2018-19 A CC5004NI A2 CW2 CourseWork 17030830 Binod Belbase

Module Code & Module Title
CS5004NI Security in Computing
Assessment Weightage & Type

30% Individual Coursework
Year and Semester

2018-19 Autumn
Student Name: Binod Belbase

London Met ID: 17030830
College ID: NP01NT4A170101
Assignment Due Date: 2nd May
Assignment Submission Date: 2nd May

Word Count (Where Required): 3623
I confirm that I understand my coursework needs to be submitted online via Google Classroom under the
relevant module page before the deadline in order for my assignment to be accepted and marked. I am
fully aware that late submissions will be treated as non-submission and a marks of zero will be awarded.
Table of Contents
1. Abstract ....................................................................................................................... 1
1.1 Acknowledgement ................................................................................................. 1
1.2 Aims and Objective ................................................................................................ 1
1.3 Key Findings .......................................................................................................... 2
2. Introduction ................................................................................................................. 2
2.1 DNS ....................................................................................................................... 2
2.2 DNS Spoofing ........................................................................................................ 2
3. Background ................................................................................................................. 4
3.1 History ................................................................................................................... 4
3.2 Current Scenario.................................................................................................... 4
4. Demonstration ............................................................................................................. 6
4.1 GNS3 ..................................................................................................................... 6
4.2 Ettercap ................................................................................................................. 6
4.3 Attack Process ....................................................................................................... 6
4.3.1 Topology ......................................................................................................... 6
4.3.2 Configuration on windows 7 PC ...................................................................... 7
4.3.3 Configuration on Kali Linux ............................................................................. 8
4.3.4 Ifconfig in Kali Linux ........................................................................................ 9
4.3.5 Ipconfig in windows 7 ...................................................................................... 9
4.3.6 Ping from kali to windows 7 ........................................................................... 10
4.3.7 Ping from windows to Kali Linux.................................................................... 10
4.3.8 Command on kali Linux to run Ettercap ........................................................ 11
4.3.9 Ettercap Configuration .................................................................................. 11
4.3.10 Use of gedit command ................................................................................ 24
4.3.11 Editing etter.dns file ..................................................................................... 25
4.3.12 Creating our own portal ............................................................................... 27
4.3.13 Running apache2 server ............................................................................. 30
4.3.14 Checking if attack worked ........................................................................... 31
5. Mitigation ................................................................................................................... 32
5.1 Firewall ................................................................................................................ 32
5.2 ACL...................................................................................................................... 34
6. Evaluation ................................................................................................................. 36
6.1 Pros: .................................................................................................................... 36
6.2 Cons: ................................................................................................................... 37
6.3 CBA: .................................................................................................................... 37
7. Conclusion ................................................................................................................ 38
8. Bibliography .............................................................................................................. 39
Table of Figures
Figure 1: DNS Spoofing .................................................................................................. 3
Figure 2: DNS Spoof: Current Scenario .......................................................................... 5
Figure 3: Network Topology ............................................................................................ 6
Figure 4: IP Configuration in Windows 7 ......................................................................... 7
Figure 5: IP configuration in Kali Linux ............................................................................ 8
Figure 6: ifconfig command in Terminal .......................................................................... 9
Figure 7: Ipconfig command in Command Prompt .......................................................... 9
Figure 8: Ping to windows 7 from Kali Linux.................................................................. 10
Figure 9: Ping from windows 7 to Kali Linux.................................................................. 10
Figure 10: Running Ettercap ......................................................................................... 11
Figure 11: Ettercap home screen .................................................................................. 11
Figure 12: Ettercap configuration: Step 1 ...................................................................... 12
Figure 21: Ettercap configuration: Step 10 .................................................................... 20
Figure 25: gedit command ............................................................................................. 24
Figure 26: etter.dns file.................................................................................................. 25
Figure 27: etter.dns file editing ...................................................................................... 26
Figure 28: location of index.html file .............................................................................. 27
Figure 29: Editing index.html file ................................................................................... 28
Figure 30: Display of attackers web page ..................................................................... 29
Figure 31: Starting apache2 server ............................................................................... 30
Figure 32: Accessing the Kali Linux IP .......................................................................... 31
Figure 33: Accessing facebook.com server ................................................................... 32
Figure 34: Turning on Firewall ....................................................................................... 33
Figure 35: Spoof Packet blocked after turning Firewall on ............................................ 34
Figure 36: ACL configuration ......................................................................................... 35
Figure 37: Spoof packets blocked after ACL Configuration ........................................... 36
Security in Computing
1. Abstract
The following report is based on the theoretical and the practical study of the ethical
hacking to study the vulnerabilities and improve the security of the system of any
organization or institution. The report is completed in different tasks. At first the
introduction on the DNS and DNS spoofing is well described along with the current
scenario of the DNS spoofing. The details of the purpose of doing this report is described.
The report consists of the process of the ethical hacking where windows 7 is attacked
from Kali Linux. The DNS server is attacked using inbuilt tool of kali Linux called Ettercap
which helped in carrying out all the process of attack. The DNS spoofing is performed in
windows pc and the mitigation technique is also presented with different figures and
explanation.
1.1 Acknowledgement
The completion of the semester and the coursework would not have been possible
without the guidance of Mr. Akchyat Bikram Joshi, module leader of our yearlong module
Security in Computing. I would like to thank dear sir for holding my hand through the entire
period of this module. I personally thank you for providing all those studying materials
which includes all the lecture, tutorial and workshop contents along with all the tutorial
videos which helped in the proper study and research about the ethical hacking.
A debt of gratitude to my beloved friends and the whole Islington family for making
this semester such a wonderful time and helping me in every steps in my study.
1.2 Aims and Objective

The main aim of this report is to understand about the ethical hacking and use it to
mitigate the vulnerability in the system to make the system more secure.
The objectives of the report are:
 To study and research about the process of ethical hacking.

 To perform the vulnerability assessment and penetration testing on any
system.
1
Binod Belbase 17030830 CC5004NI
 To mitigate the found vulnerabilities and make the system more secured
and critically evaluate the selected mitigation strategy.
1.3 Key Findings

From the report it is found out that DNS spoofing is widely spread attack done in
the web portals so as to steal the valuable login credentials of important persons. We also
knew that the proposed attack is easier to launch and requires a minimum bandwidth and
resource as compared to other well-known attacks. The proposed DNS spoofing attack
can target a single victim without affecting the other clients on the network. We also find
out that the proposed mitigation techniques are not so effective in the real network setup
and also the detection and mitigation techniques are unable to detect the attack.
2. Introduction
2.1 DNS
DNS stands for Domain Name System which is one of the fundamentals of the
internet which is used by all the internet users every day to do their day-to-day job, check
emails or just simply waste their time on their smartphone yet normal people outside of
networking don’t realize it. In simple words DNS can be well explained as the dictionary
of the names that match with numbers and the numbers are in this case IP addresses
which is used to communicate with one computer to the other. In laymen DNS is like our
phone contact list which matches people’s names with the phone numbers or email
addresses. Similarly domain name corresponds with the contact name and the phone
numbers corresponds with the IP address. So each time the user enters the domain
name, it is mapped with the corresponding unique IP address to download the web
contents from it to appear on the browser. (Shaw, 2018)
2.2 DNS Spoofing

When someone unauthorized person alters the phone number of the particular
person with the others unknown to us in our contact list then we are supposed to be
contacting the wrong person unknowingly whom the attacker wants us to call. That’s how
the DNS spoofing works actually. So when someone usually hacker alters the entries in
2
a name server’s DNS resolver cache, DNS spoofing occurs. The attacker redirects the
domain name to the IP other than the actual IP address and when the user or the victim
wants to load the content of the requested domain name than the malicious contents are
displayed created by the attacker. This redirection of the traffic allows the attacker to
spread malware, steal data and displays us the unwanted contents etc… The attacker
can also redirect us to visit a fake website that the attacker has created to resemble the
real site or the different site completely. (keycdn, 2018)
The following figure can clearly explain the DNS spoofing.
Figure 1: DNS Spoofing
(Imperva, 2019)
In the above figure when the client request to access the real website then the
attacker injects the fake DNS entry in the DNS IP list behaving as the men in the middle
watching our browsing data to redirect us to the fake website.
3
3. Background
3.1 History
The first DNS spoofing attack was found in November 2011 in Brazil where the users
faced malicious redirections when trying to access the websites such as YouTube, Gmail
and Hotmail. In those cases users were asked to run the malicious file as soon as the
website opened. Similarly the same year in Turkey, a Turkish hacker group diverted the
internet traffic to many high profile websites like Telegraph, UPS, Betfair, Vodaphone,
National geographic etc. and technology news site the register putting the users at risk of
emails, passwords and other details stolen. So the people were warned not to log in to
the sites like Betfair because their datas could be stolen. The Turkish group named Turk
Guvenligi performed similar attack on the Korean company. The group attacked different
sites including Microsoft in Brazil, Dell in South Korea etc… The hackers named AlpHaNix
attacked the servers of You Tube, Google, Gmail, Yahoo, Apple etc in Democratic
Republic of Congo. (SlideShare, 2019)
3.2 Current Scenario

On November 27, 2018, Cisco’s Talos research division published a write-up
outlining the contours of a sophisticated cyber espionage campaign it dubbed
“DNSpionage” and said that the perpetrators of DNSpionage stole email and other login
credentials from a number of government and private sector persons in Lebanon and the
UAE by hijacking the DNS server from these targets and all those email and VPN targets
were redirected to an internet address controlled by the hackers or attackers.
The table below shows the multiple number of attacks carried out in different
organizations between 2017 and 2019.
4
Figure 2: DNS Spoof: Current Scenario
(Krebs on Security, 2019)
From the above figure we can have the clear vision of the number of DNS attacks that
has been flashed in the media. So DNS attack is quiet a dangerous attack that gives
problem to the users time and again by stealing of the information like emails, username
and other login credentials.
5
4. Demonstration
4.1 GNS3
Various software and tools are used to carry out the attack. GNS3 is used to design
and configure topology. GNS3 is the best graphical simulator tool that allows us to design
complex topologies where we can configure devices ranging from simple workstations to
powerful Cisco routers. (sourceforce, 2019)
4.2 Ettercap
Ettercap is a comprehensive suite for man in the middle attacks which features sniffing of
live connections, content filtering on the fly and many other interesting tricks which
supports active and passive dissection of many protocols and includes many features for
network and host analysis. This tools is installed by default in Kali Linux which is supports
the graphical interface which is beginner-friendly unlike other tools. Ettercap is the best
tool for newbies to get the hang of network attacks like ARP spoof or DNS Spoof etc.
(WonderHowTo, 2019)
4.3 Attack Process
4.3.1 Topology
Figure 3: Network Topology
6
The above topology was used to attack windows 7 from Kali Linux. The cisco router is
used to broadcast the internet from NAT to the victim PC i.e. Windows 7 and the attacker
PC Kali Linux. The IP addresses of windows 7 and Kali Linux are 10.10.10.15/24 and
10.10.10.25/24 where the network Address is 10.10.10.0/24 with the router default
gateway is 10.10.10.1/24.
4.3.2 Configuration on windows 7 PC
Figure 4: IP Configuration in Windows 7
The internet version 4 (TCP/IPv4) is configured with the static IP address of

10.10.10.15 and subnet mask of 255.255.255.0 and the default gateway of 10.10.10.1.
the DNS server is also configured statically with 10.10.10.1 and alternate DNS as 8.8.8.8.
The PC is opened in the virtual machine through the GNS3. To configure the IP address
go to run and type ncpa.cpl than select the setting of Local Area Connection and edit the
properties of IPv4.
7
4.3.3 Configuration on Kali Linux
Figure 5: IP configuration in Kali Linux
Edit the file in the path etc/network/interfaces as shown in the figure. Go to terminal
and type the command nano etc/network/interfaces and write the IP addresses, subnet
mask, network address etc. as shown in the figure above. After typing the addresses,
save the file and restart the networking using the command sudo /etc/init.d/networking
restart.
8
4.3.4 Ifconfig in Kali Linux
Figure 6: ifconfig command in Terminal
Ifconfig command in Kali Linux command in the terminal is used to verify the IP
addresses, netmask, broadcast address etc.
4.3.5 Ipconfig in windows 7
Figure 7: Ipconfig command in Command Prompt
9
The ipconfig command in the command prompt is used to verify the IPv4 address,
subnet mask, default gateway etc.
4.3.6 Ping from kali to windows 7
Figure 8: Ping to windows 7 from Kali Linux
In the above figure the establishment of the connection is shown by the use of ping
command with the IP address of victim PC where all the packets are received without the
loss of any packets which verifies that the strong connection is established among the
pcs.
4.3.7 Ping from windows to Kali Linux
Figure 9: Ping from windows 7 to Kali Linux
In the above figure the establishment of the connection is shown by the use of ping
command with the IP address of attacker PC where all the packets are received without
10
the loss of any packets which verifies that the strong connection is established among the
pcs.
4.3.8 Command on kali Linux to run Ettercap
Figure 10: Running Ettercap
The above figure shows the command to start Ettercap. The command “ettercap
–G” is entered in the terminal.
4.3.9 Ettercap Configuration
Figure 11: Ettercap home screen
The above figure is simply the home screen of the Ettercap.
Configuration on Ettercap
The steps for the configuration of Ettercap are:
11
 Go to Sniff and select start sniff on the menu bar.
 Select the network interface as Ethernet 0.
 Go to host menu and select scan for host option.
 Once the host scanning is completed choose show host list in host menu.
 Choose the default gateway as target 2 and the IP of victim pc as target 1.
 Once the target are selected choose ARP poisoning from MITM menu.
 The dialog box appears than choose sniff remote connection and select ok.
 Now go to plugins and select manage plugins.
 Now choose dns_spoof.
Figure 12: Ettercap configuration: Step 1
12
13
14
15
16
Adding gateway as target 1 and windows pc as target 2
17
18
19
20
21
22
23
4.3.10 Use of gedit command
Figure 25: gedit command
The figure above shows the use of gedit command to edit the etter.dns file.
24
4.3.11 Editing etter.dns file
Figure 26: etter.dns file
The figure above shows the screen shot of the etter.dns file which is in the location
etc/Ettercap/etter.dns.
25
Figure 27: etter.dns file editing
Edit the Microsoft.com and the ip associated to it with the name of site which you want to
alter and the IP with the IP of the attacker pc as shown in the figure and then save the
file.
26
4.3.12 Creating our own portal
Figure 28: location of index.html file
Now go to the location computer/var/WWW/html/index.html and edit the file index.html

with the code you want to show and save the file.
27
Figure 29: Editing index.html file
I have edited the code to give the message to the user that their Facebook server is no
more responding.
28
Figure 30: Display of attacker’s web page
The edited web portal looks like the above web page…
29
4.3.13 Running apache2 server
Figure 31: Starting apache2 server
Starting the apache server to run the edited script edited above.
30
4.3.14 Checking if attack worked
Figure 32: Accessing the Kali Linux IP
Now go to the windows 7’s web browser then try to open the attacker pc i.e. 10.10.10.25
and if it displays our edited script then we can consider our attack as successful.
31
Figure 33: Accessing facebook.com server
As we have linked the facebook.com domain to the IP of attacker’s pc, when the user
tries to access facebook.com server then the domain is redirected to the attackers’ made
server and displays the hackers’ made fake page.
Hence the attack is successful.
5. Mitigation
There are various ways of mitigating the DNS spoofing attacks. They are listed as:
5.1 Firewall
Firewall is the network device that monitors the incoming and outgoing packets in
the network and blocks or allow them according to the rules that have been set up to
define what traffic is permissible and what traffic is not. The use of firewall blocks the
spoof packets to enter into the victims’ computer. Firewall started off as packet filters but
nowadays packet filters can do a lot of works like they can protect the internal segments
of networks, such as data centres, from other segments of organizations networks.
(Greene & Butler, 2019)
32
In our scenario, firewall can be used to block the packets sent by Kali Linux to the windows
7 through router. Doing so, the spoofed Facebook server won’t have to deal with the
spoofing. The figure is presented below to justify my statement:
Figure 34: Turning on Firewall
In the above figure the firewall for the both private and public network is turned on
to prevent unnecessary packets in the windows 7 pc.
33
Figure 35: Spoof Packet blocked after turning Firewall on
The above figure explains that the spoof packets are blocked with the help of the
firewall. So firewall is the best and cheapest way to prevent DNS spoofing. It helps in
enhancing the security of the system.
5.2 ACL
ACL stands for Access Control List. ACL is simply the list of user permissions for
a file, folder of any other object. ACL consists of the set of rules which consists of the
rules like what users and group can access the object and what operation they can
perform. These operations basically include read, write, and execute which can be well
explained as example, if an ACL specifies read-only access for a specific user of a file,
that user will be able open the file, but cannot write to it or run the file. (Sharpened
Productions , 2008)
In the scenario, ACL can be applied to control the unnecessary incoming of
packets into the private network.
34
Figure 36: ACL configuration
In the above figure, a ACL is created and named as Binod in the router. Only the host
10.10.10.15 which is the Windows PC is allowed and all other networks are blocked.
Doing this we can be secured from the spoof packets the attacker pc sends to our
victimized PC. It helps in enhancing the security of the overall network.
35
Figure 37: Spoof packets blocked after ACL Configuration
The above figure shows the Spoof packet gets blocked after configuring the ACL
on the router connecting the pcs with NAT.
6. Evaluation
The mitigation techniques are critically analysed to find the pros and cons of the
proposed techniques.
6.1 Pros:
The pros of the applied mitigation strategy are:
 Firewall blocks the DNS spoof packets sent by the attacker to reach to the internal
computer network.
 Firewall identifies the trusted and untrusted networks in a network and applies the
rules whom to give permission and whom not to.
36
 ACL helps us to make the rules for the devices on a network to allow or deny traffic
in the required network to prevent unnecessary packets.
6.2 Cons:
The cons of the applied mitigation technique are:
 The default firewall cannot prevent huge and strong spoof to enter in the network
and the advanced firewall cannot be afforded by normal people or low budget
organizations.
 Configuring ACL is easy but adding users or deleting users is a bit more
complicated. Whole ACL is to be deleted to remove a single user.
6.3 CBA:
“A Cost benefit analysis is a process used primarily by businesses that weighs the
sum of the benefits, such as financial gain, of an action against the negatives, or costs,
of that action. The technique is often used when trying to decide a course of action, and
often incorporates dollar amounts for intangible benefits as well as opportunity cost into
its calculations.” (Sraders, 2019)
CBA can be used for short term decisions but most often used when a company
or any individual has a long term decisions. The organizations are urged to begin a cost
benefit analysis by evaluating the worth of the information assets to be protected and the
loss in the value if those information assets are compromised. CBA is done to find out if
the alternatives used to control risk is worth its associated cost. Cost benefit analysis is
calculated in a certain mathematical way or technique.
CBA = ALE (prior) – ALE (post)
 ALE (prior to control) is the annualized loss expectancy of the risk before the
implementation of the control measure or alternative.
 ALE (post control) is the ALE examined after the control or alternative has been in
place for a period of time.
The above mitigation techniques are all free ones. Firewall is the default firewall and ACL
can be configured on the router without paying charges. So the cost for applying the
37
mitigation techniques will be free. So calculating CBA is not going to make a difference.
The company will have full profit using ALC and Firewall to prevent DNS Spoofing.
7. Conclusion
The advancement of the security defences has increased the new techniques to
attack and get attacked. Hackers are enhancing their skill day by day and are continuously
breaking the security defence. DNS has been a basic convention of the web design and
the overall internet since most recent three decades. Vulnerabilities in the protocols are
extensively examined so as to make the protocols increasingly robust and due to this,
assaults like DNS spoofing and DNS amplification has progressed toward becoming
difficult to dispatch and can be distinguished effectively. In this paper, we proposed a
focused on DNS spoofing assault that abuses powerlessness present in DHCP server-
side IP address conflict recognition strategy. We demonstrated that the proposed attack
is simpler to dispatch and a lot stealthier when contrasted with recently known attacks.
We talked about how known discovery and mitigation systems are insufficient to counter
the attack. We trust that this work will rouse analysts in the security network to create
strong identification and alleviation systems so as to distinguish the proposed assault and
in general make DNS a protected protocol.
38
8. Bibliography
Greene, T. & Butler, B., 2019. What is a firewall? How they work and how they fit into
enterprise security. [Online]
Available at: https://www.networkworld.com/article/3230457/what-is-a-firewall-
perimeter-stateful-inspection-next-generation.html
[Accessed 28 April 2019].
Imperva, 2019. What is DNS Spoofing | Cache Poisoning Attack Example | Imperva.
[Online]
Available at: https://www.imperva.com/learn/application-security/dns-spoofing/
keycdn, 2018. What Is DNS Spoofing? - KeyCDN Support. [Online]
Available at: https://www.keycdn.com/support/dns-spoofing
[Accessed 28 04 2019].
Krebs on Security, 2019. A Deep Dive on the Recent Widespread DNS Hijacking
Attacks — Krebs on Security. [Online]
Available at: https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-
widespread-dns-hijacking-attacks/
Sharpened Productions , 2008. ACL (Access Control List) Definition. [Online]
Available at: https://techterms.com/definition/acl
Shaw, K., 2018. What is DNS and how does it work?. [Online]
Available at: https://www.networkworld.com/article/3268449/what-is-dns-and-how-does-
it-work.html
SlideShare, 2019. DNS spoofing/poisoning Attack Report (Word Document). [Online]
Available at: https://www.slideshare.net/FatimaQayyum1/dns-spoofingpoisoning-attack-
report-word-
document?fbclid=IwAR3uQIMBQoMR2FCvldPMKLOw42LGJRaAcpjd2bh0XdNqX51afk
SW7aW-HEg
39
sourceforce, 2019. GNS3 download | SourceForge.net. [Online]
Available at: https://sourceforge.net/projects/gns-3/
Sraders, A., 2019. What is Cost Benefit Analysis? Examples and Steps. [Online]
Available at: https://www.thestreet.com/personal-finance/education/cost-benefit-
analysis-14878947
WonderHowTo, 2019. How to Use Ettercap to Intercept Passwords with ARP Spoofing
« Null Byte :: WonderHowTo. [Online]
Available at: https://null-byte.wonderhowto.com/how-to/use-ettercap-intercept-
passwords-with-arp-spoofing-0191191/
40

2018-19 A CC5004NI A2 CW2 CourseWork 17030830 Binod Belbase

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

2018-19 A CC5004NI A2 CW2 CourseWork 17030830 Binod Belbase

Загружено:

Авторское право:

Доступные форматы

Module Code & Module Title

CS5004NI Security in Computing

Assessment Weightage & Type

Year and Semester

Student Name: Binod Belbase

Assignment Submission Date: 2nd May

1.2 Aims and Objective

The objectives of the report are:

 To study and research about the process of ethical hacking.

1.3 Key Findings

2.2 DNS Spoofing

The following figure can clearly explain the DNS spoofing.

Figure 1: DNS Spoofing

3.2 Current Scenario

(Krebs on Security, 2019)

4.3 Attack Process

Figure 3: Network Topology

4.3.2 Configuration on windows 7 PC

Figure 4: IP Configuration in Windows 7

The internet version 4 (TCP/IPv4) is configured with the static IP address of

Figure 5: IP configuration in Kali Linux

Figure 6: ifconfig command in Terminal

4.3.5 Ipconfig in windows 7

Figure 7: Ipconfig command in Command Prompt

4.3.6 Ping from kali to windows 7

Figure 8: Ping to windows 7 from Kali Linux

4.3.7 Ping from windows to Kali Linux

Figure 9: Ping from windows 7 to Kali Linux

4.3.8 Command on kali Linux to run Ettercap

Figure 10: Running Ettercap

4.3.9 Ettercap Configuration

Figure 11: Ettercap home screen

The above figure is simply the home screen of the Ettercap.

The steps for the configuration of Ettercap are:

Figure 12: Ettercap configuration: Step 1

Figure 14: Ettercap configuration: Step 3

Adding gateway as target 1 and windows pc as target 2

Figure 25: gedit command

Figure 26: etter.dns file

Figure 28: location of index.html file

Now go to the location computer/var/WWW/html/index.html and edit the file index.html

Figure 31: Starting apache2 server

Figure 32: Accessing the Kali Linux IP

Hence the attack is successful.

Figure 34: Turning on Firewall

CBA = ALE (prior) – ALE (post)

Вам также может понравиться