============================================================

Quiz 1 for ITS335
by Steven Gordon - Thursday, 14 January 2016, 6:48 PM

Welcome to ITS335. You have several tasks to complete:

1. Read the course website, finding out about the assessment criteria, topic resources and textbooks

2. Read the document on Threat Consequences (in your handouts, and also available on Moodle)

3. Complete Quiz 1 on Moodle.

Your login for Moodle is the same as last semester. If you have can't remember your password then you are not very good at IT Security. But since it is the start of the course, I can reset your password if you contact me.

Steve

============================================================

Quiz 2 for ITS335
by Steven Gordon - Tuesday, 26 January 2016, 4:32 PM

Try Quiz 2 on Cryptography Concepts before 5pm this Friday 29 Jan.

http://ict.siit.tu.ac.th/moodle/mod/quiz/view.php?id=1141

This quiz mainly tests assumptions and principles about cryptography. You should answer questions within the context of the assumptions made and notation used during lecture. Be careful with multiple choice questions that allow selecting one or more answers: usually you must select all possible correct answers to get full marks and selecting one incorrect answer will result in 0 marks.

Steve

============================================================

Homework 2
by Steven Gordon - Monday, 1 February 2016, 5:37 PM

Homework 1 asked you to setup virtnet and try OpenSSL. Homework 2 is now available and requires you to use OpenSSL to do some cryptographic operations. Instructions, with examples, are at:

http://ict.siit.tu.ac.th/moodle/mod/assign/view.php?id=1149

Deadline is Tuesday 9 Feb.

Steve

============================================================

Re: Homework 2
by Steven Gordon - Monday, 8 February 2016, 8:05 AM
 
Several students asked about the commands-ID.bash script. How to create it?

First you need to find the commands to complete steps 1, 2, 4, 5, 6 and 7. For this first iteration, commands-ID.bash can be a dummy file with anything in it.

Then save the commands from steps 1, 2, 4, 5, 6, and 7 in a new commands-ID.bash. Then do steps 4, 5, 6 and 7 again using the real commands-ID.bash.

Also, there is an examplescript.bash on the homework instructions that shows one way to use a variable in your script. This can be useful for generating and saving a random value. That is, generate the random value, redirecting the output to a file, then read the contents of the file as shown in the example script.

Steve

============================================================

Re: Homework 2
by Steven Gordon - Tuesday, 9 February 2016, 12:52 PM
 

As mentioned in the lecture today, please also submit 3 of the original files (commands, key, privatekey) on Moodle by 5pm tomorrow. Submit only the exact files that you used to encrypt (if you have lost your files, then don't try to create a new one - it won't work).

http://ict.siit.tu.ac.th/moodle/mod/assign/view.php?id=1158

Today we went through some examples of Linux permissions. If you haven't seen Linux permissions in my Network Lab (e.g. you do not take the lab), or want to see more details you can view some of my demos on YouTube:

http://www.youtube.com/playlist?list=PLAD72B282C6081B9A

or a write-up of an example at:

https://sandilands.info/sgordon/example-of-setting-linux-file-permissions

Steve

============================================================

Homework 3
by Steven Gordon - Friday, 12 February 2016, 8:36 AM

Homework 3 on Linux permissions is available on Moodle. So are results for Homework 2. The grading is summarised as:

- Some students got 10 out of 10

- Many students scored 9 out of 10. Their commands/files were correct, except the script they submitted contained extra text (e.g. the prompt copy and pasted). The script should have been just commands.

- Many students had files that did not verify. They submitted a ciphertext that was only 16 Bytes, when the bash script was much larger. If the plaintext is the bash script (say 400 Bytes) and you encrypt to get ciphertext that is just 16 Bytes, then something has gone wrong!

- A few students had other problems.

For the students that submitted files that did not decrypt/verify correctly, I manually looked at their original files to see if they were ok, and based on that gave a score ranging from 4 to 7.

Steve

============================================================

Re: Homework 3
by Steven Gordon - Thursday, 18 February 2016, 3:46 PM
 
Answers I have given to some questions from students:

- What should the file names be? What should the usernames be? What should be in the files? I don't care, just use 'realistic' names. I will not be checking the content of the files nor care about the names (however the directory names should match the instructions). I will only be checking the permissions.

- How do I create the application myapp? What is the extension? Is it .exe? In Linux, an application (also called a binary or executable) is just a file that can be executed. It is common that it has no extension. Often the file is create from compiling from some source code or is a script file. For this homework just create any type of file named "myapp" (no extension) and set the permissions correctly. E.g. use touch, nano, cat or whatever to create "myapp".

- How do I copy the submit-ID.tgz file to my computer? Different ways. If your computer is running Max OSX or Linux, then easiest is to use scp like:

scp -P 2201 network@localhost:/home/network/submit-ID.tgz .

This copes from node1 (which uses port 2201) to your computer.

If you are running Windows then some other options are listed at (e.g. use PuTTY, WinSCP or similar):

https://sandilands.info/sgordon/accessing-virtualbox-guests-using-ssh-winscp-tunnelling

Finally, a reminder that I will not be at SIIT tomorrow, and most likely will not respond to any email questions before the deadline.

Steve

============================================================

Midterm Exam
by Steven Gordon - Tuesday, 23 February 2016, 6:40 PM
 
Hints for the midterm exam are on Moodle at:

http://ict.siit.tu.ac.th/moodle/mod/page/view.php?id=1172

Note that I will not be in my office next week. So if you have any questions about the exam, please contact me via email.

There are no more quizzes or homeworks due before the exam, however I will release the next homework and results for the Linux permission homework by next week.

Steve

============================================================

Re: Midterm Exam
by Steven Gordon - Thursday, 10 March 2016, 6:02 PM

Exam questions and answers are available at:

http://ict.siit.tu.ac.th/moodle/mod/page/view.php?id=1172

You can see your midterm exam scores, and the scores for each question, in Moodle Grades.

If you want to see your written exam, please see me in my office.

Steve

============================================================

NTP DoS Homework
by Steven Gordon - Thursday, 17 March 2016, 6:43 PM
 
For the NTP DoS attack homework, you must use virtnet (which uses Virtualbox). You should have used virtnet in the previous homeworks. Even if you have Linux on your own computer or in the Network lab, you must use virtnet to create virtual nodes, and perform the attack on those nodes. Note that virtnet is already installed on the Network lab computers.

A summary of the steps are:

1. Create topology 26. Instructions at

https://sandilands.info/sgordon/ping-flooding-dos-attack-in-a-virtual-network#create

2. Setup the nodes and links using sysctl and tc

https://sandilands.info/sgordon/ping-flooding-dos-attack-in-a-virtual-network#setupnodes

3. Setup the NTP servers

https://sandilands.info/sgordon/ntp-ddos-attack-in-a-virtual-network#ntpservers

4. Test that you can request monitoring data and do a basic attack:

https://sandilands.info/sgordon/ntp-ddos-attack-in-a-virtual-network#monitoring

5. Perform the scripted attack

https://sandilands.info/sgordon/ntp-ddos-attack-in-a-virtual-network#scriptedattack

6. Measure the performance on node 2 and 7 using iptraf:

https://sandilands.info/sgordon/ping-flooding-dos-attack-in-a-virtual-network#capture

Good luck

Steve

============================================================

Re: NTP DoS Homework
by Steven Gordon - Saturday, 26 March 2016, 8:56 AM

Answers to some questions about the homework.

For plain text explanation, can i use .txt file?

Yes, just submit a text file, e.g. answers.txt, containing the lines as given in the homework instructions.

Can you explain about how to find average packet size sent and receive?

The values of X and Y come from iptraf. The values of A and B are the average packet sizes. You could use tcpdump to capture the packets (e.g. on reflector node 3) to see the size of the NTP request arriving at node3 (A) and the size of the NTP reply being sent by node3 to the target (B). Because this is an amplification attack, you expect to see B larger than A. That is, the amplification factor is B/A. The larger the amplification factor, the better the attack.

Why in node2 don't have outgoing rate while it have in node7?

When using iptraf you are showing the incoming/outgoing rates for a specific interface. E.g. on node2 interface eth1 the node receives packets from node1 (hence the incoming rate). But node2 does not send any packets to node1, so the outgoing rate is 0kb/s. node2 instead sends packets to nodes3 etc, which is using interface eth2.

For explanation what information do i have to write?

Explain what you did to increase the amplification factor (and optionally how you could increase it even further). For example, if in one test you got a factor of 1.3 and then in another a factor of 1.9, then explain what you did that caused the increase in the amplification factor.

Steve

============================================================

Re: NTP DoS Homework
by Steven Gordon - Sunday, 27 March 2016, 4:34 PM
 
When you run the command:

./ntprepeat 0.1 100 192.168.2.21 192.168.2.22

on the attacker computer (node1) it repeatedly sends NTP requests to node3 (2.21) and node4 (2.22) at a rate of 10 per second (interval of 0.1). It sends 100 requests.

You may see many error messages like:

192.168.2.21 timed out; nothing received

*** Request timed out

That is ok. Remember that the attacker is using a fake source address. So when the NTP request is sent by the NTP client, the NTP reply is NOT send back to the attacker (but to the target). So the NTP client software on the attacker node1 is saying "I sent a request but did not get a reply". That is expected, and doesn't mean the attack is not working.

To see if the attack is working you can tcpdump on node2 and node7:

on node2 you should see NTP requests being sent to 2.21 and 2.22

on node7 you should many NTP replies being received and destined to the target

I teach all day tomorrow (Monday) so will not be able to provide much help on the homework.

Steve

============================================================

Quiz 5
by Steven Gordon - Tuesday, 19 April 2016, 5:43 PM

As mentioned in the lecture today, there is no lecture tomorrow (Wed 20 Apr). Instead use your free time to try quiz 5:

http://ict.siit.tu.ac.th/moodle/mod/quiz/view.php?id=1197

Steve

============================================================

Final Exam Preparation
by Steven Gordon - Saturday, 7 May 2016, 10:20 AM
 
Hints on the final exam are available on Moodle. Note that the exam will cover the content after the midterm. Although that does not include the DoS lectures, it does include the NTP DoS attack (the homework you did after midterm) - so some parts of DoS may be covered, especially related to the homework.

I planned to have some practice questions on Moodle for the exam to be the last quiz. However since there are not many practice questions there will be no last quiz. In summary: no more quizzes or homeworks. To practice for the final exam, I recommend reviewing your homeworks, quizzes and exams from past years.

Steve