Sei sulla pagina 1di 5

ECE 4490 Project 1

By: Kevin McFarland


Partner: Shilkumar Patel
Ubuntu 14.04 was installed inside of a virtual machine. Originally, the virtual machine was hosted on a
computer with an internet connection in order to install the many packages required to complete this
proect. !uch packages included tinc, openvpn, openssh"server, wireshark, telnet, and telnet"server.
#fter installing all of the necessary packages, the virtual machine was e$ported to an appliance and
moved to a machine in the lab without an internet connection. On the machine, % configured openvpn
according to the quick"setup, static key &O'(O guide. )y partner configured tinc on his virtual
machine. #fter configuration, each vpn, along with telnet and ssh, was tested and sniffed with
wireshark*ethereal+.
'ireshark works much the same as a physical wiretap as would be placed on a phone line, e$cept it
uses software to sniff the interface device. 'hile 'ireshark is sniffing and interface, it is able to
display, based on the protocols of the packets collected, the contents of said packages. %t is able to
display the type of packet, the source and destination for the packet, and packet data. 'ith this
information, 'ireshark can be used to monitor traffic, both encrypted and non"encrypted, over the
interface. %t is especially strong against non"encrypted mediums of computing communication as it can
be used to find login information, which can be used for the remote access and manipulation of data.
(his can be seen in %llustration 1 which shows the login information packets over telnet.
One of the protocols that were used in this lab is telnet. (elnet is a non"encrypted remote access
protocol which is very similar to ssh. !sh and telnet are two separate protocols which are utili,ed for
remote access. (he primary difference between the two is that ssh is much more secure. (elnet was
Illustration 1: Non-encrypted Telnet login traffic.
originally designed to work within a secured private network and does not provide a secure
authentication method or any encryption of the data transmitted. !sh however, utili,es public key
authentication in order to ensure that the client computer has not changed. !sh also encrypts the data
transmitted from client"to"host and host"to"client. (oday, ssh has superseded telnet in almost every
desired use. (he encrypted !!& traffic can be seen in %llustration -, below.
(elnet.s insecurities can quickly be e$ploited by using a wireshark filter. (he filter that % decided to use
was /telnet 00 telnet.data 00 ip.dst 11 12-.134.10.141.5 (he 12-.134.10.141 being the %6 address
that was currently released to my machine. (he telnet part of the filter only shows telnet traffic. (he
telnet.data part of the filter only shows packets that contain useful information. (he ip.dst only shows
traffic to my machine. #ll of these together show the keypresses that are input over telnet to my
machine, which means that the username and password is the first packets that are detected and shown
in the filtered window. (his is also demonstrated in %llustration 1.
#s stated previously, % decided upon implementing a 768 based on the Open768 packages. )y
partner created his 768 using the (%89 server configuration. % used the Open768 single client"to"host
configuration &O'(O and was able to use a static secret key that was shared between the client and
the host. 'ith this configuration, the host is started with its private %6 address configuration and the
static secret key. (hen, the client is initiated with its private %6 configuration and the same static secret
key. (his static secret key is used in handshaking to ensure that a trusted computer is being connected
to the 768. Once the machines have connected via the 768 tunnel, all traffic transmitted is sent
through the Open768 protocol encrypted connection. 'ith this 768, sniffing the virtual tunnel
interface reveals the non"encrypted data, but from outside the 768 interface, unsecured telnet traffic
appears encrypted and secured. (his can be seen in %llustrations : and 4.
Illustration 2: Encrypted SSH traffic.
)y partner decided install the (%89 768 server software. (%89 and Open768 are very much alike,
but they differ slightly. Open768 utili,es its own Open768 encrypted protocol for communications
whereas (%89 uses encrypted (96;U<6 communication. Open768 can be seen as having the
Illustration 3: Telnet traffic inside OpenVN
Illustration !: Telnet traffic fro" outside OpenVN.
advantage because (%89 has acknowledgments sent over the non"encrypted (96 protocol. #ll of the
Open768 communications are encrypted using the Open768 protocol. =ecause of its more comple$
protocol, Open768 does not have a speed advantage over (%89. #s shown by the logs below, (%89
has a lower average and ma$imum ping time.
PING while using TINC:
shil@shil:~$ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes o !"t".
64 bytes #o$ 10.0.0.2: i%$p&se'(1 ttl(64 ti$e(1.)6 $s
64 bytes #o$ 10.0.0.2: i%$p&se'(2 ttl(64 ti$e(2.01 $s
64 bytes #o$ 10.0.0.2: i%$p&se'(* ttl(64 ti$e(1.61 $s
64 bytes #o$ 10.0.0.2: i%$p&se'(4 ttl(64 ti$e(1.14 $s
64 bytes #o$ 10.0.0.2: i%$p&se'(5 ttl(64 ti$e(1.18 $s
64 bytes #o$ 10.0.0.2: i%$p&se'(6 ttl(64 ti$e(0.+0+ $s
64 bytes #o$ 10.0.0.2: i%$p&se'() ttl(64 ti$e(1.56 $s
64 bytes #o$ 10.0.0.2: i%$p&se'(8 ttl(64 ti$e(0.+++ $s
64 bytes #o$ 10.0.0.2: i%$p&se'(+ ttl(64 ti$e(1.06 $s
64 bytes #o$ 10.0.0.2: i%$p&se'(10 ttl(64 ti$e(1.18 $s
64 bytes #o$ 10.0.0.2: i%$p&se'(11 ttl(64 ti$e(1.44 $s
,-
... 10.0.0.2 ping st"tisti%s ...
11 p"%/ets t#"ns$itte!0 11 #e%ei1e!0 02 p"%/et loss0 ti$e 10016$s
#tt $in3"1g3$"43$!e1 ( 0.+0+31.*5*32.01830.**6 $s

PING while using OPENVPN:
shil@shil:~$ ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes o !"t".
64 bytes #o$ 10.8.0.1: i%$p&se'(1 ttl(64 ti$e(15.0 $s
64 bytes #o$ 10.8.0.1: i%$p&se'(2 ttl(64 ti$e(0.+1+ $s
64 bytes #o$ 10.8.0.1: i%$p&se'(* ttl(64 ti$e(0.8*1 $s
64 bytes #o$ 10.8.0.1: i%$p&se'(4 ttl(64 ti$e(*.)2 $s
64 bytes #o$ 10.8.0.1: i%$p&se'(5 ttl(64 ti$e(0.8*0 $s
64 bytes #o$ 10.8.0.1: i%$p&se'(6 ttl(64 ti$e(0.)48 $s
64 bytes #o$ 10.8.0.1: i%$p&se'() ttl(64 ti$e(0.)*0 $s
64 bytes #o$ 10.8.0.1: i%$p&se'(8 ttl(64 ti$e(0.816 $s
64 bytes #o$ 10.8.0.1: i%$p&se'(+ ttl(64 ti$e(1.1) $s
64 bytes #o$ 10.8.0.1: i%$p&se'(10 ttl(64 ti$e(0.8*4 $s
,-
... 10.8.0.1 ping st"tisti%s ...
10 p"%/ets t#"ns$itte!0 10 #e%ei1e!0 02 p"%/et loss0 ti$e +01*$s
#tt $in3"1g3$"43$!e1 ( 0.)*032.56+315.08634.260 $s
(he scripts that % used to start and stop each vpn are as follows>
!tartup script for (%89
9ode>
?@;bin;sh
sudo tincd "n myvpn
!hutdown script for (%89
9ode>
?@;bin;sh
sudo pkill tincd
!tartup script for Open768
9ode>
?@;bin;sh
sudo openvpn server.conf
!hutdown script for Open768
9ode>
?@;bin;sh
sudo pkill openvpn

Potrebbero piacerti anche