Data Networking/Fall 2015/Shrutik Patel

Group Members
1) Mugdha Gulati

2) Shrutik Patel

3) Dharak Savalia

4) Raj Kukadia

Motivation
Linux is an operating system i.e. a software that is used by the network engineers to control a network device to perform the desired function. The Linux operating systems transmit the control information to the processor. We had great opportunity to learn configuration of DNS server, DHCP server, Web server, Firewall, NIS, NFS, VPN and Backup server.

Domain Name System
DNS translates IP address to humanly devised names and vice versa. DNS distributes the responsibility of assigning domain names and mapping those names to IP addresses. It has a distributed database implemented in a hierarchy of different levels of name servers. Protocol: It is an application layer protocol which uses the services of UDP (Transport layer Protocol) at port number 53. A client will request for mapping of a host with a DNS request packet and the DNS server will fetch the associated record, encapsulates it in a reply packet and sends it via UDP.

Dynamic Host Configuration Protocol
The Dynamic Host Configuration (DHCP) is a client/server protocol based on TCP/IP network that automatically provides an Internet Protocol (IP) host with its IP address and other configuration information such as the subnet mask and default gateway (i.e. address of first-hop router). This TCP/IP standard reduces the complexity and administrative overhead of managing network client IPv4 / IPv6 addresses and other configuration parameters. A network administration can configure DHCP so that a given device/host receives the same IP address each time it connects to the server or a device/host can be assigned with different IP address each time it connects to the server. Since it has the ability to automate the network-related aspects of connecting a host into a network, it is also known as plug-and-play protocol. The DHCP server stores the configuration information in a database that includes:

1. Valid TCP/IP configuration parameters for all clients on the network.

2. Valid IP address pool for assignment to clients, as well as excluded addresses.

3. Reserved IP addresses associated with particular DHCP clients. This allows consistent assignment of a single IP address to a single DHCP client.

4. The lease duration, or the length of time for which the IP address can be used before a lease renewal is required.

A DHCP-enabled client, upon accepting a lease offer, receives:

1.A valid IP address for the subnet to which it is connecting.

2. Requested DHCP options, which are additional parameters that a DHCP server is configured to assign to clients. Some examples of DHCP options are Router (default gateway), DNS Servers and DNS Domain Name.

Web Server & Firewall
Web servers are one of the many servers that exist in the data center of any organization. It communicates with multiple browsers like Internet Explorer, Google Chrome, Firefox etcetera. It can run on multiple operating systems like Linux and Microsoft. Web servers are configured to host a particular website written on HTML. They have daemons running in their backend. Daemons are nothing but a software, for example, for a web server, HTTP is the daemon which uses port 80 and HTTPS uses port 443. Apache is the most popular web server and we have used its version 2.0.

A firewall follows a specific set of rules i.e. protocols to block or allow incoming and the outgoing traffic from the web server. A firewall forms a barrier between the trusted internal network and the external network i.e. the Internet. IP tables are used to block certain IP address to perform specific operations such as ICMP, Telnet, SSH and FTP. All the traffic that is not mentioned in the IP tables are blocked by the firewall.

Backup Server
Backup is used to store the data from a server to another sever so that in case of data loss it can be easily recovered. Secure Shell (SSH) protocol is used which uses RSA encryption and shares the public key to the remote host who should be able to access the local host. Secure Copy (SCP) is used to securely copy the backup file from the local host to the remote host.

The Address Resolution Protocol (ARP) and Scappy
Scapy is a tool that can be used for packet manipulation and is written in python. Scapy provide indirect access to libpcap. It allows to packet capture, manipulation and network discovery. Scapy can be used in many ways we will concentrate on ARP Poisoning using Scapy.

ARP Protocol is protocol used by devices to find or map IP address to corresponding MAC address. There are two types of ARP Packets ARP request and ARP reply. To poison a particular host it is best to use arp request from attacker MAC since some of latest ARP reply wont work and will be consider as gratuitous.

IPSec VPN
VPN protocol is used to develop a secured tunnel between two hosts. The data traversing through the tunnel is encrypted using AES 128 bit encryption. It is used for security purposes and to avoid eavesdropping and attacks from hackers. There are two types of VPN namely network to network and IPsec transport VPN. Here transport VPN is used since it is used within a network.

Network File System
Network File System(NFS) NFS allow is implement so that the Files and Folder can be shared over network in control way. This has many advantage as common folder and files or projects people working on can shared and hence saves local memory. Many of removable drives which are not necessary or are required sometimes can be shared like CDROM, USB Thumb drives can be shared on network. Steps for installation of NFS there are two parts one Server part (whose drives are shared), and other client part who can access the drives exported by Server machines.

Domain Name System
DNS Query working: DNS queries can be resolved in multiple ways. DNS server can use its cache to answer a query or contact other DNS servers on behalf of the client to resolve the name fully. When the DNS server receives a query, it first checks to see if it can answer it authoritatively, based on the resource record information contained in a locally configured zone on the server. If the queried name matches a corresponding resource record in the local zone information, the server answers authoritatively, using this information to resolve the queried name. We have used BIND( Berkely Internet Name Domain) version 9 for because it can be used on majority of name serving machines on the internet and provide a robust architecture. Also we decided to use BIND because of its some important features like DNS security, DNS protocol enhancements and Multiprocessor support.

Dynamic Host Configuration Protocol
1. DHCP server Discover: The client sends the DHCP discover to the 255.255.255.255 with the source IP of 0.0.0.0 to port 67. 2. DHCP Offer: The server responds to the Discover message with DHCP offer which is sent on a broadcast IP address of 255.255.255.255 with the offered IP address to the client. 3. DHCP request: The client chooses from one or more DHCP offers and responds with the DHCP request. 4. DHCP ACK: The server confirms the IP chosen by the client with DHCP ACK message.

Web Server
1. After the package is installed, the Apache 2 web server is started. 2. The web page of the server is changed and restarted. 3. The server is in active mode and listening for HTTP requests in port 80.

Firewall
1. The IP tables are configured in the web server. 2. The HTTP response and HTTP request from the web server are accepted, forwarded or rejected based on the IP tables.

Network File System
1. NFS server is created and the directory to be shared is declared. 2. An NFS connection is established with the client using exports file by giving specific permissions to the client. 3. The client is mounted with the server system and the data is shared between the two systems.

DNS
Here in this project, we used private network, we configured static private ip address for the DNS server, by editing /etc/network/interfaces file and setting iface eth0 inet static.For installing of DNS server have used BIND9, which is actually Berkely Internet Name Domain version 9.The reason for choosing this BIND9 is that it was used in most of name serving machines on the internet and also it provides robust architecture on which DNS server of an organization. Other possible configurations available for DNS are Posadis and Power DNS. Here in this project, We configured Master and Slave DNS with IPv6 support.

Steps to configure Master DNS server:

Step 1: To configure static ip address, one have to configure in “/etc/network/interfaces” file with IP address and other details. Command: auto eth0 iface eth0 inet static address 192.168.11.5 netmask 255.255.255.0 network 192.168.11.0 broadcast 192.168.11.255 gateway 192.168.11.1 iface eth0 inet6 static address 2001:db8:0:1::124 netmask 64 gateway 2001:db8:0:1::1

Step 2: Edit the nameserver and domain name details in the below path Command: cat /etc/resolvconf/resolv.conf.d/head nameserver 192.168.11.5 search rajkukadia.com Step 3: Edit “named.conf.local” file for specifying forward and reverse zones. Command: cat /etc/bind/named.conf.local #Forward zone zone "rajkukadia.com" { allow-transfer {192.168.11.6;}; also-notify {192.168.11.6 ;}; file "/etc/bind/db.rajkukadia.com"; type master; }; Command: #Reverse Zone zone "11.168.192.in-addr.arpa" { allow-transfer {192.168.11.6;}; allow-transfer {192.168.11.6 ;}; type master; file "/etc/bind/db.192"; };

Command: #Reverse Zone for V6         zone "1.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa" {         type master; allow-transfer {192.168.10.6;}; file "/etc/bind/db.2001"; also-notify { 192.168.11.6; }; };

Step 4: Edit the named.conf.options file for ISP DNS IP, in the forwarders column, as below Command: cat /etc/bind/named.conf.options forwarders { # ISP DNS IP’s 192.168.11.6;         192.168.11.5;          8.8.8.8;           8.8.4.4;                      };

Step 5: Create forward zone and Reverse zone db files in the path “/etc/bind” location. Command: For Forward Zone, Create db.rajkukadia.com file by referring to contents of /etc/bind/db.local file cat /etc/bind/db.rajkukadia.com ;         ; BIND data file for rajkukadia.com ;         $TTL    604800 @      IN      SOA ubuntu.rajkukadia.com. root.rajkukadia.com. (                              7         ; Serial                          604800         ; Refresh                           86400         ; Retry                         2419200         ; Expire                          604800 )       ; Negative Cache TTL @	IN	NS	ubuntu.rajkukadia.com. @	IN	A	192.168.11.7 @	IN	AAAA	2001:db8:0:1::125 ubuntu	IN	A	192.168.11.5 IN     AAAA    2001:db8:0:1::124 ubuntu1	IN	A	192.168.11.6 IN     AAAA    2001:db8:0:1::128 www	IN	CNAME	rajkukadia.com. stu1	IN	A	192.168.11.9 IN	AAAA	2001:db8:0:1::126 stu2	IN	A	192.168.11.10 IN	AAAA	2001:db8:0:1::127

For reverse zone: cat /etc/bind/db.192 ;         ; BIND reverse data file for local loopback interface $TTL   604800 @      IN      SOA ubuntu.bdrn.com. root.bdrn.com. (                              7         ; Serial                          604800         ; Refresh                           86400         ; Retry                         2419200         ; Expire                          604800 )       ; Negative Cache TTL ;         @	IN	NS	ubuntu. 5	IN	PTR	ubuntu.rajkukadia.com. 6	IN	PTR	ubuntu1.rajkukadia.com. 7	IN 	PTR	rajkukadia.com. 9	IN	PTR	stu1.rajkukadia.com. 10	IN	PTR	stu2.rajkukadia.com. 1	IN	PTR	gw.rajkukadia.com.

Step 6: Restart system and bind9 software to have the changes reflected: Command: sudo init 6 sudo service bind9 restart

Steps to Configure Slave DNS Server:

Step 1: To configure static IP address of Slave DNS, edit “/etc/network/interfaces” file Command: cat /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.11.6 netmask 255.255.255.0 network 192.168.11.0 broadcast 192.168.1.255 gateway 192.168.11.1

Step 2: Configure nameserver and domain name details in “resolv.conf” file Command: cat /etc/resolvconf/resolv.conf.d/head nameserver 192.168.11.6 search rajkukadia.com Step 3: Edit named.conf.local file for configuring forward zone and reverse zone details Command: cat /etc/bind/named.conf.local  # Forward zone zone "rajkukadia.com" { type slave; masters {192.168.11.5;}; file "/etc/bind/db.rajkukadia.com"; }; # Reverse Zone zone "11.168.192.in-addr.arpa" { type slave; masters {192.168.11.5;}; file "/etc/bind/db.192"; }; Step 5: Edit the named.conf.options file for forwarders details Command: cat /etc/bind/named.conf.options forwarders { 192.168.11.5;         192.168.11.6;          8.8.8.8;          8.8.4.4; 	 }; Step 6: Restart system and bind9 software to have the changes reflected: Command: sudo init 6 sudo service bind9 restart

DHCP
Steps for Configuring DHCP server Step1: Install the DHCP Server Command: sudo apt-get install isc-dhcp-server

Step2: Install the router advertisement daemon (radvd ) for IPv6 Command: sudo apt-get install radvd

Step3: Set the static IP address of the DHCP server Command:

sudo nano /etc/network/interfaces auto lo   iface lo inet loopback

auto eth0 iface eth0 inet static address 192.168.11.4 netmask 255.255.255.0 gateway 192.168.11.1 network 192.168.11.0 broadcast 192.168.11.255 dns-nameserver 192.168.11.5 192.168.11.6 dns-domain-search rajkukadia.com iface eth0 inet6 static address 2001:db8:0:1::120 netmask 64 gateway 2001:db8:0:1::1

Step4: Configure the IPv6 and IPv4 forwarding Command: sudo nano /etc/sysctl.conf

net.ipv4.conf.default.rp_filter=1 net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1

Step5: Make eth0 as the default interface Command:

sudo nano /etc/default/isc-dhcp-server

INTERFACES="eth0"

Step6: Configure the dhcpd.config file.Open the dhcpd.config file using the following command for IPv4 : Command: sudo nano /etc/dhcp/dhcpd.conf

Create configuration file dhcpd.conf:

subnet 192.168.11.0 netmask 255.255.255.0 { range 192.168.11.20 192.168.11.40; option subnet-mask 255.255.255.0; option broadcast-address 192.168.11.255; option routers 192.168.11.1; option domain-name "rajkukadia.com"; option domain-name-servers 192.168.11.5; option domain-name-servers 192.168.11.6; default-lease-time 600; max-lease-time 7200; }

Step7: Edit the resolv.conf file Command:

sudo nano /etc/resolv.conf

nameserver 192.168.11.5 nameserver 192.168.11.6

Step8: Configure the DHCP server for IPv6 Command:

sudo nano /etc/dhcp/dhcpd6.conf

default-lease-time 600; max-lease-time 7200; log-facility local7; subnet6 2001:db8:0:1::/64 { range6 2001:db8:0:1::20 2001:db8:0:1::40; range6 2001:db8:0:1::/64 temporary; }

Step9: Create /etc/radvd.conf and configure as follows Command:

sudo nano /etc/radvd.conf

interface eth0 { AdvSendAdvert on; MinRtrAdvInterval 3; MaxRtrAdvInterval 10; prefix 2001:0db8:1:1::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; };    };

Step10: Reboot the System Command:

sudo init 6

Step11: Restart the DHCP server Command:

sudo service isc-dhcp-server restart

Step12: Restart the DHCPv6 server with the following command Command:

sudo service isc-dhcp-server6 restart

Webserver
Step 1: Get updates and install Apache2 Webserver Command: sudo apt-get update sudo apt-get install apache2 Step 2: Make a new directory in /var/www/ Command: sudo mkdir -p /var/www/websitename.com/public_html Step 3: •	Provide permissons to access the file and the folder Command: sudo chown -R $USER:$USER /var/www/websitename.com/public_html sudo chmod -R 755 /var/www Step 4: Edit the HTML file Command: sudo nano /var/www/websitename.com/public_html/index.html Step 5: Copy content from 000-default-conf to websitename.com.conf i.e. virtual hosts in the configuration file Command: sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/websitename.com.conf Step 6: Edit websitename.com.conf Command: ServerAdmin admin@websitename.com ServerName websitename.com ServerAlias www.websitename.com ServerRoot /var/www/websitename.com/public_html

Step 7: Enable the virtual hosts Command: sudo a2ensite websitename.com.conf

Step 8: Restart the Apache web server Command: sudo service apache2 restart

Step 9: Add your IP address and domain name to the hosts file Command: 192.168.11.7 websitename.com Search http://websitename.com from your browser

Firewall
Firewall allows the system administrator to accept, forward or drop the packets using ip tables.

1. Enable it by below command: 1.	sudo ufw enable 2. Add the rules below rules allow only below allow only http trafic sudo ufw allow 80 3. add rules for ssh sudo ufw allow 22 4. reject icmpt 1.	sudo iptables -A INPUT -p icmp -j REJECT

The Address Resolution Protocol (ARP) and Scappy
Step 1: After executing the code by sudo python poison.py on Terminal on attacker machines the Victim can be arp table can seen by arp -a. Now all traffic for Webserver will flow from your machine now you have NAT IP the attacker machine to accept the IP other than his ip. Enter in root mode, first flush iptable Command: iptables -t nat –flush iptables –zero iptables -A FORWARD --in-interface ens33 -j ACCEPT iptables -t nat --append POSTROUTING --out-interface ens33 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 80 --jump DNAT --to-destination attacket’s ip

Step 2: After attack has been finished if we want to restore the original condition than send ARP request with original dst mac and its ip.

IPSec VPN
Step 1: Install the following package used to configure VPN Command: sudo apt-get install ipsec-tools strongswan-starter Step 2:Open and Edit the following file Command: sudo nano /etc/ipsec.conf Step 3: Add the following Command: conn webserver-to-nfs authby=secret auto=route keyexchange=ike left=192.168.11.7 right=192.168.11.13 type=transport esp=aes128gcm16!

Step 4: Create the file which will have the pre shared keys Command: sudo nano /etc/ipsec.secrets

Step 5: Add the following Command: 192.168.11.13 192.168.11.7 : PSK “ your keys”

Step 6: Restart IPSec Command: ipsec restart

Step 7: To check the status use statusall Command: ipsec statusall

Host 2

Step 1: Install the following Command: sudo apt-get install ipsec-tools strongswan-starter

Step 2: Open andeEdit the following file Command:

sudo nano /etc/ipsec.conf

Step 3: Add the following Command: conn webserver-to-nfs authby=secret auto=route keyexchange=ike left=192.168.11.13 right=192.168.11.7 type=transport esp=aes128gcm16!

Step 4: Create the file which will have the pre shared keys Command:

sudo nano /etc/ipsec.secrets

Step 5: Add the following Command:

192.168.11.13 192.168.11.7 : PSK “ your keys”

Step 6: Restart IPSec Command:

ipsec restart

Step 7: To check the status use statusall Command: ipsec statusall

Testing: Step 1: Use this on any one host: Command: Ping -s 4048 192.168.11.13

Step 1: Watch status from other host Command: watch ipsec statusall

Network File System
Configure the NFS Server

Step 1: Install NFS Server on server machine by below command: Command: sudo apt install nfs-kernel-server

Step 2: Configure the exports by editing the /etc/exports Command: sudo nano /etc/exports

Step 3: Add directories you want to export or want to share on network in the above files /ubuntu*(ro,sync,no_root_squash) * is the username it include IP address you want to allow to share Command: /home/dharak 192.168.11.0/24 (rw,sync,no_root_squash)

Step 4: start the NFS Server Command: sudo systemctl start nfs-kernel-server.service

Configure the NFS Client

Step 1: install nfs common on the client machine Command: sudo apt install nfs-common

Step 2: Mount the exported folders in an client machine in an empty directory Command: sudo mount 192.168.11.13:/home/dharak /home/rajkukaidia/NFS “/home/dharak” is exported directory and “/home/local/NFS” is local directory which should be empty before mouting

Backup
Secure Shell (SSH) protocol is used which uses RSA encryption and shares the public key to the remote host who should be able to access the local host. Secure Copy (SCP) is used to securely copy the backup file from the local host to the remote host. Step 1: Generate the public and private keys ssh-keygen -t rsa Step 2: Make a copy of the public key cp id_rsa.pub authorized_keys Step 3: Copy authorized key to the remote host ssh-copy-id dharak@192.168.11.13 Step 4: Create a backup file tar -zcvf /path for backup/ Backupfile.tgz  /path for file to backup/ Step 5: Copy the backup file to remote host scp /path of the backup file/ dharak@192.168.11.13 :/path of the destination folder/ Step 6: •	Open crontab and add following * * * * * chmod 777 cron.sh         * * * * * /path/cron.sh

VPN Test
1) Connect to the VPN server and once connected a point to point tunnel session is established which can be retrieved in the interface list.               ifconfig                                  - Retrieves the detected network interface and its information                ppp0   Link encap:Point-to-Point Protocol - Shows that the device is connected to a private network.

DNS Test
The following commands are used for DNS testing: 1) Dig Domain Information Groper is used to query DNS name servers. It performs DNS lookups and returns the response from the name servers. 2) Nslookup nslookup is a command used to query DNS servers. Interactive mode gives permission to the user to query the name servers for getting information about hosts and domains. Non-interactive mode gives permission to the user for printing just the name and information that is requested for a particular host or domain. 3) Ping Ping is used for checking the network layer status of the server. 4) Host Host is used for DNS lookups. It resolves hostnames to IP addresses and vice versa.

DHCP Test
DHCP allocates the IP address for the device entering the network.IP address can be verified using ifconfig/ipconfig in the client machine. sudo dhclient –r                 -  It will release the current IP address in the client cat /var/lib/dhcp/dhcpd.leases   -  It will display the lease provided by the DHCP server.

Webserver Test
1. The web browser is opened in the client machine. 2. Type the URL address www.bdrn.com. 3. A successfull page is displayed at the client machine.

Firewall Test
1. When an HTTP request is sent from the client machine, the request is received at the web browser. 2. The web server is configured to block the connections from the ip address 192.168.1.30. 3. When a client with IP address 192.168.1.30 sends a packet to the web server, the packet is blocked by the firewall and the access is restricted.

NFS Test
After a connection is established between the server and the client using NFS server. The changes made in the server is reflected in the client machine.

Future Improvements
1. Improved Firewall security features. 2. Behaviour of the servers located in a public network environment. 3. Implementation of AAA servers for authorization, authentication and accounting. 4. Simulating real-time network traffic and validating network performance.