CSCE 465 Lecture 3

« previous | Tuesday, January 22, 2013 | next »

Lecture Slides

Guest lecture by Chao Yang.

Virtual Machine

simulation of hardware with software

Run malware without damage.
No OS crash
Large-scale distribution with little hardware
Honeynet (honeypot) to attract hackers and track network traffic

Topics:

How to create a virtual machine
How to isolate your machine and let them visit the internet
How to create a snapshot so you can recover from crash or malware infection

Software: VMWare Player

hisssssss!

(used to be) free software, but is now adware.

Run multiple guest OS's at the same time on computer

Host OS: Windows 8, Windows 7, Chrome OS, Linux

Configuration

Use NAT
Configure shared folder between host and guest

Software: VirtualBox

Really free

Can still run multiple guest OS's at the same time

Host OS can be Mac, Windows, or Linux

Basic UNIX/GNU/Linux Programming

Accessing CS systems:

Use SSH client (e.g. PuTTY on Windows, ssh on Mac, UNIX, and GNU/Linux)
Connect to host:
- unix.cs.tamu.edu
- linux.cs.tamu.edu
Use SSH protocol over port 22
Accept key if prompted
Use CS username and password

Libpcap Programming

Packet sniffing for security

Installation from APT (already included on provided VM)

sudo apt-get install libpcap-dev

Overview:

Include
Going Live
Main Event loop
Reading a Packet

Raw Socket Programming

Socket programming allows programs to connect with other computers over a network.

IP Header

IPv4 Header Format
Offsets	Octet	0								1								2								3
Octet	Bit	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31
0	0	Version (`0x4`)				IHL				DSCP						ECN		Total Packet Length
4	32	Identification																Flags			Fragment Offset
8	64	TTL								Protocol								Header Checksum
12	96	Source IP Address
16	128	Destination IP Address
20	160	Options (if IHL > 5)

Raw sockets can be used for all sorts of attacks

Example

unsigned short csum(unsigned short *buf, int nwords)
{
    unsigned long sum;
    for (sum = 0; nwords > 0; nwords--) {
        sum += *buf++;
    }

    sum = (sum >> 16) + (sum & 0xffff);
    sum += (sum >> 16);
    return (unsigned short *)(~sum);
}

int main(int argc, char *argv[])
{
    // create packet
    unsigned char *packet = (unsigned char *)malloc(sizeof(struct ip) + sizeof(struct tcphdr) + payload_size);
    if (packet == NULL) {
        perror("Could not allocate memory");
        exit(EXIT_FAILURE);
    }

    struct ip *ip_header = (struct ip *)packet;
    ip_header->ip_hl  = 5;
    ip_header->ip_v   = 4;
    ip_header->ip_tos = 0;
    ip_header->ip_len = sizeof(struct ip) + sizeof(struct tcphdr) + payload_size;
    ip_header->ip_id  = htonl(54321);
    ip_header->ip_off = 0;
    ip_header->ip_ttl = 255;
    ip_header->ip_p   = IPPROTO_TCP;
    ip_header->ip_sum = 0;

    ip_header->ip_src.s_addr = inet_addr("192.168.0.123");
    ip_header->ip_dst.s_addr = inet_addr("192.168.0.321");

    struct tcphdr *tcp_header = (struct tcp_header *)(packet + sizeof(struct ip));
    tcp_header->th_sport = 80;
    tcp_header->th_dport = 80;
    tcp_header->th_seq   = 123;
    tcp_header->th_ack   = 321;
    tcp_header->th_off   = 0;
    tcp_header->th_flags = 0;

    memcpy(payload, packet + sizeof(struct ip) + sizeof(struct tcphdr), payload_size);


    // send packet

    int s;
    if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) < 0) {
        perror("Couldn't open a raw socket");
        exit(EXIT_FAILURE);
    }

    int one = 1;
    if (setsockopt(s, IPPROTO_IP, IP_HDRINCL, &one; sizeof(one))) {
        perror("Couldn't set socket option IP_HDRINCL");
        exit(EXIT_FAILURE);
    }

    struct sockaddr_in dst;
    dst.sin_addr = ip_header->ip_dst;
    dst.sin_family = AF_INET;

    if (sendto(s, buf, ip_header->ip_len, 0, (struct sockaddr *)&dst, sizeof(dst)) < 0) {
        perror("Couldn't send packet");
        exit(EXIT_FAILURE);
    }

    close(s);

    free(packet);

    return 0;
}