BCP-38%20demo - PowerPoint PPT Presentation

About This Presentation
Title:

BCP-38%20demo

Description:

1(a): Download packet spoofing software. cd $HOME. mkdir spoofing-demo; ... 1(c): Run the spoofer. chmod 755 spoof_script tcpreplay. Start the ... ip verify ... – PowerPoint PPT presentation

Number of Views:87
Avg rating:3.0/5.0
Slides: 14
Provided by: golr
Learn more at: https://nsrc.org
Category:
Tags: 20demo | bcp

less

Transcript and Presenter's Notes

Title: BCP-38%20demo


1
BCP-38 demo
  • Alan Barrett
  • Geert Jan de Groot
  • cast of thousands

2
Agenda
  • BCP-38 DNS DDOS demo
  • Build spoofed packet traffic generator
  • be the bad-behaving customer
  • Configure the network to filter
  • be the responsible ISP

3
Basic network
DNS request
Client
DNS
DNS response
4
Network diagram
DNS
VICTIM
R
PC
.
Row B
Row C
Row J
5
Step 1 install and run software
  • Download packet spoofing software
  • Configure
  • RunMore details on next pages

6
1(a) Download packet spoofing software
  • cd HOME
  • mkdir spoofing-demo cd spoofing-demo
  • ftp 196.200.222.1
  • login as anonymous
  • cd /pub/e2/bcp38
  • binary
  • mget (enter a to get all files)

7
1(b) Configure
  • From your PC, ping the IP address of your router
  • ping -c 1 ip.ad.re.ss
  • Find out and write down the MAC address of your
    router
  • arp -an
  • Edit spoof_script and change
  • TABLE_ROW
  • ROUTER_MAC

8
1(c) Run the spoofer
  • chmod 755 spoof_script tcpreplay
  • Start the generator (as root)
  • ./spoof_script

9
Step 2 Observe spoofed packets and responses
  • Instructors use tcpdump to capture traffic on
    backbone.
  • Observe the spoofed packets, and responses to
    them.

10
Step 3 Enable unicast reverse-path filtering
(URPF)
  • Login to router
  • Configure
  • interface fastEthernet0/0
  • ip verify unicast reverse-path
  • For all destinations that are routed outwards
    through this interface, incoming traffic in the
    opposite direction is allowed.

11
Step 4 See that it worked
  • Observe that the tcpdump display stops showing
    spoofed packets
  • show ip interface fastEthernet0/0
  • Near the end, see verification drops

12
URPF variant for multi-homed customer
  • ! access-list 42 will permit the routes
  • ! that would otherwise fail the test
  • ! (e.g. downlink through a different ISP)
  • ip access-list 42 permit 192.0.2.0 0.0.0.255
  • interface fastEthernet0/0
  • ip verify unicast reverse-path 42

13
Another variant Filtering using access-group
  • ! access-list 123 permits all packets
  • ! from the customer
  • ip access-list 123 permit ip 192.0.2.0 0.0.0.255
    0.0.0.0 255.255.255.255
  • interface fastEthernet0/0
  • ip access-group 123 in
  • This is less efficient and more difficult to
    configure
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "BCP-38%20demo" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!