|
|
Application for performing man-in-the-middle IPv6 attacks
Kadlec, Branislav ; Jeřábek, Jan (referee) ; Phan, Viet Anh (advisor)
Tato práce představuje vývoj aplikace v jazyce Python určené k provádění útoků Man-in-the-Middle (MITM) ve virtuální síti IPv6. Cílem tohoto výzkumu, motivovaného hlubokým zájmem o informační bezpečnost, sítě a programování, je vytvořit univerzální nástroj, který integruje různé metody útoků do jediného uceleného řešení. Mezi cíle patří vývoj kódu v jazyce Python s využitím knihovny Scapy, důkladné pochopení protokolů IPv6, ICMPv6 a DHCPv6 a vytvoření aplikace, která se zaměřuje na tři hlavní vektory útoku: falešný server DNS, falešný server DHCP a falešnou výchozí bránu. Kritéria hodnocení budou hodnotit výkon a výhody aplikace ve srovnání se stávajícími specializovanými nástroji. Metodicky je použita knihovna Scapy a pro komplexní testování je pečlivě navrženo virtuální síťové prostředí. Etické úvahy zdůrazňují zodpovědnost uživatele při využívání takovýchto nástrojů a vyvozují analogie s dvojúčelovými nástroji, jako jsou nože. Rozsah práce zahrnuje teoretické základy, návrh aplikace, nastavení virtuální sítě, metodiku testování a analýzu výsledků. Cílem je přispět k cenným poznatkům o útocích MITM a zároveň poskytnout univerzální nástroj pro bezpečnostní praktiky. Výzkum zkoumá průsečík programování v jazyce Python, síťových protokolů a kybernetické bezpečnosti a nabízí důkladný průzkum dynamické oblasti útoků Man-in-the-Middle.
|
|
| |
|
|
Construction of IPv6 covert channels and their impact in the information system
Lohunkov, Ivan ; Jeřábek, Jan (referee) ; Phan, Viet Anh (advisor)
This thesis focuses on the issue of covert channels using IPv6 and ICMPv6 protocols. To transmit packets between devices, we need an application written in Python and also running IDS software on the receiver side. The theoretical part treats the issues of IPv6, ICMPv6 protocols and the possibility of hidden channel transmission in them. It deals with the details of their design and possible implementations. The practical part discusses a scenario that describes how the communication between the sender of packets and their receiver will take place. It also describes how to create a hidden channel and how to send it correctly. It also describes the structure of the application, both for sending the covert channel and for decrypting it. The final chapter describes programs for creating and decrypting covert channels, their communication behavior, and their strengths and weaknesses. According to the analysis of this thesis, it can be concluded that covert channels in IPv6/ICMPv6 are not yet so well understood that they are almost non-existent. This is especially true for extension headers, which are barely used in normal communication. They may be the very source, for the transmission of hidden information. The Suricata IDS has also been able to pass most packets to the receiver without alerting the receiver that the packet is suspicious.
|
|
|
Security testing of IPv6 family protocols and related vulnerabilities
Vopálka, Matěj ; Phan, Viet Anh (referee) ; Jeřábek, Jan (advisor)
This thesis discusses the Internet Protocol version 6 (IPv6), especially the secure deployment of the protocol. The thesis deals with the shortcomings of IPv4 protocol and reason of development of IPv6 protocol. It covers topics like IPv6 addressing, structure of frames, the initial types of IPv6 extension headers. Additionally, the thesis explores related protocols to IPv6, such as NDP, SLAAC, adn DHCPv6. The thesis provides an introduction to penetration testing, describes the basic types of hackers and gives a general overview of information security attacks. The practical part is devoted to the development of an application for automatic vulnerability testing of IPv6 networks Penvuhu6. The tool is developed in Python programming language using Scapy library. Penvuhu6 has been tested in an emulated network environment with the GNS3 program. Three test scenarios were developed for the tool focusing on testing the passage of repetitive and misaligned headers, overlapping fragments, and Router advertisement and DHCPv6 advertisement messages. Penvuhu6 was tested on an emulated RouterOS device with basic and restrictive configurations.
|
|
|
Testing the impact of network infrastructure capacity on the performance of Internet access services
Hykš, Matěj ; Šilhavý, Pavel (referee) ; Jeřábek, Jan (advisor)
This master thesis deals with the topic of measuring the transmission capacity of computer networks. It describes the differences between service and link parameters, which are measured using TCP, UDP, ICMP and other protocols. In the last theoretical part, it briefly describes the queueing theory and explains their relevance in today’s computer networks. The result of the work is a custom measurement system that will simulate multi-user access to the electronic communications network, measure its capacity and conform to standards.
|
|
|
Generating non-standard packets and data flows on Ethernet networks for teaching purposes
Mošnerová, Tereza ; Dvořák, Jan (referee) ; Jeřábek, Jan (advisor)
This diploma thesis is aimed at the process of generating non-standard data streams that contain hidden information. For this purpose a software called Ostinato is used. Ostinato allows to select protocols on the individual layers of the TCP/IP network model according to the needs and preferences, and moreover, data bytes can be inserted and modified arbitrarily using the HexDump fields. Various fields of the TCP/IP protocols are used to hide data on the network, transport and application layers. The generated data packets can be easily modified which enables to create several other versions of them. These can serve, for example, as a semestral project assignment for the subjects Communication Technology and Modern Communication Techniques taught at BUT. In addition, the size limits of the inserted data of the individual data packet options are tested. The functionality of the generated packets is verified by Wireshark. As a result, several .ostm and .pcapng files including a text file with their clear description are provided.
|
|
|
Testing the response of operating systems to different IPv6 flows
Ruiner, Michal ; Polák, Ladislav (referee) ; Jeřábek, Jan (advisor)
The aim of the thesis is to create an array of virtual machines and research their response to the IPv6 protocol. Another significant part is to utilize the provided tool for generating and sniffing IPv6 traffic and verify its correct functionality. For such purpose, the GNS3 open-source software is selected. A~reader is familiarized with the concepts of virtualization, GNS3 functionality and various methods of software testing together with the implemented practical models. The IPv6 protocol is introduced in detail as well as the packet format, address types and several IPv6 protocols useful for the thesis. The practical part is discussed in the Numerical results chapter. The topology is established and connectivity verified using IPv4. Configuration of static IPv6 addresses is performed on the devices as well as configuration of router to distribute particular prefixes. 5 testing scenarios are proposed that increase the input load to the tool in sense of higher number of addresses for the 3 different modes - passive, active and aggressive. 3 scripts were developed. Performance testing script measures utilization of computational resources. The other 2 scripts perform packet capturing and further analysis to compare the results of proposed scripts with provided tool. The comparison is done utilizing passive and aggressive modes. Active mode is used to observe the response of various operating systems to different IPv6 flows. Specifically, multiple Windows 10 builds, Linux distributions, Windows XP, 7, 11, macOS and Android.
|
|
|
Mapping and analyzing signal coverage in 4G/5G mobile networks
Baránek, Michal ; Jeřábek, Jan (referee) ; Polák, Ladislav (advisor)
Tato práce se zabývá s pokročilým měřením kapacity a spolehlivosti v mobilních sítích, zejména s rozšířeným přijetím technologií 4G a 5G. Vzhledem k tomu, že se tyto sítě stávají stále více nedílnou součástí každodenního života, existuje potřeba efektivních řešení pro hodnocení a optimalizaci jejich výkonu. Primárním cílem této práce je vyvinout cenově dostupná softwarová a hardwarová řešení schopná extrahovat základní klíčové ukazatele výkonu (KPI) z mobilních sítí 4G/5G. Navrhovaný systém si klade za cíl poskytnout uživatelům přístupný nástroj pro hodnocení výkonu sítě, pokrytí signálem v konkrétních oblastech a prediktivní modely pro budoucí kapacitu sítě. Tyto funkce jsou prezentovány prostřednictvím uživatelsky přívětivého grafického rozhraní (tzv. GUI), které umožňuje přímočará a cenově výhodná měření ve venkovním i vnitřním prostředí.
|
|
| |
|
|
Controllable Frequency Filters with Modern Active Elements
Preclík, Milan ; Jeřábek, Jan (referee) ; Koton, Jaroslav (advisor)
The work deals with design of transformation cells suitable for realization of higher orders frequency filters with possibility of cutoff frequency control. At first, there is a common description of frequency filters and active elements like current and voltage conveyors. Furthermore assumptions of cutoff frequency control are defined which result in a convenient characteristical equation. Phylosophy of synthetic elements DP , EP , DS , ES including a possibility of change of cutoff frequency is next in line. By exploitation of synthetic elements theory new circuit’s schemes of transformation cells are searched. The work continues with the choice of appropriate transformation cells for resulting circuit’s solutions of frequency filters with possibility of cutoff frequency control by using transfer coefficients of active elements or with help of passive elements. The work concludes with verification of its proper function based on a simulation executed in OrCAD and with practical implementation of choosen circuit’s solution.
|
guest ::
RSS feed.