Você está na página 1de 18

UNIVERSIDADE ESTADUAL DE CAMPINAS

INSTITUTO DE COMPUTAO
Especializao em Redes de Computadores
INF-528 GESTO DA SEGURANA DE REDES DE COMPUTADORES I

Tarefa 1

Mariana Luz Ges


Iran Bezerra do Nascimento

CAMPINAS SP
2014

SUMRIO
1.INTRODUO....................................................................................................................3
2.Pratica.................................................................................................................................4
2.1.Instalar Uma Ferramenta Que Permita A Injeo De Pacotes (hping, T50) Na Mquina ATACANTE
(host)............................................................................................................................................................ 4
2.2.Instalar Um Servidor Web Na Mquina ALVO........................................................................................4
2.3.Verificar O Tempo Do Download Do Index.html Desse Servidor Web A Partir Da Mquina USURIO,

Capturando Pacotes De Rede...................................................................................................................... 6


2.4.Verificar O Status Da Mquina ALVO..................................................................................................... 7
2.5.Testar A Ferramenta De Injeo De Pacotes Contra A Mquina ALVO A Partir Da Mquina
ATACANTE................................................................................................................................................... 8
2.6.Verificar A Situao Da Mquina ALVO Durante O Ataque...................................................................11
2.7.Questes.............................................................................................................................................. 13
2.8.Habilitar SYN Cookies Na Mquina ALVO............................................................................................ 14
2.9.Repetir Os Passos 3 At 6................................................................................................................... 14
2.10.Resultados Observados..................................................................................................................... 18

1. INTRODUO
Neste laboratrio analisaremos a alterao de trafego utilizando ou no o Syn
Cookies.
Como ambiente foram utilizadas as mquinas criadas em um ambiente virtual
sendo identificado abaixo o que cada uma seria no experimento:
SP como usurio.
MS como atacante.
Mg como alvo.

2. PRATICA

Todas as mquinas iniciam por padro com o syncookies desabilitado.


Roteiro:

2.1. Instalar Uma Ferramenta Que Permita A Injeo De Pacotes (hping, T50) Na
Mquina ATACANTE (host)
ms@ms:~$ sudo apt-get install hping3
Reading package lists... Done
Building dependency tree
Reading state information... Done
hping3 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 134 not upgraded.

2.2. Instalar Um Servidor Web Na Mquina ALVO.


mg@mg:~$ sudo apt-get update
[sudo] password for mg:
Ign http://us.archive.ubuntu.com trusty InRelease
Ign http://security.ubuntu.com trusty-security InRelease
Ign http://us.archive.ubuntu.com trusty-updates InRelease
Get:1 http://security.ubuntu.com trusty-security Release.gpg [933 B]
Ign http://us.archive.ubuntu.com trusty-backports InRelease
Get:2 http://us.archive.ubuntu.com trusty Release.gpg [933 B]
Get:3 http://us.archive.ubuntu.com trusty-updates Release.gpg [933 B]
Get:4 http://us.archive.ubuntu.com trusty-backports Release.gpg [933 B]
Get:5 http://security.ubuntu.com trusty-security Release [59.7 kB]
Get:6 http://us.archive.ubuntu.com trusty Release [58.5 kB]
Get:7 http://us.archive.ubuntu.com trusty-updates Release [59.7 kB]
Get:8 http://us.archive.ubuntu.com trusty-backports Release [59.7 kB]
Get:9 http://security.ubuntu.com trusty-security/main Sources [44.3 kB]
Get:10 http://us.archive.ubuntu.com trusty/main Sources [1,064 kB]
Get:11 http://security.ubuntu.com trusty-security/restricted Sources [14 B]
Get:12 http://security.ubuntu.com trusty-security/universe Sources [10.8 kB]
Get:13 http://security.ubuntu.com trusty-security/multiverse Sources [700 B]
Get:14 http://security.ubuntu.com trusty-security/main i386 Packages [133 kB]
Get:15 http://us.archive.ubuntu.com trusty/restricted Sources [5,433 B]
Get:16 http://us.archive.ubuntu.com trusty/universe Sources [6,399 kB]
Get:17 http://security.ubuntu.com trusty-security/restricted i386 Packages [14 B]
Get:18 http://security.ubuntu.com trusty-security/universe i386 Packages [47.0 kB]
Get:19 http://security.ubuntu.com trusty-security/multiverse i386 Packages [1,398 B]

Get:20 http://security.ubuntu.com trusty-security/main Translation-en [68.0 kB]


Get:21 http://security.ubuntu.com trusty-security/multiverse Translation-en [587 B]
Hit http://security.ubuntu.com trusty-security/restricted Translation-en
Get:22 http://security.ubuntu.com trusty-security/universe Translation-en [27.0 kB]
Get:23 http://us.archive.ubuntu.com trusty/multiverse Sources [174 kB]
Get:24 http://us.archive.ubuntu.com trusty/main i386 Packages [1,348 kB]
Get:25 http://us.archive.ubuntu.com trusty/restricted i386 Packages [13.4 kB]
Get:26 http://us.archive.ubuntu.com trusty/universe i386 Packages [5,866 kB]
Get:27 http://us.archive.ubuntu.com trusty/multiverse i386 Packages [134 kB]
Get:28 http://us.archive.ubuntu.com trusty/main Translation-en [762 kB]
Get:29 http://us.archive.ubuntu.com trusty/multiverse Translation-en [102 kB]
Hit http://us.archive.ubuntu.com trusty/restricted Translation-en
Get:30 http://us.archive.ubuntu.com trusty/universe Translation-en [4,089 kB]
Get:31 http://us.archive.ubuntu.com trusty-updates/main Sources [120 kB]
Get:32 http://us.archive.ubuntu.com trusty-updates/restricted Sources [1,408 B]
Get:33 http://us.archive.ubuntu.com trusty-updates/universe Sources [84.7 kB]
Get:34 http://us.archive.ubuntu.com trusty-updates/multiverse Sources [3,527 B]
Get:35 http://us.archive.ubuntu.com trusty-updates/main i386 Packages [314 kB]
Get:36 http://us.archive.ubuntu.com trusty-updates/restricted i386 Packages [5,820 B]
Get:37 http://us.archive.ubuntu.com trusty-updates/universe i386 Packages [204 kB]
Get:38 http://us.archive.ubuntu.com trusty-updates/multiverse i386 Packages [9,545 B]
Get:39 http://us.archive.ubuntu.com trusty-updates/main Translation-en [143 kB]
Get:40 http://us.archive.ubuntu.com trusty-updates/multiverse Translation-en [4,719 B]
Get:41 http://us.archive.ubuntu.com trusty-updates/restricted Translation-en [1,736 B]
Get:42 http://us.archive.ubuntu.com trusty-updates/universe Translation-en [101 kB]
Get:43 http://us.archive.ubuntu.com trusty-backports/main Sources [4,760 B]
Get:44 http://us.archive.ubuntu.com trusty-backports/restricted Sources [14 B]
Get:45 http://us.archive.ubuntu.com trusty-backports/universe Sources [12.6 kB]
Get:46 http://us.archive.ubuntu.com trusty-backports/multiverse Sources [1,315 B]
Get:47 http://us.archive.ubuntu.com trusty-backports/main i386 Packages [6,379 B]
Get:48 http://us.archive.ubuntu.com trusty-backports/restricted i386 Packages [14 B]
Get:49 http://us.archive.ubuntu.com trusty-backports/universe i386 Packages [16.0 kB]
Get:50 http://us.archive.ubuntu.com trusty-backports/multiverse i386 Packages [945 B]
Get:51 http://us.archive.ubuntu.com trusty-backports/main Translation-en [4,216 B]
Get:52 http://us.archive.ubuntu.com trusty-backports/multiverse Translation-en [613 B]
Hit http://us.archive.ubuntu.com trusty-backports/restricted Translation-en
Get:53 http://us.archive.ubuntu.com trusty-backports/universe Translation-en [13.3 kB]
Ign http://us.archive.ubuntu.com trusty/main Translation-en_US
Ign http://us.archive.ubuntu.com trusty/multiverse Translation-en_US
Ign http://us.archive.ubuntu.com trusty/restricted Translation-en_US
Ign http://us.archive.ubuntu.com trusty/universe Translation-en_US
Fetched 21.6 MB in 1min 7s (322 kB/s)
Reading package lists... Done

mg@mg:~$ sudo apt-get install apache2


Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:

apache2-bin apache2-data
Suggested packages:
apache2-doc apache2-suexec-pristine apache2-suexec-custom apache2-utils
The following packages will be upgraded:
apache2 apache2-bin apache2-data
3 upgraded, 0 newly installed, 0 to remove and 152 not upgraded.
Need to get 1,069 kB of archives.
After this operation, 4,096 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main apache2 i386 2.4.7-1ubuntu4.1 [87.6
kB]
Get:2

http://us.archive.ubuntu.com/ubuntu/

trusty-updates/main

apache2-bin

i386

2.4.7-1ubuntu4.1

trusty-updates/main

apache2-data

all

2.4.7-1ubuntu4.1

[821 kB]
Get:3

http://us.archive.ubuntu.com/ubuntu/

[160 kB]
Fetched 1,069 kB in 17s (62.2 kB/s)
(Reading database ... 66139 files and directories currently installed.)
Preparing to unpack .../apache2_2.4.7-1ubuntu4.1_i386.deb ...
Unpacking apache2 (2.4.7-1ubuntu4.1) over (2.4.7-1ubuntu4) ...
Preparing to unpack .../apache2-bin_2.4.7-1ubuntu4.1_i386.deb ...
Unpacking apache2-bin (2.4.7-1ubuntu4.1) over (2.4.7-1ubuntu4) ...
Preparing to unpack .../apache2-data_2.4.7-1ubuntu4.1_all.deb ...
Unpacking apache2-data (2.4.7-1ubuntu4.1) over (2.4.7-1ubuntu4) ...
Processing triggers for ureadahead (0.100.0-16) ...
ureadahead will be reprofiled on next reboot
Processing triggers for ufw (0.34~rc-0ubuntu2) ...
Processing triggers for man-db (2.6.6-1) ...
Setting up apache2-bin (2.4.7-1ubuntu4.1) ...
Setting up apache2-data (2.4.7-1ubuntu4.1) ...
Setting up apache2 (2.4.7-1ubuntu4.1) ...
* Restarting web server apache2

AH00558: apache2:

Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the
'ServerName' directive globally to suppress this message
[ OK ]

2.3. Verificar O Tempo Do Download Do Index.html Desse Servidor Web A Partir Da


Mquina USU
RIO, Capturando Pacotes De Rede
sp@sp:~$ sudo tcpdump -r lab01_3.1.txt
reading from file lab01_3.1.txt, link-type EN10MB (Ethernet)
08:41:41.704618 IP6 fe80::a00:27ff:fe40:5ef9.521 > ff02::9.521:

ripng-resp 3: fc00::10:10:1:0/112

(2) fc00::10:10:3:0/112 (1) fc00::10:10:4:0/112 (1)


08:41:41.792880 IP ms3 > sp2: ICMP echo request, id 3016, seq 5, length 64
08:41:41.792962 IP sp2 > ms3: ICMP echo reply, id 3016, seq 5, length 64
08:41:42.219846 IP sp4.route > rip2-routers.mcast.net.route: RIPv2, Request, length: 24
08:41:42.221257 IP6 fe80::a00:27ff:fe3e:aa9.521 > ff02::9.521:

ripng-req dump

08:41:42.226052 IP sp4 > igmp.mcast.net: igmp v3 report, 1 group record(s)


08:41:42.296232 IP mg4.route > sp4.route: RIPv2, Response, length: 44

08:41:42.296399

IP6

fe80::a00:27ff:fe40:5ef9.521

>

fe80::a00:27ff:fe3e:aa9.521:

ripng-resp

3:

fc00::10:10:1:0/112 (2) fc00::10:10:3:0/112 (1) fc00::10:10:4:0/112 (1)


08:41:42.302048

IP

sp4.51889

>

mg4.http:

Flags

[S],

seq

2345363030,

win

29200,

options

[mss

1460,sackOK,TS val 189064 ecr 0,nop,wscale 6], length 0


08:41:42.303482 IP mg4.http > sp4.51889: Flags [S.], seq 2516482939, ack 2345363031, win 28960,
options [mss 1460,sackOK,TS val 417452 ecr 189064,nop,wscale 5], length 0
08:41:42.303574 IP sp4.51889 > mg4.http: Flags [.], ack 1, win 457, options [nop,nop,TS val 189064
ecr 417452], length 0
08:41:42.304566 IP sp4.51889 > mg4.http: Flags [P.], seq 1:108, ack 1, win 457, options [nop,nop,TS
val 189064 ecr 417452], length 107
08:41:42.307196 IP mg4.http > sp4.51889: Flags [.], ack 108, win 905, options [nop,nop,TS val 417452
ecr 189064], length 0
08:41:42.310238

IP

mg4.http

>

sp4.51889:

Flags

[.],

seq

1:11585,

ack

108,

win

905,

options

[nop,nop,TS val 417453 ecr 189064], length 11584


08:41:42.310355 IP sp4.51889 > mg4.http: Flags [.], ack 11585, win 819, options [nop,nop,TS val
189066 ecr 417453], length 0
08:41:42.311100 IP mg4.http > sp4.51889: Flags [P.], seq 11585:11821, ack 108, win 905, options
[nop,nop,TS val 417453 ecr 189064], length 236
08:41:42.311154 IP sp4.51889 > mg4.http: Flags [.], ack 11821, win 864, options [nop,nop,TS val
189066 ecr 417453], length 0
08:41:42.427826 IP sp4 > igmp.mcast.net: igmp v3 report, 1 group record(s)
08:41:42.524919

IP

sp4.51889

>

mg4.http:

Flags

[F.],

seq

108,

ack

Flags

[F.],

seq

11821,

11821,

win

864,

options

win

905,

options

[nop,nop,TS val 189119 ecr 417453], length 0


08:41:42.526364

IP

mg4.http

>

sp4.51889:

ack

109,

[nop,nop,TS val 417507 ecr 189119], length 0


08:41:42.526433 IP sp4.51889 > mg4.http: Flags [.], ack 11822, win 864, options [nop,nop,TS val
189120 ecr 417507], length 0

sp@sp:~$ wget -O /dev/null 10.10.4.4


--2014-10-09 08:41:42--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0.002s

2014-10-09 08:41:42 (6.05 MB/s) - /dev/null saved [11510/11510]

2.4. Verificar O Status Da Mquina ALVO


Quantidade de memria livre (inclusive swap)
mg@mg:~$ free -m -t
total

used

free

shared

buffers

cached

186

162

23

30

76

-/+ buffers/cache:

Mem:

55

131

Swap:

507

507

Total:

694

162

531

CPU
top - 08:54:49 up 45 min,
Tasks:

86 total,

%Cpu(s):

0.4 us,

1 user,

1 running,
8.2 sy,

load average: 0.54, 0.23, 0.23

85 sleeping,

0 stopped,

0.0 ni, 81.6 id,

0.0 wa,

0 zombie

KiB Mem:

191092 total,

184628 used,

6464 free,

KiB Swap:

520188 total,

0 used,

520188 free.

0.0 hi,

9.9 si,

0.0 st

28136 buffers
99192 cached Mem

Conexes de rede abertas


netstat -tuna | grep SYN_RECV
mg@mg:~$ netstat -tuna | grep SYN_RECV
mg@mg:~$

2.5. Testar A Ferramenta De Injeo De Pacotes Contra A Mquina ALVO A Partir Da


Mquina ATACANTE.
ms@ms:~$ sudo hping3 -V -c 20 -d 60 -S -w 64 -p 80 --flood --rand-source 10.10.4.4
[sudo] password for ms:
Sorry, try again.
[sudo] password for ms:
using eth2, addr: 10.10.3.2, MTU: 1500
HPING 10.10.4.4 (eth2 10.10.4.4): S set, 40 headers + 60 data bytes
hping in flood mode, no replies will be shown
^C
--- 10.10.4.4 hping statistic --93966 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms

Aps 60 segundos de ataque, realize diversas vezes o passo 3.2.


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 09:03:17--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0.001s

2014-10-09 09:03:17 (12.2 MB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 09:03:18--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.

HTTP request sent, awaiting response... 200 OK


Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

18.3KB/s

in 0.6s

2014-10-09 09:03:19 (18.3 KB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 09:03:21--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0s

2014-10-09 09:03:21 (24.4 MB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 09:03:23--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0s

2014-10-09 09:03:23 (32.6 MB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 09:03:25--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0s

2014-10-09 09:03:26 (33.7 MB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 09:03:28--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0.001s

2014-10-09 09:03:28 (11.1 MB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 09:03:29--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0.03s

2014-10-09 09:03:30 (412 KB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 09:03:32--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0s

2014-10-09 09:03:32 (47.2 MB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 09:03:33--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0.01s

2014-10-09 09:03:33 (919 KB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 09:03:35--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0.002s

2014-10-09 09:03:35 (6.40 MB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 09:03:38--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK

10

Length: 11510 (11K) [text/html]


Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0.002s

2014-10-09 09:03:38 (5.85 MB/s) - /dev/null saved [11510/11510]

2.6. Verificar A Situao Da Mquina ALVO Durante O Ataque

top - 09:02:39 up 53 min,


Tasks:

87 total,

%Cpu(s):

0.6 us,

1 user,

1 running,
7.4 sy,

load average: 0.32, 0.59, 0.44

86 sleeping,

0.0 ni, 76.5 id,

0 stopped,
0.0 wa,

KiB Mem:

191092 total,

184624 used,

6468 free,

KiB Swap:

520188 total,

0 used,

520188 free.

top - 09:02:42 up 53 min,


Tasks:

87 total,

%Cpu(s):

0.0 us,

1 user,

1 running,
5.3 sy,

99236 cached Mem

load average: 0.29, 0.58, 0.44

86 sleeping,

0.0 ni, 59.2 id,

0 stopped,
0.0 wa,

184624 used,

6468 free,

KiB Swap:

520188 total,

0 used,

520188 free.

Tasks:

87 total,

%Cpu(s):

0.7 us,

1 running,
6.6 sy,

99236 cached Mem

load average: 0.27, 0.57, 0.44

86 sleeping,

0.0 ni, 67.9 id,

0 stopped,
0.0 wa,

184624 used,

6468 free,

KiB Swap:

520188 total,

0 used,

520188 free.

87 total,

%Cpu(s):

2.2 us,

1 user,

1 running,
9.4 sy,

99236 cached Mem

load average: 0.27, 0.57, 0.44

86 sleeping,

0.0 ni, 71.0 id,

0 stopped,
0.0 wa,

191092 total,

184708 used,

6384 free,

520188 total,

0 used,

520188 free.

87 total,

%Cpu(s):

0.0 us,

1 user,

1 running,
6.7 sy,

99236 cached Mem

load average: 0.25, 0.56, 0.43

86 sleeping,

0.0 ni, 63.0 id,

0 stopped,
0.0 wa,

184708 used,

6384 free,

KiB Swap:

520188 total,

0 used,

520188 free.

Tasks:

87 total,

%Cpu(s):

0.0 us,

2 running,
8.6 sy,

0 zombie

0.0 hi, 30.4 si,

191092 total,

1 user,

0.0 st

28140 buffers

KiB Mem:

top - 09:02:55 up 54 min,

0 zombie

0.0 hi, 17.4 si,

KiB Swap:

Tasks:

0.0 st

28140 buffers

KiB Mem:

top - 09:02:51 up 53 min,

0 zombie

0.0 hi, 24.8 si,

191092 total,

Tasks:

0.0 st

28140 buffers

KiB Mem:

top - 09:02:48 up 53 min,

0 zombie

0.0 hi, 35.5 si,

191092 total,

1 user,

0.0 st

28140 buffers

KiB Mem:

top - 09:02:45 up 53 min,

0 zombie

0.6 hi, 14.8 si,

0.0 st

28140 buffers
99236 cached Mem

load average: 0.25, 0.56, 0.43

85 sleeping,

0.0 ni, 42.1 id,

0 stopped,
0.0 wa,

0 zombie

KiB Mem:

191092 total,

184708 used,

6384 free,

KiB Swap:

520188 total,

0 used,

520188 free.

0.0 hi, 49.3 si,

0.0 st

28140 buffers
99236 cached Mem

11

top - 09:02:58 up 54 min,


Tasks:

87 total,

%Cpu(s):

0.8 us,

1 user,

1 running,
4.9 sy,

load average: 0.23, 0.55, 0.43

86 sleeping,

0.0 ni, 73.2 id,

0 stopped,
0.0 wa,

KiB Mem:

191092 total,

184708 used,

6384 free,

KiB Swap:

520188 total,

0 used,

520188 free.

top - 09:03:01 up 54 min,


Tasks:

87 total,

%Cpu(s):

0.8 us,

1 user,

1 running,
7.8 sy,

99236 cached Mem

load average: 0.21, 0.54, 0.43

86 sleeping,

0.0 ni, 72.1 id,

0 stopped,
0.0 wa,

184708 used,

6384 free,

KiB Swap:

520188 total,

0 used,

520188 free.

87 total,

%Cpu(s):

0.0 us,

1 user,

1 running,
5.9 sy,

99236 cached Mem

load average: 0.21, 0.54, 0.43

86 sleeping,

0.0 ni, 63.2 id,

0 stopped,
0.0 wa,

191092 total,

184708 used,

6384 free,

520188 total,

0 used,

520188 free.

87 total,

%Cpu(s):

0.6 us,

1 user,

1 running,
3.8 sy,

99236 cached Mem

load average: 0.19, 0.53, 0.43

86 sleeping,

0.0 ni, 57.2 id,

0 stopped,
0.0 wa,

184140 used,

6952 free,

KiB Swap:

520188 total,

0 used,

520188 free.

Tasks:

87 total,

%Cpu(s):

0.5 us,

2 running,
5.9 sy,

99236 cached Mem

load average: 0.18, 0.52, 0.42

85 sleeping,

0.0 ni, 44.1 id,

0 stopped,
0.0 wa,

184212 used,

6880 free,

KiB Swap:

520188 total,

0 used,

520188 free.

87 total,

%Cpu(s):

0.0 us,

1 user,

1 running,
9.2 sy,

99236 cached Mem

load average: 0.18, 0.52, 0.42

86 sleeping,

0.0 ni, 67.7 id,

0 stopped,
0.0 wa,

191092 total,

184212 used,

6880 free,

520188 total,

0 used,

520188 free.

87 total,

%Cpu(s):

0.0 us,

1 user,

1 running,
7.7 sy,

99236 cached Mem

load average: 0.16, 0.51, 0.42

86 sleeping,

0.0 ni, 62.3 id,

0 stopped,
0.0 wa,

184208 used,

6884 free,

KiB Swap:

520188 total,

0 used,

520188 free.

Tasks:

87 total,

%Cpu(s):

0.0 us,

1 running,
5.8 sy,

0 zombie

0.0 hi, 30.0 si,

191092 total,

1 user,

0.0 st

28140 buffers

KiB Mem:

top - 09:03:20 up 54 min,

0 zombie

0.0 hi, 23.1 si,

KiB Swap:

Tasks:

0.0 st

28140 buffers

KiB Mem:

top - 09:03:17 up 54 min,

0 zombie

0.0 hi, 49.5 si,

191092 total,

Tasks:

0.0 st

28140 buffers

KiB Mem:

top - 09:03:14 up 54 min,

0 zombie

0.0 hi, 38.4 si,

191092 total,

1 user,

0.0 st

28140 buffers

KiB Mem:

top - 09:03:11 up 54 min,

0 zombie

0.0 hi, 30.9 si,

KiB Swap:

Tasks:

0.0 st

28140 buffers

KiB Mem:

top - 09:03:07 up 54 min,

0 zombie

0.0 hi, 19.4 si,

191092 total,

Tasks:

0.0 st

28140 buffers

KiB Mem:

top - 09:03:04 up 54 min,

0 zombie

0.0 hi, 21.1 si,

0.0 st

28140 buffers
99236 cached Mem

load average: 0.15, 0.50, 0.42

86 sleeping,

0.0 ni, 42.7 id,

0 stopped,
0.0 wa,

0 zombie

KiB Mem:

191092 total,

184224 used,

6868 free,

KiB Swap:

520188 total,

0 used,

520188 free.

0.6 hi, 50.9 si,

0.0 st

28140 buffers
99236 cached Mem

12

top - 09:03:23 up 54 min,


Tasks:

87 total,

%Cpu(s):

1.2 us,

1 user,

2 running,
6.8 sy,

load average: 0.15, 0.50, 0.42

85 sleeping,

0.0 ni, 67.9 id,

0 stopped,
0.0 wa,

KiB Mem:

191092 total,

184256 used,

6836 free,

KiB Swap:

520188 total,

0 used,

520188 free.

top - 09:03:27 up 54 min,


Tasks:

87 total,

%Cpu(s):

0.0 us,

1 user,

1 running,
7.6 sy,

99236 cached Mem

load average: 0.14, 0.50, 0.42

86 sleeping,

0.0 ni, 50.0 id,

0 stopped,
0.0 wa,

184288 used,

6804 free,

KiB Swap:

520188 total,

0 used,

520188 free.

Tasks:

87 total,

%Cpu(s):

0.0 us,

1 running,
5.4 sy,

99236 cached Mem

load average: 0.13, 0.49, 0.41

86 sleeping,

0.0 ni, 59.9 id,

0 stopped,
0.6 wa,

184288 used,

6804 free,

KiB Swap:

520188 total,

0 used,

520188 free.

87 total,

%Cpu(s):

0.0 us,

1 user,

1 running,
6.0 sy,

99236 cached Mem

load average: 0.13, 0.49, 0.41

86 sleeping,

0.0 ni, 35.0 id,

0 stopped,
0.0 wa,

191092 total,

184288 used,

6804 free,

520188 total,

0 used,

520188 free.

87 total,

%Cpu(s):

0.0 us,

1 user,

1 running,
6.3 sy,

99236 cached Mem

load average: 0.12, 0.48, 0.41

86 sleeping,

0.0 ni, 72.0 id,

0 stopped,
0.0 wa,

184288 used,

6804 free,

KiB Swap:

520188 total,

0 used,

520188 free.

Tasks:

87 total,

%Cpu(s):

1 running,

2.9 us, 11.0 sy,

99236 cached Mem

load average: 0.12, 0.48, 0.41

86 sleeping,

0.0 ni, 52.3 id,

0 stopped,
0.0 wa,

184304 used,

6788 free,

KiB Swap:

520188 total,

0 used,

520188 free.

87 total,

%Cpu(s):

0.0 us,

1 user,

1 running,
4.4 sy,

0 zombie

0.0 hi, 33.7 si,

191092 total,

Tasks:

0.0 st

28140 buffers

KiB Mem:

top - 09:03:43 up 54 min,

0 zombie

0.0 hi, 21.7 si,

191092 total,

1 user,

0.0 st

28140 buffers

KiB Mem:

top - 09:03:40 up 54 min,

0 zombie

0.0 hi, 59.0 si,

KiB Swap:

Tasks:

0.0 st

28140 buffers

KiB Mem:

top - 09:03:37 up 54 min,

0 zombie

0.0 hi, 34.1 si,

191092 total,

Tasks:

0.0 st

28140 buffers

KiB Mem:

top - 09:03:33 up 54 min,

0 zombie

0.0 hi, 42.4 si,

191092 total,

1 user,

0.0 st

28140 buffers

KiB Mem:

top - 09:03:30 up 54 min,

0 zombie

0.0 hi, 24.1 si,

0.0 st

28140 buffers
99236 cached Mem

load average: 0.11, 0.47, 0.41

86 sleeping,

0.0 ni, 29.1 id,

0 stopped,
0.0 wa,

0 zombie

KiB Mem:

191092 total,

184304 used,

6788 free,

KiB Swap:

520188 total,

0 used,

520188 free.

0.0 hi, 66.5 si,

0.0 st

28140 buffers
99236 cached Mem

2.7. Questes
O tempo de acesso ao servidor Web muda? (Ref. o item 3).
Tempo de acesso tem uma ocilacao sim devido a injeo de pacotes.

13

Qual o impacto na memria?


Devido a injeo de pacotes e o aumento de requisies a memria sofre o impacto pois precisa
trabalhar dobrado para atender as requisies proveniente de um suposto ataque.
Qual o impacto na CPU?
Tem o consumo maior da cpu para fazer o todo o processamento.
Como esto as conexes de rede?
Quando observadas na hora em que est se efetuando o ataque ddos, existe uma lentido e por
isso e passvel de queda de conexo.

2.8. Habilitar SYN Cookies Na Mquina ALVO


Descomentar a linha net.ipv4.tcp_syncookies=1 em /etc/sysctl.conf

2.9. Repetir Os Passos 3 At 6.


Verificar o tempo do download do index.html desse servidor Web a partir da mquina USURIO,

capturando pacotes de rede


sp@sp:~$ sudo tcpdump -r lab01_3.1.syn.txt
reading from file lab01_3.1.syn.txt, link-type EN10MB (Ethernet)
10:02:25.610611 IP sp2.ssh > ms3.59642: Flags [P.], seq 3801157454:3801157486, ack 1546722342, win
453, options [nop,nop,TS val 1399891 ecr 1645160], length 32
10:02:25.614033 IP ms3.59642 > sp2.ssh: Flags [.], ack 32, win 457, options [nop,nop,TS val 1645349
ecr 1399891], length 0
10:02:25.615667 IP ms3.59642 > sp2.ssh: Flags [P.], seq 1:26, ack 32, win 457, options [nop,nop,TS
val 1645349 ecr 1399891], length 25
10:02:25.616215 IP sp2.ssh > ms3.59642: Flags [.], ack 26, win 453, options [nop,nop,TS val 1399892
ecr 1645349], length 0
10:02:25.618219 IP ms3.59642 > sp2.ssh: Flags [F.], seq 26, ack 32, win 457, options [nop,nop,TS val
1645350 ecr 1399891], length 0
10:02:25.631124 IP sp2.ssh > ms3.59642: Flags [.], seq 32:1480, ack 27, win 453, options [nop,nop,TS
val 1399896 ecr 1645350], length 1448
10:02:25.631176

IP

sp2.ssh

>

ms3.59642:

Flags

[P.],

seq

1480:1680,

ack

27,

win

453,

options

[nop,nop,TS val 1399896 ecr 1645350], length 200


10:02:25.635818 IP ms3.59642 > sp2.ssh: Flags [R], seq 1546722368, win 0, length 0
10:02:25.656666 IP ms3 > pr2: ICMP echo request, id 6463, seq 2, length 64
10:02:26.332856 IP6 fe80::a00:27ff:fe3e:aa9.521 > ff02::9.521:

ripng-req dump

10:02:26.408823 IP sp4 > igmp.mcast.net: igmp v3 report, 1 group record(s)


10:02:26.412933

IP6

fe80::a00:27ff:fe40:5ef9.521

>

fe80::a00:27ff:fe3e:aa9.521:

ripng-resp

3:

fc00::10:10:1:0/112 (2) fc00::10:10:3:0/112 (1) fc00::10:10:4:0/112 (1)


10:02:26.551313 IP sp4 > igmp.mcast.net: igmp v3 report, 1 group record(s)

14

10:02:26.601273 IP sp4.route > rip2-routers.mcast.net.route: RIPv2, Request, length: 24


10:02:26.608351 IP mg4.route > sp4.route: RIPv2, Response, length: 44
10:02:26.667927 IP ms3 > pr2: ICMP echo request, id 6463, seq 3, length 64
10:02:27.149665 IP ms3 > sp2: ICMP echo request, id 6466, seq 1, length 64
10:02:27.149867 IP sp2 > ms3: ICMP echo reply, id 6466, seq 1, length 64
10:02:27.153303 IP sp4 > ms3: ICMP host pr2 unreachable, length 68
10:02:27.153388 IP sp4 > ms3: ICMP host pr2 unreachable, length 92
10:02:27.154930 IP sp4 > ms3: ICMP host pr2 unreachable, length 92
10:02:27.154991 IP sp4 > ms3: ICMP host pr2 unreachable, length 92
10:02:28.151638 IP ms3 > sp2: ICMP echo request, id 6466, seq 2, length 64
10:02:28.151849 IP sp2 > ms3: ICMP echo reply, id 6466, seq 2, length 64
10:02:28.451798

IP

sp4.51909

>

mg4.http:

Flags

[S],

seq

3716617581,

win

29200,

options

[mss

1460,sackOK,TS val 1400601 ecr 0,nop,wscale 6], length 0


10:02:28.455161 IP mg4.http > sp4.51909: Flags [S.], seq 379705590, ack 3716617582, win 28960,
options [mss 1460,sackOK,TS val 1628981 ecr 1400601,nop,wscale 5], length 0
10:02:28.455361 IP sp4.51909 > mg4.http: Flags [.], ack 1, win 457, options [nop,nop,TS val 1400602
ecr 1628981], length 0
10:02:28.457246 IP sp4.51909 > mg4.http: Flags [P.], seq 1:108, ack 1, win 457, options [nop,nop,TS
val 1400602 ecr 1628981], length 107
10:02:28.459139 IP mg4.http > sp4.51909: Flags [.], ack 108, win 905, options [nop,nop,TS val
1628982 ecr 1400602], length 0
10:02:28.478505

IP

mg4.http

>

sp4.51909:

Flags

[P.],

seq

1:11821,

ack

108,

win

905,

options

[nop,nop,TS val 1628984 ecr 1400602], length 11820


10:02:28.479209 IP sp4.51909 > mg4.http: Flags [.], ack 11821, win 826, options [nop,nop,TS val
1400608 ecr 1628984], length 0
10:02:28.479250 IP mg4.http > sp4.51909: Flags [P.], seq 11585:11821, ack 108, win 905, options
[nop,nop,TS val 1628987 ecr 1400602], length 236
10:02:28.479416 IP sp4.51909 > mg4.http: Flags [.], ack 11821, win 826, options [nop,nop,TS val
1400608 ecr 1628987,nop,nop,sack 1 {11585:11821}], length 0
10:02:28.884532

IP

sp4.51909

>

mg4.http:

Flags

[F.],

seq

108,

ack

[F.],

seq

11821,

11821,

win

826,

options

win

905,

options

[nop,nop,TS val 1400709 ecr 1628987], length 0


10:02:29.010225

IP

mg4.http

>

sp4.51909:

Flags

ack

109,

[nop,nop,TS val 1629120 ecr 1400709], length 0


10:02:29.010412 IP sp4.51909 > mg4.http: Flags [.], ack 11822, win 826, options [nop,nop,TS val
1400741 ecr 1629120], length 0
10:02:29.567510 IP ms3 > sp2: ICMP echo request, id 6466, seq 3, length 64
10:02:29.567642 IP sp2 > ms3: ICMP echo reply, id 6466, seq 3, length 64
10:02:30.249204 IP6 fe80::a00:27ff:fe40:5ef9.521 > ff02::9.521:

ripng-resp 3: fc00::10:10:1:0/112

(2) fc00::10:10:3:0/112 (1) fc00::10:10:4:0/112 (1)

sp@sp:~$ wget -O /dev/null 10.10.4.4


--2014-10-09 10:02:28--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0.001s

2014-10-09 10:02:28 (19.6 MB/s) - /dev/null saved [11510/11510]

15

Verificar o status da mquina ALVO


Quantidade de memria livre (inclusive swap)
mg@mg:~$ free -m -t
total

used

free

shared

buffers

cached

186

181

17

98

-/+ buffers/cache:

Mem:

66

120

Swap:

507

507

Total:

694

181

513

CPU
top - 10:11:02 up
Tasks:

92 total,

%Cpu(s):

0.6 us,

2:02,

3 users,

2 running,
5.2 sy,

load average: 0.54, 0.35, 0.29

90 sleeping,

0 stopped,

0.0 ni, 87.5 id,

0.6 wa,

0 zombie

KiB Mem:

191092 total,

185784 used,

5308 free,

KiB Swap:

520188 total,

0 used,

520188 free.

0.0 hi,

6.0 si,

0.0 st

17532 buffers
100396 cached Mem

Testar a ferramenta de injeo de pacotes contra a mquina ALVO a partir da mquina ATACANTE.
ms@ms:~$ sudo hping3 -V -c 20 -d 60 -S -w 64 -p 80 --flood --rand-source 10.10.4.4
using eth2, addr: 10.10.3.2, MTU: 1500
HPING 10.10.4.4 (eth2 10.10.4.4): S set, 40 headers + 60 data bytes
hping in flood mode, no replies will be shown
^C
--- 10.10.4.4 hping statistic --9086 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
ms@ms:~$

Realize diversas vezes o passo 3.2.


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 10:24:04--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0.001s

2014-10-09 10:24:04 (15.5 MB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 10:24:06--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null

16

100%[======================================>] 11,510

--.-K/s

in 0.006s

2014-10-09 10:24:06 (1.73 MB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 10:24:07--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0s

2014-10-09 10:24:07 (51.5 MB/s) - /dev/null saved [11510/11510]


sp@sp:~$ wget -O /dev/null 10.10.4.4
--2014-10-09 10:24:08--

http://10.10.4.4/

Connecting to 10.10.4.4:80... connected.


HTTP request sent, awaiting response... 200 OK
Length: 11510 (11K) [text/html]
Saving to: /dev/null
100%[======================================>] 11,510

--.-K/s

in 0.002s

2014-10-09 10:24:09 (6.99 MB/s) - /dev/null saved [11510/11510]


sp@sp:~$

Status da Maquina Alvo


mg@mg:~$ top -b
top - 10:24:00 up
Tasks:

92 total,

%Cpu(s):

0.6 us,

2:15,

3 users,

1 running,
5.2 sy,

load average: 0.04, 0.22, 0.30

91 sleeping,

0.0 ni, 87.5 id,

0 stopped,
0.6 wa,

KiB Mem:

191092 total,

182148 used,

8944 free,

KiB Swap:

520188 total,

0 used,

520188 free.

top - 10:24:04 up
Tasks:

92 total,

%Cpu(s):

0.6 us,

2:15,

3 users,

3 running,
7.7 sy,

load average: 0.03, 0.22, 0.29

89 sleeping,

0.0 ni, 60.8 id,

0 stopped,
0.0 wa,

182148 used,

8944 free,

520188 total,

0 used,

520188 free.

%Cpu(s):

0.0 us,

2:15,

3 users,

1 running,
6.3 sy,

97488 cached Mem

load average: 0.03, 0.22, 0.29

91 sleeping,

0.0 ni, 55.7 id,

0 stopped,
0.0 wa,

182212 used,

8880 free,

KiB Swap:

520188 total,

0 used,

520188 free.

Tasks:

92 total,

3 users,

1 running,

0 zombie

0.6 hi, 37.3 si,

191092 total,

2:15,

0.0 st

16800 buffers

KiB Mem:

top - 10:24:10 up

0 zombie

0.0 hi, 30.9 si,

191092 total,

92 total,

0.0 st

97488 cached Mem

KiB Swap:

Tasks:

6.1 si,

16800 buffers

KiB Mem:

top - 10:24:07 up

0 zombie

0.0 hi,

0.0 st

16800 buffers
97488 cached Mem

load average: 0.03, 0.21, 0.29

91 sleeping,

0 stopped,

0 zombie

17

%Cpu(s):

0.7 us,

6.0 sy,

0.0 ni, 46.7 id,

0.0 wa,

191092 total,

182240 used,

8852 free,

KiB Swap:

520188 total,

0 used,

520188 free.

0.0 hi, 46.7 si,

KiB Mem:

0.0 st

16808 buffers
97492 cached Mem

mg@mg:~$

2.10. Resultados Observados.


Percebe-se atravs dos testes, que com o SynCookies habilitado, tem-se um maior controle de
trfego, e com isto a oscilao bem menor.
aconselhado que habilitemos o syncookies para evitar ataques do tipo de ataques que usam o
envio de requisies TCP a fim de travar a outra mquina.
Com o Syncookies habilitado, tem-se o controle de requisies TCP, ou seja, quando alguma
mquina pede conexo, ele responde, e fica aguardando uma confirmao deste pacote a fim de s depois
desta liberar a conexo, ou seja, aps ter uma solicitao, responder esta e pedir confirmao, ele exige que
o cliente que est se conectando a ele, envie uma nova confirmao para ento obter a conexo com aquela
mquina. V-se isto claramente no teste realizado com o syncookies habilitado no momento do download do
usurio com a mquina servidora web.
Quanto temos o syncookies habilitado notamos nitidamente que a conexo passa por filtros maiores
e, por exemplo, no caso do wget, ele fica bem mais estvel, pois ele cria uma conexo segura e garante a
entrega do servio, por entender que aquilo no est sendo um ataque.

18