Skip to content

te70/spooflab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
apachee
apachee
 
 
conf
conf
 
 
html
html
 
 
kalii
kalii
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
loki-config.yml
loki-config.yml
 
 
promtail-config.yml
promtail-config.yml
 
 
suricata.rules
suricata.rules
 
 

Repository files navigation

IP spoofing lab

Overview

IP spoofing is a cyberattack technique in which an attacker fakes the source IP address of a packet to make it appear as if it's coming from a trusted or legitimate source. In IP spoofing, the attacker modifies the header of a packet so that the source IP address is fake. In this case, this technique was used to conduct a denial of service attack.

The objective of this lab was to setup a network, conduct a stepping stone attack, have a honeypot, implement a firewall and configure an IDS.

The network was setup using docker, Kali Linux was used as the attack machine, Apache as the victim machine, Suricata as the IDS, Dionaea as the honeypot, Grafana for sorting logs from the IDS and Iptables as the firewall. Furthermore, an attack script utilizing python was used to create a spoofing attack on dionaea and Apache. An iptables rules script was mounted on apache, so its implemented from the build.

After the attack script is initiated from Kali to Apache, logs from the IDS are visible and malicious signatures are detected. However, on Apache no logs are collected. This is because of iptables, this means the firewall is working. To test this, I dropped the iptables rules then conducted the attack again. It works and apache has logs from the attack. Moreover, I also tested this using Nikto; a web vulnerability scanner since Apache had exposed port 80.

On Dionea, logs will be found on an sqlite file, connections table. IPs from the spoofing attack will be visible after they connect to the honeypot. The honeypot also exposes the same ports as Apache, meant to confuse an attacker.

Finally, I encountered challenges of system resources which was solved by using docker. At first, I tried to implement them as virtual machines on virtualbox but the workload was heavy on the machine. In future, I hope to refine Grafana better with graphs that show a couple of metrics.

Run Locally

Clone the project

  git clone https://github.com/te70/spooflab.git

Go to the project directory

  cd spooflab

Build the docker file (make sure you have docker installed)

  sudo docker compose build

Start

  sudo docker compose up

Running Tests

Open the Kali container on docker compose. The attack script has already been mounted therefore move to the root directory and run;

  python3 attack.py

Logs should be generated by the IDS

License

MIT

About

Check the readme

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages