part 1 Arp Spoofing
作者:互联网
第五组
part 1 Arp Spoofing
Last week, we have seen that ARP spoofing can be used to attack the
confidentiality of a network. In this week, we will use a simplified version of an
ARP packet to illustrate this behavior and try to defend against it.
A spoofed ARP packet is basically an unsollicited ARP reply for an IP address
that is already in the network. The goal is to let the network believe that the
attacker is the one that has the IP address specified in the packet. This can
create a man in the middle attack.
Step 1
The first goal of this assignment is to create an ARP spoofing packet in the
simplified format. You can implement this in the function spoofArp(spoofIP).
The argument passed to this function is the IP address that you want to
impersonate.
Step 2
The second goal of this assignment is to implement an ARP table for your
router and detect attacks going on. An attack occurs when you observe a
packet that tries to connect your MAC address to another IP or tries to claim
an IP address that we know is already in use.
Do not save for requests, only for replies.
You have to implement the function that receives ARP
packets: receiveArp(message). This function receives an ARP packet and
returns one of three status codes:
OK - If the packet was handled by the system.
IGNORE - If the packet was not meant for this system.
ATTACK - If an attack has been detected.
Additionally, when the function receives a request of its own IP address, it
returns not a status code, but the ARP reply instead.
The simplified packet looks as follows:
Opcode - 1 byte, 1 for request and 2 for reply.
Rest of the fields are self explanatory.
All fields are hexadecimal
Part 2 Message Modification
With your implementation of the ARP spoof attack, you have entered your
Arp Spoofing作业代写、代做network留学生作业、代写c/c++
favorite bank. Luckily for your attack, they do not have any detection methods
for the ARP spoof. But what they do have, is encryption in their messages.
As it so happens, you conduct a targeted attack on one of the employees of
the bank, right at the moment that money is transfered. During this attack,
you have peeked at their screen and you have seen to which account the
money is being transfered. Additionally, a secret source has provided you with
the format of the packet, and the method of encryption. From this you have
learned that the bank uses a XOR stream encryption.
The packet format is as follows (all fields are transfered in hexadecimal):
In your attack, you are interested in replacing the target account number with
your own account number.
Task
Implement the
function modifyMessage(message,targetAccount,yourAccount), in which
you modify the message in such a way that it correctly decrypts with your
account number in it.
Part 3 Message authentication code
Due to your insane hacking skills, the bank has decided to hire you to solve
all of their problems.
Your task is to implement a message authentication code (MAC) for the bank,
which can be used to verify messages. To help you do this, there is a library
function available: Hash.hash(message). This function returns a hash for the
message you put into it.
Your MAC should be built using a key, and should be resistant to replay
attacks. This means that every time a MAC is generated for a message, the
MAC should be different.
Task 1
You should implement the function addMac(message,key, messageLength).
This function should return the message with a MAC added.
Task 2
The second function to implement is checkMac(message,key,
messageLength). This function takes a message with your generated MAC
and checks if the MAC is correct. When a message is replayed against your
system, this function should label it as not correct and therefore return false.
(Hint: You can use a counter to make MACs unique for the same input.)
Challenge task for 100/100
With the other two tasks, you can receive a score of 90/100.
If you want 100/100, you will have to implement the
function forgeMac(message). To do this, you have access to the library
function that checks your answer: MacLib.checkMac(message, mac). This
function is vulnerable to a timing attack. The length of the MAC is 16
Hexadecimal characters (make sure to pad your guess to this length).
Note that due to our implementation of the checkMac function, running this
attack might take some time.
因为专业,所以值得信赖。如有需要,请加QQ:99515681 或邮箱:99515681@qq.com
微信:codinghelp
标签:Arp,function,packet,attack,part,ARP,Spoofing,message,your 来源: https://www.cnblogs.com/cibc/p/11011541.html