet topology 5 can be downloaded. Description about the topologies are provided on the website link provided above. There are 4 phases required to complete the question 1 i.e. setup, intercept UDP application traffic, intercept TCP application traffic and analysis. In the phase 1, the virtnet topology 5 is deployed i.e. node 1 will act as a client, node 2 and node 3 will act as a router and server. On router node3, tcpdump command will be executed to collect the packets transferred between the client and server. In phase 2, the netcat is started to capture the UDP server and UDP client. The attacker will capture and save the file as studentID-udp.pcap. In the phase 3, the TCP application traffic will be captured by running netcat command. In the phase 4, the files will be saved with provided name and a message sequence diagram will be created as per the request accepted.
Question 2: -
The question 2 is based on cryptography and the openssl is used to perform the cryptographic operations. During performing cryptographic operations, the users are needed to be careful because a small mistake will make the users to re-implement the practical. To complete the task, there are 4 phases which is needed to go through. In the phase 1, the user is needed to generate public/private key pair. For generating the key, openssl operations are used which are time consuming. Due to which the course coordinator has provided the keypair.pem file. In phase 2, messages are provided that is encrypted along with encryption key. The student will require to decrypt the message. To gain marks, the users are required to provide the screenshot of each message file. In the phase 4, results are required to analysed.
Question 3: -
In question 3, the users are needed to research about denial of service attack. A denial of service is an attack through which the services of system are denied from performing their functions. In the question, a diagram is needed for explaining the entities of DoS like target etc. Also, the assessment is required to have mitigation strategies to reduce the impact of ping flooding attacks (a type of DoS attack).
There are three parts in the assessment i.e. interception, cryptography, and denial of service. In interception attack, the packets are captured for the TCP and UDP application. In cryptography section, the openssl operations are executed to perform encryption and decryption. In denial of service, ping flooding attack is analysed and identified the mitigation techniques to reduce the impact.