This objective of this lab was to setup a network, implement a log sorting platform, capture malicious traffic using an IDS and capture traffic using Wireshark.
The network was implemented using docker. Grafana was responsible for sorting logs generated by the IDS, the IDS configured was Suricata. Kali linux was the attack machine while Metasploitable was the victim machine. Metasploitable which is a vulnerable machine used for testing has several ports exposed i.e 80, 443 and 21.
An attack script made using python was used to conduct the attack. The script did a port scan, icmp flood attack and syn flood attack targeting metasploitable. Logs were generated by the IDS and were visible on Wireshark.
On Wireshark, I captured traffic on the bridge interface docker was running on. Through filtering, I was able to isolate SYN and ICMP packets generated from the attack.
Finally, I encountered challenges when I tried to implement ELK(Elasticsearch, Logstash, Kibana). It required alot of system resources to run efficiently. Furthermore, metasploitable also utilized alot of resources which made testing slow. In future, I hope to refine areas like log sorting and utilizing lighter containers instead of metasploitable.
Clone the project
git clone https://github.com/te70/seclab.gitGo to the project directory
cd seclabPull the images (make sure you have docker installed)
sudo docker compose buildStart
sudo docker compose upTo run tests, open the Kali container, move to the root directory and run;
python3 attack.pyMake sure Wireshark is open on the correct interface and capture the generated packets from the attack