449ass1.pdf
TRANSCRIPT
8/10/2019 449Ass1.pdf
http://slidepdf.com/reader/full/449ass1pdf 1/5
ECE 4490 Project 1By: Kevin McFarland
Partner: Shilkumar Patel
Ubuntu 14.04 was installed inside of a virtual machine. Originally, the virtual machine was hosted on acomputer with an internet connection in order to install the many packages required to complete this
proect. !uch packages included tinc, openvpn, openssh"server, wireshark, telnet, and telnet"server.#fter installing all of the necessary packages, the virtual machine was e$ported to an appliance andmoved to a machine in the lab without an internet connection. On the machine, % configured openvpnaccording to the quick"setup, static key &O'(O guide. )y partner configured tinc on his virtualmachine. #fter configuration, each vpn, along with telnet and ssh, was tested and sniffed withwireshark*ethereal+.
'ireshark works much the same as a physical wiretap as would be placed on a phone line, e$cept ituses software to sniff the interface device. 'hile 'ireshark is sniffing and interface, it is able todisplay, based on the protocols of the packets collected, the contents of said packages. %t is able todisplay the type of packet, the source and destination for the packet, and packet data. 'ith thisinformation, 'ireshark can be used to monitor traffic, both encrypted and non"encrypted, over theinterface. %t is especially strong against non"encrypted mediums of computing communication as it canbe used to find login information, which can be used for the remote access and manipulation of data.(his can be seen in %llustration 1 which shows the login information packets over telnet.
One of the protocols that were used in this lab is telnet. (elnet is a non"encrypted remote accessprotocol which is very similar to ssh. !sh and telnet are two separate protocols which are utilied forremote access. (he primary difference between the two is that ssh is much more secure. (elnet was
Illustration 1: Non-encrypted Telnet login traffic.
8/10/2019 449Ass1.pdf
http://slidepdf.com/reader/full/449ass1pdf 2/5
originally designed to work within a secured private network and does not provide a secureauthentication method or any encryption of the data transmitted. !sh however, utilies public keyauthentication in order to ensure that the client computer has not changed. !sh also encrypts the datatransmitted from client"to"host and host"to"client. (oday, ssh has superseded telnet in almost everydesired use. (he encrypted !!& traffic can be seen in %llustration -, below.
(elnets insecurities can quickly be e$ploited by using a wireshark filter. (he filter that % decided to usewas /telnet telnet.data ip.dst 12-.13.10.11.5 (he 12-.13.10.11 being the %6 addressthat was currently released to my machine. (he telnet part of the filter only shows telnet traffic. (hetelnet.data part of the filter only shows packets that contain useful information. (he ip.dst only showstraffic to my machine. #ll of these together show the keypresses that are input over telnet to mymachine, which means that the username and password is the first packets that are detected and shownin the filtered window. (his is also demonstrated in %llustration 1.
#s stated previously, % decided upon implementing a 768 based on the Open768 packages. )ypartner created his 768 using the (%89 server configuration. % used the Open768 single client"to"hostconfiguration &O'(O and was able to use a static secret key that was shared between the client and
the host. 'ith this configuration, the host is started with its private %6 address configuration and thestatic secret key. (hen, the client is initiated with its private %6 configuration and the same static secretkey. (his static secret key is used in handshaking to ensure that a trusted computer is being connectedto the 768. Once the machines have connected via the 768 tunnel, all traffic transmitted is sentthrough the Open768 protocol encrypted connection. 'ith this 768, sniffing the virtual tunnelinterface reveals the non"encrypted data, but from outside the 768 interface, unsecured telnet trafficappears encrypted and secured. (his can be seen in %llustrations : and 4.
Illustration 2: Encrypted SSH traffic.
8/10/2019 449Ass1.pdf
http://slidepdf.com/reader/full/449ass1pdf 3/5
)y partner decided install the (%89 768 server software. (%89 and Open768 are very much alike,but they differ slightly. Open768 utilies its own Open768 encrypted protocol for communicationswhereas (%89 uses encrypted (96;U<6 communication. Open768 can be seen as having the
Illustration 3: Telnet traffic inside OpenVN
Illustration !: Telnet traffic fro" outside OpenVN.
8/10/2019 449Ass1.pdf
http://slidepdf.com/reader/full/449ass1pdf 4/5
advantage because (%89 has acknowledgments sent over the non"encrypted (96 protocol. #ll of theOpen768 communications are encrypted using the Open768 protocol. =ecause of its more comple$protocol, Open768 does not have a speed advantage over (%89. #s shown by the logs below, (%89has a lower average and ma$imum ping time.
PING while using TINC:
shil@shil:~$ ping 10.0.0.2PING 10.0.0.2 (10.0.0.2) 56(84) bytes o !"t".
64 bytes #o 10.0.0.2: i%p&se'1 ttl64 tie1.6 s
64 bytes #o 10.0.0.2: i%p&se'2 ttl64 tie2.01 s
64 bytes #o 10.0.0.2: i%p&se'* ttl64 tie1.61 s
64 bytes #o 10.0.0.2: i%p&se'4 ttl64 tie1.14 s
64 bytes #o 10.0.0.2: i%p&se'5 ttl64 tie1.18 s
64 bytes #o 10.0.0.2: i%p&se'6 ttl64 tie0.+0+ s
64 bytes #o 10.0.0.2: i%p&se' ttl64 tie1.56 s
64 bytes #o 10.0.0.2: i%p&se'8 ttl64 tie0.+++ s
64 bytes #o 10.0.0.2: i%p&se'+ ttl64 tie1.06 s
64 bytes #o 10.0.0.2: i%p&se'10 ttl64 tie1.18 s
64 bytes #o 10.0.0.2: i%p&se'11 ttl64 tie1.44 s
,-
10.0.0.2 ping st"tisti%s
11 p"%/ets t#"nsitte! 11 #e%eie! 0 p"%/et loss tie 10016s
#tt in3"g3"3!e 0.+0+31.*5*32.01830.**6 s
PING while using OPENVPN:
shil@shil:~$ ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes o !"t".
64 bytes #o 10.8.0.1: i%p&se'1 ttl64 tie15.0 s
64 bytes #o 10.8.0.1: i%p&se'2 ttl64 tie0.+1+ s
64 bytes #o 10.8.0.1: i%p&se'* ttl64 tie0.8*1 s64 bytes #o 10.8.0.1: i%p&se'4 ttl64 tie*.2 s
64 bytes #o 10.8.0.1: i%p&se'5 ttl64 tie0.8*0 s
64 bytes #o 10.8.0.1: i%p&se'6 ttl64 tie0.48 s
64 bytes #o 10.8.0.1: i%p&se' ttl64 tie0.*0 s
64 bytes #o 10.8.0.1: i%p&se'8 ttl64 tie0.816 s
64 bytes #o 10.8.0.1: i%p&se'+ ttl64 tie1.1 s
64 bytes #o 10.8.0.1: i%p&se'10 ttl64 tie0.8*4 s
,-
10.8.0.1 ping st"tisti%s
10 p"%/ets t#"nsitte! 10 #e%eie! 0 p"%/et loss tie +01*s
#tt in3"g3"3!e 0.*032.56+315.08634.260 s
(he scripts that % used to start and stop each vpn are as follows>
!tartup script for (%899ode>?@;bin;shsudo tincd "n myvpn