Network Address Translation, Wi-Fi Security, And Essay

NAT and IPv6

Network address translation (NAT) is a method to remap one IP address space into another space by modifying network address information in Internet Protocol datagram packet headers while in transit across a traffic routing device.

Please complete the following tasks/question:

• Use an example to illustrate how packets are sent and received by using NAT technology;
• Explain why NAT technology can provide a degree of security;

One purpose of using NAT/PAT (Port Address Translation) is to save IP addresses. IPv6 uses 128-bit addresses, instead of the meagre 32-bit IPv4 addresses. Does that mean that IPV6 will eliminate NAT/PAT?

Using Wireshark, your task is to capture an interaction between the client (your home computer) and the CQU Webfuse webserver. In doing so, attempt to retrieve the following web page:

http://webfuse.cqu.edu.au/[YourStudentNumber].html

where YourStudentNumber needs to be replaced by your actual student number. Please use your student number only.  No other page name should be used.

Use the appropriate filters in Wireshark to capture only DNS and HTTP traffic.

Figure 1 shows an example of a webpage you have to capture where YourStudentNumber is replaced by the name “s123456”:

The pcap of this web page captured with the appropriate DNS and HTTP filters is shown in Figure 2:

Figure 2 PCAP of Webpage with DNS and HTTP filters

To reproduce a capture similar to Figure 2, you may need to research how to:

• Flush the DNS resolver cache of your client
• Flush the cache of your web browser; and
• Make sure Wireshark is running with the appropriate DNS and HTTP filters before requesting the webpage from the Webfuse webserver.

1. Capture and Submit the PCAP file of the interaction
2. Identify the following three sections in the PCAP:

• DNS domain name resolution

• The three-way handshaking for connection establishment;

• Connection termination

For each of the sections, list the frames/packets associated with the section and highlight the section with a red ellipse in the screenshot.

2. For the three sections identified in b), explain each of the packet components in a similar way done in the Packet Capture Exercise 3. You do not have to explain all the captured frames, only the relevant frames. You may have to copy the information from the PCAP and paste it in the relevant fields of the table.

Like in part b), identify the frame number that encapsulates the retrieved webpage (html code). You also need to circle in red the paragraph with the message “The requested URL /YourStudentNumber.html was not found on this server”. You need to explain how you found both the retrieved webpage and the paragraph.

Cisco IOS (Internetworking Operating System) allows both standard and extended IP access lists as follows:

• Standard access listsare numbered 1-99 and filter based only on source IP.
  • access-list <1-99> <permit|deny>
  • Example:  This access list denies packets from host IP 139.78.5.100 but allows packets from any other host that starts with 139.78.5

access-list 5 deny    139.78.5.100   0.0.0.0
access-list 5 permit  139.78.5.0    0.0.0.255 

• Extended access lists are numbered 100-199 and filter based on source, destination, protocol, and port:
  • access-list <100-199> <permit|deny> <tcp|udp|icmp> eq
    
    
  • ‘eq’ stands for ‘equal to’ (meaning port number equal to)
    
    
  • Example: This extended access list discards packets from any host with an IP starting with 128.1 trying to send to the SMTP port (25).

access-list 105 deny tcp 128.1.0.0 0.0.255.255 0.0.0.0 255.255.255.255 eq 25

Note the source/destination IP address wildcard format (it is the opposite of the IP address usual subnet mask format):

• Example: To represent all IP addresses that start with 139.78.5:
  IP = 139.78.5.0        WILDCARD=0.0.0.255
  
  
• Example: To represent all IP addresses that start with 128.1:
  IP = 128.1.0.0        WILDCARD=0.0.255.255
  
  
• Example: To represent any address:
  IP = 0.0.0.0        WILDCARD= 255.255.255.255
  
  
• Example: To represent a single address (172.30.16.29):
  IP = 172.30.16.29        WILDCARD= 0.0.0.0 (check all bits)

If you want to place additional restrictions or admissions in the same access list, you just need to add lines in the same format above with the same list number. Access list items are processed in the order they appear in the list from top to bottom and any packet that does not match a list entry is discarded (there is effectively a hidden ‘deny all’ rule at the end of the access list).

To complete this exercise:

Create an Access Control List that will prevent hosts in the network range of 192.168.176.0 to 192.168.191.0  

Create a Cisco IOS extended IP access list that allows any host to access a web server  (HTTP protocol over TLS/SSL) on TCP port 443 whose IP address is 138.77.236.58

Create a Cisco IOS extended IP access list that allows any host to access the internal

SMTP server at 138.77.15.77 (TCP port 25), and the DNS servers at 138.77. 232.10 (TCP and UDP port 53).

For this assessment item, you should submit the standard and extended access lists that you create for the exercise (these do not need to be implemented on an actual router). For further information on Cisco ACLs see:  

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml

It is well known that, the wireless signal of a Wi-Fi network is not confined to a cable as in a traditional network but instead is broadcast through the air. Recently, public Wi-Fi hotspots can be found everywhere, such as airports, hotels and coffee shops. Users can log onto the Internet with their mobile device. Along with convenience, public Wi-Fi hotspots can also provide an easy way for some attackers, like identity thieves and cybercriminals, to attack the wireless network or the users.

Complete the following tasks:

1. Please state two kinds of attacks that may occur in public Wi-Fi networks;
   
   
2. Provide at least two effective ways for users to address the security issues when they access public Wi-Fi on their computer or mobile device;
   
   
3. Visit https://www.krackattacks.com/, then discuss how the protected Wi-Fi networks with WPA2 may be hacked by using a method named KRACK (You could summarise the attack details and point out key steps or effectiveness of this attack).

1. NAT means network address translation, which practically implies that a router or a firewall is translating addresses that come from the incoming interface, into different addresses flowing from the outgoing interface; conversely, when the response to the traffic comes back, it will re-transform the addresses in the original values. The typical case for NAT is to allow sharing of public IP addresses - which are a scarce resource - amongst many hosts, as opposed as assigning a public IP address for each host.

125.34.48.166 is a public IP address, which has been assigned to the organisation that wants to connect to the Internet; the addresses in the 10.0.0.0/8 range are of a private range, which is not allowed to route packets on a public network. The NAT server performs the translation of the addresses.

2. NAT technology help the network to improve the security by providing the private IP address. NAT packet forwarding technology helps to drop unauthorized packets.

3. NAT provide private IP address to the connected devices to resolve the less public address issue.  NAT is used in mainly IPv4 which is 32 bits. But the IPv6 is 128 bit IP address which can support lots of IP address and therefore, the NAT facility is not required.

Packet No.	Time	Source	Destination	Protocol	Info
6	0.305603	8.8.8.8	10.10.30.148	DNS	Standard query response 0x3536 A webfuse.cqu.edu.au A 138.77.5.135
Explanation:  This is a domain name resolution.
7	0.307007	10.10.30.148	138.77.5.135	TCP	64975 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
Explanation: Start of three-way handshaking
20	1.126409	138.77.5.135	10.10.30.148	TCP	80 → 64976 [FIN, ACK] Seq=333 Ack=286 Win=30336 Len=0
Explanation:  End to the connection termination.

Frame No 2,3 and 6

The three-way handshaking for connection establishment

Frame No 7,8,9

Connection termination

Frame no 20

 a.

Access-list 35 deny 192.168.176.0 0.0.15.255

b.

Access-list 85 permit TCP any 138.77.236.58 0.0.0.0 eq 443

c.

ip access-group 105 in

access-list 20 permit tcp any host 138.77.15.77 eq smtp

access-list 112 permit tcp any host 138.77.15.77 eq 25

ip access-group 115 in

access-list 120 permit udp any 138.77. 232.10 eq domain 

1. Packet Sniffing : In Wi-Fi network packets are send wirelessly. If a user send any un-encrypted file over the network then it is very easy to capture this network packet and get the information. This procedure is called packet sniffing.   

Man in the middle attack:  Any hacker can trick the communicating device into sending the user transmission to an attacker’s system. Many type of malware can be implant into the user system through email, packets or Wi-Fi.  

2. Sniffing attack is passive attack so it is not possible to detect. One way to secure the network is using the SSL or HTTPS. Many Wi-Fi network is not possible to detect. But there are few tools are present for detecting some of the network those are nzyme and Graylog.

3 A Linux command and script is used for a particular target. After that this script searching the network and make some clone of this network into different channel. When the user try to connect with the real network then its make contact and connect it with one of the clone network. A SSL script is used to remove the HTTPS. After all of these the Wireshark or any other packet capturing tool is used to capture the network packets.