Assignment #4 - TCP Session Hijacking
Due Date: 23:59
Download [PDF] [attachment]
Late Policy
- You have free 3 late days.
- You can use late days for assignments. A late day extends the deadline 24 hours.
- Once you have used all 3 late days, the penalty is 10% for each additional late day.
TCP Session Hijacking Lab Assignment
Objective
Understand and demonstrate the techniques of TCP session hijacking within a controlled lab environment using virtual machines.
Tools Required
- VirtualBox
- Ubuntu VMs on an internal network
- Networking tools: Ettercap, tcpdump
Preparatory Steps
Ensure you have set up your virtual environment as per the instructions provided:
Assignment Tasks
- Environment Setup Verification
- Verify that all VMs can communicate. Use
ping
to ensure connectivity. - Document the IP configurations and connectivity test results.
- Verify that all VMs can communicate. Use
- ARP Poisoning and Traffic Capture
- Perform ARP poisoning between the Victim and Server VMs using Ettercap.
- Capture the traffic with tcpdump on the Attacker VM. Detailed instructions are available in the tcpdump guide.
- Session Hijacking
- Analyze the captured traffic to identify a TCP session.
- Modify packets to hijack the session and redirect traffic or alter communications.
- Document the steps and results of your hijacking attempt.
- Analysis and Reporting
- Analyze the impact of your hijacking on the communication between the Victim and Server.
- Identify potential signs of the attack and how it could be detected.
- Mitigation and Defense
- Implement and test mitigation strategies to protect against similar attacks.
- Evaluate the effectiveness of these strategies.
Deliverables
Submit a comprehensive lab report covering:
- Setup and connectivity verifications.
- Steps taken during ARP poisoning and session hijacking.
- Analysis of the hijacking impact and mitigation strategies.
- Reflections on what was learned and potential real-world applications.
Evaluation Criteria
- Accuracy and completeness of setup and execution.
- Depth of analysis in the hijacking and mitigation process.
- Clarity and thoroughness in reporting and documentation.