Red v Blue L1: Linux 1

What You Need for This Project

The BLUE TEAM needs a computer with VirtualBox.
The RED TEAM needs a Kali Linux box.

SCOREBOARD

Ub18-RvB-L1 Clone.ova (1.g GB)

1. Blue Team: Configuring IP

1. Configure interfaces; manually assign the IP address the instructor gives you In a Terminal, execute this command:

sudo nano /etc/netplan/50-cloud-init.yaml

Add your IP address and gateway into this file, as shown below.

In a Terminal, execute this command:

sudo netplan --debug apply

On your host computer, open a browser and go to your server's IP address followed by /ccsf.htm

You should see the CCSf web page, as shown below.

You should start getting points on the scoreboard, as shown below.

2. Blue Team: Configuring Snort

In a Terminal, execute these commands:

sudo mv /etc/snort/snort.debian.conf . sudo dpkg-reconfigure snort

Purple screens appear, as shown below. Give these answers, using your assigned IP address in the third answer:

Snort start method: boot
Interface(s): enp0s9
Address range: 10.154.132.4/32
Disable promiscuous mode: Yes
Custom options: -A full
Summaries by e-mail: No

3. Blue Team: Testing Snort

Ping your server from a different machine.

In a Terminal, execute this command:

tail -f /var/log/snort/alert

You should see alerts, as shown below.

4. Red Team: Ping of Death

In a Terminal, execute this command, replacing the IP address with the IP address of the target machine.

ping -s 60000 172.16.123.156

On the scoreboard, click the "Submit Logs link.

Paste in the reply size, which is covered by a green box in the image above, to collect your points.

5. Blue Team: Detect Ping of Death

Examine your Snort alerts and find the alert shown below.

On the scoreboard, click the "Submit Logs link.

Paste in the classification text, which is covered by a green box in the image below, to collect your points.

6. Red Team: Slowloris Attack

On the target machine, view the server-status, as shown below.

On your Kali attacker, execute these commands to start a Slowloris attack.

apt install python3-pip pip3 install slowloris slowloris example.com

Refresh the server-status. You may need to stop the attack briefly to load the page. If the attack is freezing the server too much, add -s 149 to only target 149 of the 150 sockets so there's one left for you to use.

When you see all the dots gone from the grid, replaced by 'R" or other letters, as shown below, copy the text on the page. Submit that text on the "Submit Logs" page to claim your points.

7. Blue Team: Slowloris

Your Web server is down, as shown below!

execute these commands to activate Apache's "reqtimeout" module, which resists the Slowloris attack.

sudo systemctl stop apache2 sudo a2enmod reqtimeout sudo systemctl start apache2

View your server-status. You should get a response now, and your server should be up again.

Copy the first 2 lines of the connection log, as highlighted in the image below. Submit that text on the "Submit Logs" page to claim your points.

Posted 2-2-19