Summary: A private LAN network comprising of hundreds of end devices and several servers in DMZ is protected by Cisco ASA (Firewall). In the internet the most commonly found network attack is to take down enterprise resources by DDOS(Distributed Denial of Service) attack either on Servers(which will impact hundreds of end users) or on the network resources like routers itself. In this practical simulation we will analyse how a DOS attack happens on web server placed in DMZ from the internet via traffic flooding, and how we can fine tune ASA to mitigate and stop further attacks on the network. Devices used: a) b) c) d) e) Attacker PC – Windows XP – Service Pack3 Web server (Simulated in GNS3) ASA Version 8.4 (Simulated in GNS3) Cisco Router – 3750 (Simulated in GNS3) Ethernet Switch (Simulated in GNS3)
Software used: a) Wireshark (version – 1.6.8) b) GNS3 (Version – 0.8.3.1) c) Net tools (Version - 5.0.7) Step 1: Install Windows XP (SP3) on a virtual machine, (in this case we have used Oracle’s virtual box). This step is to make sure that the system may not get infected with the virus which comes packed with hacking and network monitoring tools. Furthermore, as we are using a virtual operating system, we will be sure that, our actual working pc may not be affected with our experiments.
Image 1: The Oracle virtual box manager showing windows XP(SP3) Step 2: Install GNS3 (Graphical Network Simulator) inside the virtual XP.
Image 2: Image of GNS3 installed and running on virtual XP In the above image, the circle shows the virtual network appliances, i.e. routers, switches, bridges, firewall and IPS/IDS are available for simulation using GNS3. In most cases GNS3 comes with Putty, Wireshark bundled. In case if GNS3 doesn’t have Wireshark, we have to install Wireshark on the virtual XP machine too.
Image 3: This image represents the Wireshark software, installed and running on virtual XP. Step 3: Install Net Tools (Network monitoring & Hacking Tool) in the same virtual XP machine. This tool can be used to monitor Network activities and can be used as a potential hacking tool. In this simulation we will use this tool to flood the server with icmp packets, which will lead to a DOS attack on the server.
Image 4: This represents the Net Tools, which is installed and running on Virtual XP. Step 4: Now, we will setup the devices required to simulate a DOS attack, in the GNS3 software. a) Setup a Microsoft loopback adapter in Windows XP and assign a public IP address to this. This virtual XP will act as the attacker PC from the internet. b) To create a loopback adapter, the first step is to go to command prompt and type the command “hdwwiz.exe”, this is the shortest way to add a new hardware. https://www.elance.com/s/feroz_sm/ https://www.odesk.com/users/~013128626566145b05 Page 3
c) Now the “Add new hardware” wizard will come up and select the second option which says, “Install the hardware manually”, as shown in the above image.
d) On the next screen, please select “Network Adapters”, from the hardware list, as shown in the above image.
e) On the next screen, please select “Microsoft” from the vendor list and “Microsoft Loopback Adapter” from the Network adapter list as shown in the above image. f) Now Microsoft loopback adapter is added to windows XP, and this can be viewed under Network Connections in Control panel, as seen in the below image.
g) Next step is to configure an ip address to this loopback adapter, so that this adapter can be connected to one of the routers in the simulated internet cloud in GNS3. At this point we have to make sure that the Loopback...