Differences
This shows you the differences between two versions of the page.
|
cdci:exam [2020/05/22 17:37] mihai.chiroiu |
cdci:exam [2022/06/03 12:12] (current) mihai.chiroiu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Exam - 22 May 2020 ====== | + | ====== Exam - 03 June 2022 ====== |
| Use OpenStack CDCI template to start a new VM. To access the VM, login to fep.grid.pub.ro using your UPB credentials, and from there ssh into the private IP from OpenStack using "ubuntu" as a username and your ssh key. | Use OpenStack CDCI template to start a new VM. To access the VM, login to fep.grid.pub.ro using your UPB credentials, and from there ssh into the private IP from OpenStack using "ubuntu" as a username and your ssh key. | ||
| Line 10: | Line 10: | ||
| root@cdci-test:/home/ubuntu/cdci# git pull | root@cdci-test:/home/ubuntu/cdci# git pull | ||
| root@cdci-test:/home/ubuntu/cdci# cd containers/ | root@cdci-test:/home/ubuntu/cdci# cd containers/ | ||
| - | root@cdci-test:/home/ubuntu/cdci/containers# make | + | root@cdci-test:/home/ubuntu/cdci/containers# cd exam_docker/ |
| - | [...] THIS TAKES ABOUT 20 MINUTE [...] | + | root@cdci-test:/home/ubuntu/cdci/containers/exam_docker# make |
| + | [...] THIS TAKES ABOUT 5 MINUTE [...] | ||
| + | root@cdci-test:/home/ubuntu/cdci/containers# cd ../snort_lab07 | ||
| + | root@cdci-test:/home/ubuntu/cdci/containers/snort_lab07# make | ||
| + | [...] THIS TAKES ABOUT 10 MINUTE [...] | ||
| </code> | </code> | ||
| Second, start the topology from one terminal, and use three others to connect to the virtual nodes. | Second, start the topology from one terminal, and use three others to connect to the virtual nodes. | ||
| <code> | <code> | ||
| + | ubuntu@cdci-v2:~/cdci/labs/lab07$ cd /home/ubuntu/cdci/labs/lab07/ | ||
| + | ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo python3 topology.py | ||
| + | ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo ./h1.sh | ||
| + | ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo ./h2.sh | ||
| + | ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo ./ids.sh | ||
| </code> | </code> | ||
| Line 69: | Line 78: | ||
| ==== 03. [1p] Encryption ==== | ==== 03. [1p] Encryption ==== | ||
| - | Use AES128 EBC mode and encrypt the “CDCI-EXAM-TODAY” string in. Save it as Base64 in a local file. Use any password for encryption. | + | Use AES128 ECB mode and encrypt the “CDCI-EXAM-TODAY” string in. Save it as Base64 in a local file. Use any password for encryption. |
| ==== 04. [2p] ICMP Tunnel ==== | ==== 04. [2p] ICMP Tunnel ==== | ||
| - | Create an ICMP tunnel between H1 & H2 and send the following string over the tunnel “CDCI-EXAM-TODAY”. [1p] Save the traffic and open it using Wireshark (on your personal computer). | + | Create an ICMP tunnel between H1 & H2 and send the following string over the tunnel “CDCI-EXAM-TODAY”. Save the traffic and open it using Wireshark/tcpdump (on your personal computer). |
| ==== 05. [1p] Snort1 ==== | ==== 05. [1p] Snort1 ==== | ||
| - | Write down a snort rule that matches any type of ICMP traffic. Snort is installed on the IDS. Make sure an alert is generated with the following message: “ICMP for CDCI-EXAM”. | + | Write down a snort rule that matches any type of ICMP or TCP traffic. Snort is installed on the IDS. Make sure an alert is generated with the following message: “ICMP for CDCI-EXAM”. |
| <note>You can run SNORT with the following command: “snort -A fast -b -p -v -c /etc/snort/snort.conf -k none -i IDS-eth0” for faster processing. </note> | <note>You can run SNORT with the following command: “snort -A fast -b -p -v -c /etc/snort/snort.conf -k none -i IDS-eth0” for faster processing. </note> | ||
| ==== 06. [1p] Snort2 ==== | ==== 06. [1p] Snort2 ==== | ||
| - | Write down a snort rule that matches any ICMP traffic with the “CDCI-EXAM” payload. Make sure an alert is generated with the following message: “PAYLOAD CDCI-EXAM”. | + | Write down a snort rule that matches any ICMP or TCP traffic with the “CDCI-EXAM” payload. Make sure an alert is generated with the following message: “PAYLOAD CDCI-EXAM”. |
| ==== 07. [1p] Snort3 ==== | ==== 07. [1p] Snort3 ==== | ||
| - | Write down a snort rule that matches any ICMP traffic with the “EXAMCDCI-[A-Z]{3}“ payload encoded as Base64. Make sure an alert is generated with the following message: “EASY CDCI-EXAM”. | + | Write down a snort rule that matches any ICMP or TCP traffic with the “EXAMCDCI-[A-Z]{3}“ payload encoded as Base64. Make sure an alert is generated with the following message: “EASY CDCI-EXAM”. |
| <note> Note: “EXAMCDCI-[A-Z]{3}“ is a regex and will match something like: EXAMCDCI -AZI, EXAMCDCI -YES, etc. (https://regex101.com/). </note> | <note> Note: “EXAMCDCI-[A-Z]{3}“ is a regex and will match something like: EXAMCDCI -AZI, EXAMCDCI -YES, etc. (https://regex101.com/). </note> | ||
