Scribd
Upload
22 views4 pages

NguyenDangTai Midterm 215051972

Uploaded by

Nguyễn Đăng Tài
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
22 views4 pages

NguyenDangTai Midterm 215051972

Uploaded by

Nguyễn Đăng Tài
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Question 1: Theory Explain the operating principle of a Man-in-the-Middle

(MitM) attack in a computer network system.

A Man-in-the-Middle (MitM) attack occurs when an attacker intercepts and potentially alters
communication between two parties without their knowledge. The operating principle
involves several key steps:

 Interception: The attacker positions themselves between the two parties, often using
techniques like packet sniffing, network spoofing (e.g., fake Wi-Fi hotspots), or ARP
spoofing to redirect traffic.

 Decryption: If the communication is encrypted, the attacker may attempt to decrypt it using
methods like SSL stripping (downgrading HTTPS to HTTP) or presenting a forged
certificate.

 Data Manipulation: The attacker can eavesdrop on the conversation, capturing sensitive
information, or alter messages to mislead the parties involved.

 Forwarding: The attacker relays the intercepted (and possibly modified) messages to the
intended recipient, maintaining the illusion of direct communication.

Prevention Measures

To protect against MitM attacks, use strong encryption (e.g., TLS/SSL), implement robust
authentication, utilize digital certificates, secure network configurations, and educate users
about the risks of unsecured networks.

Lab 1: Eavesdropping on a Linux Server

#!/bin/bash

# Script to detect and prevent eavesdropping on a Linux network

# Function to monitor network traffic

monitor_traffic() {

echo "Monitoring network traffic..."

# Use tcpdump to capture packets (run in the background)

tcpdump -i any -c 100 -w /tmp/network_traffic.pcap &

TCPDUMP_PID=$!

echo "tcpdump is running with PID: $TCPDUMP_PID"

# Function to check for ARP spoofing


check_arp_spoofing() {

echo "Checking for ARP spoofing..."

arp -a | awk '{print $2}' | sort | uniq -c | sort -nr | head -n 10

# Function to log suspicious activity

log_suspicious_activity() {

echo "Logging suspicious activity..."

# Example: Log failed login attempts

grep "Failed password" /var/log/auth.log >> /var/log/suspicious_activity.log

# Function to set up firewall rules

setup_firewall() {

echo "Setting up firewall rules..."

# Allow only specific ports (e.g., SSH, HTTP, HTTPS)

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -A INPUT -p tcp --dport 443 -j ACCEPT

iptables -A INPUT -j DROP

echo "Firewall rules set."

# Main script execution

echo "Starting eavesdropping detection and prevention script..."

# Monitor network traffic

monitor_traffic

# Check for ARP spoofing


check_arp_spoofing

# Log suspicious activity

log_suspicious_activity

# Set up firewall rules

setup_firewall

echo "Eavesdropping detection and prevention script completed."

Lab 2: Packet Analysis on a Linux Server

#!/bin/bash

# Script to analyze packets on a Linux network

# Variables

CAPTURE_FILE="/tmp/packet_capture.pcap"

ANALYSIS_REPORT="/tmp/packet_analysis_report.txt"

DURATION=60 # Duration to capture packets in seconds

# Function to capture packets

capture_packets() {

echo "Capturing packets for $DURATION seconds..."

tcpdump -i any -w "$CAPTURE_FILE" -G "$DURATION" -W 1

echo "Packet capture completed. Saved to $CAPTURE_FILE."

# Function to analyze captured packets

analyze_packets() {

echo "Analyzing captured packets..."

# Generate a summary report using tshark

tshark -r "$CAPTURE_FILE" -q -z io,stat,10 > "$ANALYSIS_REPORT"

echo "Packet analysis report generated at $ANALYSIS_REPORT."

# Function to display the analysis report

display_report() {

echo "Displaying packet analysis report:"


cat "$ANALYSIS_REPORT"

# Main script execution

echo "Starting packet analysis script..."

# Capture packets

capture_packets

# Analyze captured packets

analyze_packets

# Display the analysis report

display_report

echo "Packet analysis script completed."

You might also like