S-38.153 Security of Communication Protocols 29.1.2004 Laboratory network for the exercises A simple map of the network: ---------------------------- (WWW-proxy) Alpha Charlie Golf (RADCOM) | | | | | | | | | | ------------------------------------------------- backbone 10.50.0.0/24 | | | | | | InterJak 2 InterJak 1 Lnx3 | | | | | | ------ 10.50.1.0/25 | ---------------- 10.50.3.0/24 | | | | | | | | Delta | Foxtrot Echo | | ------------- 10.50.1.128/25 | | | | Bravo Hotel The hosts in parentheses (WWW-proxy and RADCOM) MUST NOT be modified. These two hosts are for special purposes, as described later in this document. All host names are in the domain: lab.netlab.hut.fi - e.g. alpha.lab.netlab.hut.fi What tasks can be done with different hosts: -------------------------------------------- Rootkits and root-exploits: - Try them ONLY in echo (maybe also with foxtrot) - Helper root-exploit, SuckIt rootkit, root.tar rootkit, chkrootkit Linux-hosts in general - scanners: nessus, nmap - sniffers: EtheReal, tcpdump, sniff - firewalls: ipTables (only in Lnx3 host) - intrusion detection systems (IDS): snort - other software: hunt, trin00, TCPWrapper, JohnTheRipper, L0pthCrack Windows-hosts in general - netBus and installation through an IIS-bug - netscan User names and passwords for Linux hosts: ----------------------------------------- - All Linux hosts have the same passwords username: labra password: labra to get root privileges: give command "su" and password "turvakone" - Windows passwords are specified for every Windows-host separately Hosts in the laboratory network: -------------------------------- Alpha: - Windows 2000, includes the latest patches - username: labra - password: labra.alpha Bravo: - Debian 2.2 (Linux kernel 2.2.17) Charlie: - Debian 4.2.1 (Linux kernel 2.4.24) Delta: - Windows 2000, latest patches NOT installed, a basic installation - username: labra - password: labra.delta Echo: - RedHat 6.1 (Linux kernel 2.2.12-20) - suitable e.g. for trying rootkits and root-exploits Foxtrot: - a combination of RedHat 6.1 and 6.2 (Linux Kernel 2.2.14-5.0) - suitable for rootkits and root-exploits (but echo is the primary host) - contains a web-browser - IF NETWORK CONNECTIVITY IS LOST, DO THE FOLLOWING: - "/sbin/reboot" (if boot is required) - "/sbin/modprobe tulip" - "cd /etc/sysconfig/network-scripts" - "./ifup eth0" Golf: - Debian 3.0 (Linux kernel 2.2.18 pre21) - suitable e.g. for scanners (also as a telnet server etc.) - do NOT modify the kernel e.g. with rootkits Hotel: - RedHat 9 (Linux kernel 2.4.20-8) - This host uses the same display as host EKSOS. Choose the right host with the selector. DO NOT USE host EKSOS. - suitable for running e.g. Ethereal InterJak 1: - A special-purpose router/firewall, with IP-address 10.50.1.126 - on the right side of the shelf - supports IPsec VPNs to InterJak 2 - Connect with browser from Delta to address: http://10.50.1.126 username: ttk password: ttk InterJak 2: - A special-purpose router/firewall, with IP-address 10.50.1.254 - on the left side of the shelf - supports IPsec VPNs to InterJak 1 - Connect with browser from Delta to address: http://10.50.1.254 username: ttk password: ttk Lnx3: - Debian 3.0 (Linux kernel 2.4.24) - suitable for running "iptables" - do NOT modify the kernel e.g. with rootkits RADCOM: - Do NOT modify this host - contains a network analyzer for decoding network traffic WWW-proxy: - This is the only way to the public Internet - set the proxy in your browser to: www.netlab.hut.fi, port 80