Академический Документы
Профессиональный Документы
Культура Документы
SIDDAGANGA POLYTECHNIC
Department of Computer Science & Engineering
2013-2014
INSTALLING CYGWIN
PREREQUISITES:
1. Make sure that you are using a version of Windows supported by Cygwin, and that you have
sufficient disk space and time available for the installation, as indicated above.
2. If your Windows login name contains a space character, consider changing it or creating a
separate login for use with Cygwin. The Cygwin installer names your home directory
according to your Windows login name. It is usually possible to work around problems caused
by directory or file names that contain spaces
3. Some virus scanners may interfere with Cygwin installation. If you encounter problems,
consider disabling your virus scanner during Cygwin installation and re-enabling it afterwards.
A window titled Cygwin Net Release Setup Program appears. Click Next to get
started.
8. Choose A Download Source: Accept the default ("Install from Internet") and click Next.
9. Select Root Install Directory: Accept the defaults ("C:/cygwin", All Users, Unix) and
click Next.
10. Select Local Package Directory: Accept the default or change it to any temporary
directory of your choice, but make a note of it.
11. Select Your Internet Connection: The default should be correct for most users. Change
it only if you encounter problems.
12. Choose A Download Site: Select a nearby Cygwin mirror site from which to download
the Cygwin packages. Speeds may vary considerably from site to site.
13. Select Packages: If you wish to do a full installation, click on the rotating selector next
to "All" (at the top of the Category list) so that the indicator to its right changes from
"Default" to "Install". Click Next and skip ahead to step 14.
14. If you wish to do a custom installation, click the View button so that the indicator to its
right changes from "Category" to "Full".
15. Once all selected package files have been downloaded and checked, they are unpacked
into the Cygwin root install directory.
Create Icons: Unless these icons already exist from a previous Cygwin installation,
make sure the boxes are checked and click Finish.
USING CYGWIN
As noted, Cygwin provides a Unix-like environment under Windows. The installation
directory (by default, c:\cygwin) is the root of the Unix-like file system, which contains bin, etc,
home, tmp, and usr directories as would be found on a GNU/Linux or other Unix system.
Within home will be one or more subdirectories, each allocated to a Windows user.
To begin, click on the Cygwin desktop icon, or choose the Cygwin entry from your start
menu, to open a Cygwin terminal window. Within this window, the GNU bash shell is
running, with POSIX syntax (directory separators are '/', not '\'). Initially, the current
(working) directory is /home/user, where user is your Windows login name. Don't use this
directory if your Windows login name contains a space; make another and use that one
instead, e.g., by typing these commands at the bash prompt:
mkdir /home/bob
echo "export HOME=/home/bob" >>.bashrc
echo "export HOME=/home/bob" >>.bash_profile
cp .bashrc .bash_profile /home/bob
echo "cd" >>.bashrc
Close your Cygwin terminal window and open another one; your current directory should
now be /home/bob (or whatever you chose to call it).
2. Perform an experiment to grab a banner with telnet and perform the task using
Netcat.
BANNER GRABBING
In the context of Computer Networking, Banner Grabbing is a technique to determine which
application or service is running on the specified port by attempting to make a connection to
this host.
Banner Grabbing is an enumeration technique used to get information about computer
systems on a network and the services running its open ports. Administrators can use this to
take inventory of the systems and services on their network. An intruder however can use
banner grabbing in order to find network hosts that are running versions of applications and
operating systems with known exploits.
Banner Grabbing can be performed in two ways.
1. ONLINE (Thru Internet connection by connecting to remote websites)
2. OFFLINE (Thru Local LAN or with Virtual Box Guest OS)
Some examples of service ports used for banner grabbing are those used by Hyper Text
Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol
(SMTP); ports 80, 21, and 25 respectively. Tools commonly used to perform banner
grabbing are Telnet- which is included with most operating systems and Netcat.
Introduction to telnet
For banner grabbing, we will be using the Telnet client. The telnet client is more of a legacy
piece of command line software that is still installed on most Operating Systems by default.
The basic telnet syntax is: telnet [target ip] [port]
Working with telnet:
1. First Enable the TELNET service on your computer by typing the command given;
Type the command SERVICES.MSC in run command menu, Click on Telnet service and
enable the service, select it automatic and Click Start.
2. Open Command prompt and type the following ;
telnet www.rediff.com 80 (http port) and press enter key twice.
3. After suceesful connection type following request and press enter twice:
Get head /1.0
4. Now you can see the rediff website web servers information.
5. You can also try it on your local machine connecting to your Guest OS like
telnet Guest IP address(example: 192.168.56.101 80) and press enter twice.
C:/ns> nc www.targethost.com 80
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Mon, 11 May 2009 22:10:40 EST
Server: Apache/2.0.46 (Unix) (Red Hat/Linux)
Last-Modified: Thu, 16 Apr 2009 11:20:14 PST
ETag: "1986-69b-123a4bc6"
Accept-Ranges: bytes
Content-Length: 1110
Connection: close
Content-Type: text/html
Introduction to Netcat
Netcat is a computer networking service for reading from and writing network
connections using TCP or UDP. Netcat is designed to be a dependable back-end device
that can be used directly or easily driven by other programs and scripts. At the same time, it
is a feature-rich network debugging and investigation tool, since it can produce almost any
kind of correlation you would need and has a number of built-in capabilities.
Netcat is often referred to as a "Swiss-army knife for TCP/IP." Its list of features
includes port scanning, transferring files, and port listening, and it can be used as a
backdoor.
Netcat is one of the most commonly used anti-hacking tool. It provides a basic TCP/UDP
networking subsystem that allows users to interact manually or via script with network
applications and services on the application layer. It lets us see raw TCP and UDP data
before it gets wrapped in the next highest layer such as File Transfer Protocol (FTP), Simple
Mail Transfer Protocol (SMTP), or Hypertext Transfer Protocol (HTTP).
Features of Netcat:
Some of netcat's major features are:
[Note: Before using netcat command, please install the IIS-Internet Information Server from Add/Remove
components on your Guest OS]
~~~~***~~~~
10
3. Perform an experiment for Port Scanning with nmap, superscan or any other
equivalent software
Port scanning: Port scanning or scanning is when intruders collect information on the
network services on a target network. Here, the intruder attempts to find open ports on the
target system.
The different scanning methods that network attackers use are:
1. Vanilla scan/SYNC scan: TCP SYN packets are sent to each address port in an attempt
to connect to all ports. Port numbers 0 65,535 are utilized.
2. Strobe scan: Here, the attacker attempts to connect to a specific range of ports that are
typically open on Windows based hosts or UNIX/Linux based hosts.
3. Sweep: A large set of IP addresses are scanned in an attempt to detect a system that has
one open port.
4. Passive scan: Here, all network traffic entering or leaving the network is captured and
traffic is then analyzed to determine what the open ports are on the hosts within the
network.
5. User Datagram Protocol (UDP) scan: Empty UDP packets are sent to the different
ports of a set of addresses to determine how the operating responds. Closed UDP ports
respond with the Port Unreachable message when any empty UDP packets are
received. Other operating systems respond with the Internet Control Message Protocol
(ICMP) error packet.
6. FTP bounce: To hide the attackers location, the scan is initiated from an intermediary
File Transfer Protocol (FTP) server.
7. FIN scan: TCP FIN packets that specify that the sender wants to close a TCP session
are sent to each port for a range of IP addresses.
Zenmap/Nmap:
Nmap ("Network Mapper") is a free and open source (license) utility for network
exploration or security auditing. Many systems and network administrators also find it useful
for tasks such as network inventory, managing service upgrade schedules, and monitoring
host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are
available on the network, what services (application name and version) those hosts are
offering, what operating systems (and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly
scan large networks, but works fine against single hosts.
Nmap runs on all major computer operating systems, and official binary packages are
available for Linux, Windows, and Mac OS X. Nmap is executable in classic command-line
and an advanced GUI results viewer Nmap can recognise five port states such as: Closed,
Filtered, Unfiltered, Open-filtered and Closed-Filtered.
11
12
<<<<<<
>>>>>>>
13
Open the terminal and enter the following commands on Command Prompt:
1. Find Open ports on a system
nmap -v 192.168.1.82
2. Find machines which are active in network.
nmap -sP 192.168.1.1-90
3. Service and version detection by Nmap
nmap -sV 192.168.1.88
4. Find the version of softwares installed on other system
nmap A T4 192.168.1.88
14
4. Using nmap
Nmap Features:
Flexible: Supports dozens of advanced techniques for mapping out networks filled
with IP filters, firewalls, routers, and other obstacles. This includes many port
scanning mechanisms (both TCP & UDP), OS detection, version detection, ping
sweeps, and more. See the documentation page.
Powerful: Nmap has been used to scan huge networks of literally hundreds of
thousands of machines.
Portable: Most operating systems are supported, including Linux, Microsoft
Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS,
Amiga, and more.
Easy: While Nmap offers a rich set of advanced features for power users, you can
start out as simply as "nmap -v -A targethost". Both traditional command line and
graphical (GUI) versions are available to suit your preference. Binaries are available
for those who do not wish to compile Nmap from source.
Free: The primary goals of the Nmap Project is to help make the Internet a little more
secure and to provide administrators/auditors/hackers with an advanced tool for
exploring their networks. Nmap is available for free download, and also comes with
full source code that you may modify and redistribute under the terms of the license.
Well Documented: Significant effort has been put into comprehensive and up-to-date
man pages, whitepapers, tutorials, and even a whole book! Find them in multiple
languages here.
Supported: While Nmap comes with no warranty, it is well supported by a vibrant
community of developers and users. Most of this interaction occurs on the Nmap
mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but
only after you read the guidelines. We recommend that all users subscribe to the lowtraffic nmap-hackers announcement list. You can also find Nmap on Facebook and
Twitter.
Acclaimed: Nmap has won numerous awards, including "Information Security
Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been
featured in hundreds of magazine articles.
Popular: Thousands of people download Nmap every day, and it is included with
many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD,
etc). It is among the top ten (out of 30,000) programs at the Net repository.
15
16
*********
17
18
19
20
5.
6.
7.
8.
~~~((((((
))))))~~~
21
22
6. Performa an experiment to demonstrate how to sniff for router traffic by using the
tool Cain and Abel / Wireshark / tcpdump
Sniffer attack: Sniffing refers to the process of capturing and analyzing network traffic.
The packets contents on a network are analyzed. The tools that attackers use for sniffing are
called sniffers or more correctly, protocol analyzers. While protocol analyzers are really
network troubleshooting tools, hackers also use them for malicious purposes.
A sniffer is an application or device that can read, monitor, and capture network data
exchanges and read network packets. If the packets are not encrypted, a sniffer provides a
full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken
open and read unless they are encrypted and the attacker does not have access to the key.
Sniffers monitor, capture, and obtain network information such as passwords and valuable
customer information. When an individual has physical access to a network, he/she can
easily attach a protocol analyzer to the network and then capture traffic. Remote sniffing can
also be performed and network attackers typically use them.
Using a sniffer, an attacker can do any of the following:
Analyze your network and gain information to eventually cause your network to crash
or to become corrupted.
There are a number of common sniffers that network security administrators and malicious
hackers use: Dsniff, Ethereal, Etherpeek, Network Associatess Sniffer, Ngrep, Sniffit,
Snort, Tcpdump, Windump.
To protect against sniffers, implement Internet Protocol Security (IPSec) to encrypt network
traffic so that any captured information cannot be interpreted.
23
24
25
26
27
8. Perform an wireless audit of an access point / router and decrypt WEP and
WPA. (Using NetStumbler or airsniff)
Wireless LAN Auditing
A corporate network administrator needs assure that the wired LAN is not being
exposed to unauthorized users. This can often happen when users set up their own
wireless LANs for convenience. Such wireless LANs often have little or no security,
which poses a risk to the entire LAN. The network administrator can use NetStumbler
to detect the presence of these "rogue" wireless LANs.
If your LAN uses DHCP, make sure that DHCP is enabled on your wireless LAN card.
You will then be able to tell if networks that you find are connected to your network.
Wireless LAN Coverage Verification
The owner of a wireless LAN can use NetStumbler to verify that an area is well covered
by a good quality signal. NetStumbler can also be used to see how far the coverage area
extends beyond its intended boundary.Configure the wireless LAN card with the SSID
and other settings of the LAN being verified.
Site Survey
When installing or troubleshooting a wireless LAN, it is important to pick locations and
channels in such a way that interference is minimized. A site survey typically includes
finding out what existing items (microwave ovens, cordless phones, radio hams) are
using the radio frequencies as the wireless LAN. A survey should done before
installation of a new wireless LAN, and then subsequent surveys should be performed
after installation. A full site survey requires special hardware such as an RF spectrum
analyzer, but NetStumbler can also be used as part of a site survey.
Use a wireless card that reports noise levels. High noise levels are one of the indicators
of interference.
Wardriving
Wardriving is the sport of detecting and/or locating wireless LANs. NetStumbler is a
very popular tool for wardriving, because of its ease of use and GPS integration.
Encryption: The word "WEP" will appear on an encrypted network, regardless of
whether it is really using WEP.
28
NetStumbler is "beggarware". This means that you do not have to pay for a license
to use it. NetStumbler is a tool for Windows that allows you to detect Wireless Local
Area Networks (WLANs) using 802.11b, 802.11a and 802.11g (IEEE standards).
Netstumbler: NetStumbler (Network Stumbler) is one of the Wi-Fi hacking tool which
only compatible with windows, this tool also a freeware. With this program, we can
search for wireless network which open and infiltrate the network. Its having some
compatibility and network adapter issues. NetStumbler will start in a record mode and
will automatically configure our wireless card, soit's as simple as launching the tool
while our wireless card is enabled.Some APs have lock symbols in the green bubble
indicate that the AP has encryption enabled.
NetStumbler uses:
29
30
Latitude, Longitude, Distance: If you are using a GPS receiver, this indicates the estimated
position of the object. This position is currently the location where the strongest signal was
seen, which is never the actual location. Distance is measured from your current position to
the object's estimated position.
Graph View
The data that appears in the graph view is somewhat dependent on your hardware and
device driver.
The green bars indicate signal strength. The higher the bar, the better the signal.
The red bars, if available, indicate noise level. The higher the bar, the higher the
noise.
The gap between the green and red bars is equivalent to signal to noise ratio.
A purple bar indicates loss of signal, possibly temporary.
To avoid using the networks that you observe, go to the Network Control Panel and
unbind TCP/IP from your wireless LAN card.
The graph view will automatically scroll to keep up with new data if you are viewing the
rightmost part of it.
decibel : dBm is a decibel unit that measures power. 0 dBm is equivalent to 1 milliwatt. 30
dBm is equivalent to 1 watt. A decibel is a logarithmic measure of something compared
with a defined reference point. An increase of 10 dB corresponds to the value being
multiplied by 10. A decrease of 10 dB corresponds to the value is divided by 10.
Access Points (APs) that do have encryption enabled. One of the flaws with the latest
version of NetStumbler is that all enabled encryption is displayed as WEP.
Decrypt 802.11
Wireshark can decrypt WEP and WPA/WPA2 in pre-shared (or personal) mode.
WPA/WPA2 enterprise mode decryption is not yet supported.
You can add decryption keys using Wireshark's 802.11 preferences or by using the
wireless toolbar. Up to 64 keys are supported.
31
then your version of Wireshark only supports WEP decryption. This might be the case
with older versions of Wireshark, particularly the 64-bit Windows version.
In all versions WEP keys can be specified as a string of hexadecimal numbers, with or
without colons:
a1:b2:c3:d4:e5
0102030405060708090a0b0c0d
In versions that support WPA decryption you should use a prefix to tell
Wireshark what kind of key you're using:
wep The key is parsed as a WEP key.
wep:a1:b2:c3:d4:e5
wpa-pwd The password and SSID are used to create a raw pre-shared key.
wpa-pwd:MyPassword:MySSID
32
33
34
1.
35
ARP Spoofing attack is the egression of unsolicited ARP messages. These ARP messages
contain the IP address of a network resource, such as the default gateway, or a DNS server,
and replaces the MAC address for the corresponding network resource with its own MAC
address. Network devices, by design, overwrite any existing ARP information in conjunction
with the IP address, with the new, counterfeit ARP information. The attacker then takes the
role of man in the middle; any traffic destined for the legitimate resource is sent through the
attacking system. As this attack occurs on the lower levels of the OSI model, the end-user is
oblivious to the attack occurrence.
ARP Poisoning is also capable of executing Denial of Service (DoS) attacks. The
attacking system, instead of posing as a gateway and performing a man in the middle attack,
can instead simply drop the packets, causing the clients to be denied service to the attacked
network resource. The spoofing of ARP messages is the tributary principal of ARP
Poisoning.
Address Resolution Protocol (ARP) poisoning is a type of attack where the Media
Access Control (MAC) address is changed by the attacker. Also, called an ARP spoofing
attacks, it is effective against both wired and wireless local networks. Some of the things an
attacker could perform from ARP poisoning attacks include stealing data from the
compromised computers and prevent legitimate access to services, such as Internet service.
Thus MAN in MIDDLE watch the traffic between Source and Target machines.
MAC address is a unique identifier for network nodes, such as computers, printers, and other
devices on a LAN. MAC addresses are associated to network adapter that connects devices
to networks. The MAC address is critical to locating networked hardware devices
because it ensures that data packets go to the correct place. ARP tables, or cache, are used to
correlate network devices IP addresses to their MAC addresses.
36
When a device to be able to communicate with another device with a known IP Address but
an unknown MAC address the sender sends out an ARP packet to all computers on the
network. The ARP packet requests the MAC address from the intended recipient with the
known IP address. When the sender receives the correct MAC address then is able to send
data to the correct location and the IP address and corresponding MAC address are store in
the ARP table for later use.
ARP poisoning is when an attacker is able to compromise the ARP table and changes the
MAC address so that the IP address points to another machine. If the attacker makes the
compromised devices IP address point to his own MAC address then he would be able to
steal the information, or simply eavesdrop and forward on communications meant for the
victim. Additionally, if the attacker changed the MAC address of the device that is used to
connect the network to Internet then he could effectively disable access to the web and other
external networks.
Cain & Abel : It is a nifty program that deals with recovering lost passwords using the
most powerful and tough decryption algorithms. It is capable to quickly and efficiently
retrieve Outlook and network passwords and to display passwords underneath asterisks.
Most encrypted passwords are breakable using this program via Dictionary, Brute-Force
and Cryptanalysis attacks. Decrypting scrambled passwords or wireless network keys is not
a challenge either. Besides the ability to record VoIP conversations, the application also
features the possibility to analyze route protocols.
Working with Cain& abel:
1. Go to the web site http://www.oxid.it/cain.html
2. Click on download option and support path to save the setup file.
3. Double click on ca_setup.exe icon to run setup.
4. Accept License agreement and Click on Next button.
5. Specify the destination folder to install Cain & Abel click on Next.
6. It asks WinPcap to install if not installed earlier.
7. Accept the License agreement and Click on Next button to install WinPcap.
8. Double Click on Cain icon on desktop to run the tool.
9. Click on Sniffer menu.
SIDDAGANGA POLYTECHNIC, Tumkur-3
37
toolbar.
17. APR enables you to poison IP traffic between the selected host .
18. Click on any IP address on the left side list and the other IP selected on the right side.
19. Left Click on Right side on the IP address and Click OK.
20. Watch the poisoning effect FROM and TO IP address.
--------QQQQQQQ-------
38
39
40
2.
Demonstrate Intrusion Detection System (IDS) using any tool such as Snort
or any other Software.
With the development of network technologies and applications, network attacks are
greatly increasing both in number and severity. As a key technique in network security
domain, Intrusion Detection System (IDS) plays vital role of detecting various kinds of
attacks and secures the networks. Main purpose of IDS is to find out intrusions among
normal audit data and this can be considered as classification problem. Intrusion detection
systems (IDS) are an effective security technology, which can detect, prevent and possibly
react to the attack. It performs monitoring of target sources of activities, such as audit and
network traffic data in computer or network systems, requiring security measures, and
employs various techniques for providing security services. With the tremendous growth of
network-based services and sensitive information on networks, network security is becoming
more and more important than ever before.
Intrusion : Attempting to break into or misuse your system. Intruders may be from outside
the network or legitimate users of the network. Intrusion can be a physical, system or remote
intrusion.
Intrusion Detection Systems look for attack signatures, which are specific patterns that
usually indicate malicious or suspicious intent.
About Snort:
Snort is an open source network intrusion prevention system, capable of performing realtime traffic analysis and packet logging on IP networks. It can perform protocol analysis,
content searching/matching, and can be used to detect a variety of attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting
attempts, and much more.
Snort has three primary uses: It can be used as a straight packet sniffer like tcpdump, a
packet logger (useful for network traffic debugging, etc), or as a full blown network
intrusion prevention system.
The privacy of the Snort community is very important to Sourcefire. If you choose to optout, the information collected at the time of registration will not be used for any Sourcefire
marketing efforts. In addition, Sourcefire will not sell or distribute any personal information
to 3rd party companies.
SNORT can be configured to run in three modes:
1. Sniffer mode
41
Packet Logger mode : snort dev l c:\log [create this directory in the C drive] and
snort will automatically know to go into packet logger mode, it
collects every packet it sees and places it in log directory.
Network Intrusion Detection System mode : snort d c:\log h ipaddress/24 c nort.conf
This is a configuration file applies rule to each packet to decide
it an action based upon the rule type in the file.
++++++++++++++
++++++++++++++
42
3.
43
The term Rootkit originally referred to a collection of tools used to gain administrative
access on UNIX operating systems.
The collection of tools often included well-known system monitoring tools that were
modified to hide the actions of an unauthorized user. An unauthorized user would replace
the existing tools on the system with the modified versions preventing authorized users from
discovering the security breach.
Rootkits in Windows refers to programs that use system hooking or modification to hide
files, processes, registry keys, and other objects in order to hide programs and behaviors. In
particular, Windows rootkits do not necessarily include any functionality to gain
administrative privileges. In fact, many Windows rootkits require administrative privileges
to even function.
Two basic classes of Windows rootkits : kernel mode rootkits & user mode rootkits.
Rootkit - A tool used to protect backdoors and other tools from detection by
administrators
ROOTKITS :
Rootkit is a malicious software program, used to gain elevated access to a computer while it
remains hidden from the owner of the computer and installed security software. Rootkits
typically run at a low level and load before the computer's operating system to remain
hidden. The rootkit can then divert any OS functions that would reveal its presence and
display manipulated results to the user.
Malicious users or software often install a rootkit once they have gained access to a
computer, through vulnerabilities in the computer's software or through gaining the
password by social engineering, for example. The rootkit allows them continued access to
the computer, but it leaves no trace of their activity, as it would if they were logged in
through a normal user account. Once installed, the rootkit owner can access the computer at
any time to run software, or to control the computer remotely.
WHY ROOT KITS ARE USED
Root kits are used by criminals for a variety of purposes, usually to turn a computer into
part of a botnet, which can then, in turn, go on to infect other computers or send spam email
messages. The rootkit owner can install keyloggers to capture user-entered passwords for
online banking and similar activities, or steal the users personal details to use for identity
fraud. If the rootkit owner uses the computer for criminal acts, such as breaking into other
computers, it will appear as if the computer owner is responsible if authorities trace the
connection.
o
44
changes common functions to hide its existence. For example, the root kit could intercept
calls for a list of files in a directory, removing its own file names before showing the results
to the user, so it would appear as if the directory is clean. Both anti-virus and security
software programs are vulnerable to the effects of a root kit, which runs at a lower level,
ensuring the anti-virus software cannot detect or remove it. This leads the anti-virus
software into believing the system is clean, when it is actually infected and running
malicious software.
Current Rootkit Capabilities:
Root kits Hide processes, Hide files, Hide registry entries, Hide services, Completely
bypass personal firewalls, Undetectable by antivirus, Remotely undetectable, Covert
channels - undetectable on the network, Defeat cryptographic hash checking, Install silently,
All capabilities ever used by viruses or worms
o
***
45
46
The openssl program provides a rich variety of commands, each of which often has a wealth
of options and arguments (command_opts and command_args in the SYNOPSIS). The
pseudo-commands list-standard-commands, list-message-digest-commands, and list-ciphercommands output a list (one entry per line) of the names of all standard commands, message
digest commands, or cipher commands, respectively, that are available in the present openssl
utility.
STANDARD COMMANDS
openssl
passwd
pkcs12
pkey
rand
ts
version
-Base64 Encoding
-RSA key management.
-Generation of RSA Private Key. Superceded by genpkey.
-Generation of Private Key or Parameters.
Syntax:
47
48
13. Setup a honey pot and monitor the honey pot on network.
SIDDAGANGA POLYTECHNIC, Tumkur-3
49
50
9. Double clicking a record in the list view of the main window will open the Packet Log
viewer window. On the upper left hand side of the window is the Connection Details
which displays basic information about the selected hit including the total number of
bytes sent and bytes received for that hit.
In the upper right hand side the application displays the Packet History list view of all
transmitted and received IP packets associated with the hit.
10. By clicking on a record in the Packet History box you can view the complete Packet
data in the lower window.
11. All log files are saved by default to c:\honeybot\logs folder. Log files store information
relating to the hits on the system and also store all data received and sent to the attacking
computer.
12. Click on the red stop button to shut down all listening services and terminate all
existing open sockets.
Uninstalling HoneyBOT
Click the Uninstall HoneyBOT icon in the programs start menu to uninstall HoneyBOT and
follow the prompts.
*)))))
(((((
51
14. Install JCrypt tool (or any other equivalent) and demonstrate Asymmetric, Symmetric
crypto algorithm, Hash and Digital/PKI signatures studied in theory Network Security and
Management.
52
STEPS:
1. Download and install jcryptool.
2. Open jcryptool.
3. Open the text editor in jcryptool & write the msg which you want to encrypt.
53
54
55
56
57
58
59
60
61
62
63
15. Install IPCop on a linux system and learn all the functions available on
the software.
IPCOP Linux is a complete Linux distribution. Its sole purpose is to protect the network. Its
main features are: IP table network filter, All types of Drive Support and Quad Network
support such as GREEN(Internal Trusted Network), BLUE(Wireless Semi-Trusted Network,
ORANGE(Demilitarized Zone
for internet Access Servers,
RED(The Internet)
64
65
66
67
Initial Setup
Having installed IPCop we now have to enter some further configuration information in
setup for our setup to be complete.
Enter in Keyboard, Time Zone and Hostname/Domain.
ISDN Setup As we are not using ISDN we should select to disable it
Network Configuration Type - Select the Interface configuration we will be running by
tabbing to Network Configuration Type and hit the Enter key.
Password Setup - IPCop has 2 users which we will be asked to setup passwords for the root
SIDDAGANGA POLYTECHNIC, Tumkur-3
68
and admin. Set these both to a strong password > 8 character password that is not a word in
any language and contains Caps. A good example would be 1luv19c0p. Root password will
be used to log on and add any add-ons or upgrades via SSH. Admin user is used to manage
our IPCop day to day.
Since we have 3 interfaces and only have set up Green, repeat the interface setup options for
the Red and Orange interfaces as described above.
Configure the RED interface to use DHCP as this is interface connected to the Internet (i.e.
Our ISP). Then configure our ORANGE interface to use the 192.168.10.x address space. For
Red tab over to the DHCP box and select it by hitting Enter. So if our Green network will
contain 15 hosts we can use 192.168.1.2-16. To set this up simply add in this range
192.168.1.2-16 and tab down to OK.
69
70