[SOLVED] Ece404 introduction to computer security: homework 08

This assignment marks the start of the system/protocol side of ECE404. The goal of this assignment is to give you a deeper understanding of the transport control protocol (TCP) and its vulnerabilities to denial-of-service (DoS) attacks. As always, please read the homework document in its entirety before coming to office hours with your questions. The teaching staff have spent a long time writing the assignment to cover many common questions you might have. 2 Problem 1 Write a Python object-oriented program that scans a specific target IP for open ports, and subsequently performs a SYN Flood attack. 2.1 Starter Code 1 class TcpAttack (): 2 def __init__ ( self , spoofIP :str , targetIP :str )-> None : 3 # spoofIP : String containing the IP address to spoof 4 5 def scanTarget ( self , rangeStart :int , rangeEnd :int )-> None : 6 # rangeStart : Integer designating the first port in the range of ports being scanned 7 # rangeEnd : Integer designating the last port in the range of ports being scanned 8 # return value : no return value , however , writes open ports to openports .txt 9 10 def attackTarget ( self , port :int , numSyn :int )->int : 11 # port : integer designating the port that the attack will use 12 # numSyn : Integer of Syn packets to send to target IP address at the given port 13 # If the port is open , perform a DoS attack and return 1. Otherwise return 0 14 1 15 if __name__ == ” __main__ “: 16 # Construct an instance of the TcpAttack class and perform scanning and SYN Flood Attack 2.2 Program Requirements Construct a class called TcpAttack that implements both open port scanning and the SYN flood attack. A breakdown of how you might use the starter code to accomplish this is as follows: 1. Define the constructor of the TcpAttack class: • The constructor is an inbuilt function of the class that gets executed when creating new instances of that class. • Every instance of the TcpAttack class has two instance variables, spoofIP and targetIP. Thus the constructor of this class accepts two strings as arguments. (a) spoofIP: Any IP that is not your own machine’s (b) targetIP: The target of the scan and the SYN Flood attack (c) Note that there is a flexibility in how you express the IPs. They can either be expressed as symbolic hostnames or in the corresponding dotted decimal notation. 2. Define the scanTarget class method: • The method accepts two integer arguments: – rangeStart: The first port in the range of ports to be scanned – rangeEnd: The last port in the range of ports to be scanned • This method scans the target machine for open ports in the range [rangeStart, rangeEnd] and writes all open ports detected into an output file called openports.txt • The format of openports.txt should be one open port per line in ascending order. 3. Define the attackTarget class method • This method accepts two integer arguments: – port: The port number on which the attack will be mounted on 2 – numSyn: The number of SYN packets to be sent to the target on the specified port • This method first verifies if the specified port is open. If so, perform the DoS attack and return 1. Otherwise return 0 2.3 Program Dependencies For this assignment, you will need to use a combination of functions from the socket [2] and scapy [1] libraries. Feel free to consult the official documentation for these modules, as well as Prof. Kak’s implemenation in Lecture 16.15. • socket: a module that allows you to set up a socket connection • scapy: a module that allows you to create and send network packets Please note that you will need to install scapy in order to use its defined methods and objects. If you elected to create a conda environment at the beginning of the semester, installing scapy is as easy as running the following command in your ece404 conda environment. 1 pip install scapy 2.4 Implementation Details for SYN Flood Attack Note that SYN flood attacks have become more difficult to mount over the years. As shown in Lecture 16.14 of the lecture notes, most ISP’s now use BCP 38 ingress filtering to prevent spoofing over a router. Therefore you would have to do the spoofing attack between two computers on the same LAN where the packets would not go through a router. For this assignment, it is totally acceptable if you do not actually manage to cause a DoS outside your LAN or do not have the means to do it with another computer on the same LAN. We are simply looking to see that a theoretical attack is implemented correctly. 2.5 How to Tell that Your Program is Working To test that the target machine is actually receiving packets, you should run tcpdump (or some equivalent program) while your script is running to see that you are actually sending packets to the target IP address (i.e. start 3 tcpdump and then run your program). If you are using Windows, you can use Wireshark instead of tcpdump to look at the packets. In the event that you are on a busy network, you can use tcpdump to selectively sniff packets as outlined in Lecture 16. To further avoid clutter, you can optionally turn off all other applications connecting to the internet. As mentioned below, you will include output from these programs in your homework submission. If you do not have access to another computer to test on, you can use Prof. Kak’s machine in RVL whose symbolic hostname is moonshine.ecn.purdue.edu. 2.6 How Your Code Will Be Tested Your source code will be tested with a script similar to the one below: 1 from TcpAttack import * 2 3 spoofIP = ’10.10.10.10 ’ 4 targetIP = ’moonshine .ecn. purdue .edu ’ 5 6 rangeStart = 1000 7 rangeEnd = 4000 8 9 port = 1716 10 numSyn = 100 11 12 tcp = TcpAttack ( spoofIP , targetIP ) 13 tcp . scanTarget ( rangeStart , rangeEnd ) 14 15 if tcp . attackTarget ( port , numSyn ): 16 print ( f” Port { port } was open , and flooded with { numSyn } SYN packets “) 3 Submission Instructions • For this homework you will be submitting a zip file titled hw08 .zip, which consists of: – A pdf titled hw08 .pdf containing: ∗ Output (e.g. screenshots) from tcpdump (or equivalent program) of both the port scanning and syn flood attack. Your 4 PDF should indicate in the tcpdump output (e.g. highlight, circle, etc.) which packets were sent as a result of the program you wrote. ∗ Example screenshots have been provided below in section 4 – The file TcpAttack.py containing your code for the programming problem. 4 Example Screenshots From tcpdump Figure 1: tcpdump output indicating port scanning Figure 2: tcpdump output indicating SYN flood attack on port 1716 References [1] Scapy: interactive packet manipulation tool. URL https://pypi.org/ project/scapy/. [2] Socket: Low-level networking interface. URL https://docs.python. org/3/library/socket.html.