Scribd
Upload
15 views18 pages

CNS 101

The document outlines laboratory experiments for cryptography and network security, specifically focusing on demonstrating an Intrusion Detection System (IDS) using Snort, verifying file integrity using the MD5 tool, and setting up a honeypot with Cowrie. Each section includes installation procedures, steps for operation, and results of the experiments. The successful completion of these tasks enhances understanding of network security measures and threat detection techniques.

Uploaded by

Santhosh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views18 pages

CNS 101

The document outlines laboratory experiments for cryptography and network security, specifically focusing on demonstrating an Intrusion Detection System (IDS) using Snort, verifying file integrity using the MD5 tool, and setting up a honeypot with Cowrie. Each section includes installation procedures, steps for operation, and results of the experiments. The successful completion of these tasks enhances understanding of network security measures and threat detection techniques.

Uploaded by

Santhosh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

CS22611 - CRYPTOGRAPHY AND NETWORK SECURITY LABORATORY

EXP.NO : 10
DATE :
Demonstrate IDS using Snort

AIM:
To demonstrate intrusion detection system using Snort.

INSTALLATION PROCEDURE:
1. Download SNORT from snort.org
2. Install snort with or without database support.
3. Select all the components and Click Next.
4. Install and Close.
5. Skip the WinPcap driver installation
6. Add the path variable in windows environment variable by selecting new classpath.
7. Create a path variable and point it at snort.exe variable name path and variable value:
c:\snort\bin.
8. Click OK button and then close all dialog boxes.
9. Open command prompt and type the commands.

STEPS:
SNORT can be configured to run in three modes:
1. Sniffer mode
• snort –v Print out the TCP/IP packets header on the screen
• snort –vd Show the TCP/IP ICMP header with application data in transit.
• snort –dev –l c:\log snort will automatically know to go into packet logger mode, it
collects every packet it sees and places it in log directory.
• snort –dev –l c:\log –h ipaddress/24 This rule tells snort that you want to print out the
data link and TCP/IP headers as well as application data into the log directory.
• snort –l c:\log –b This is binary mode logs everything into a single file.

2. Packet Logger mode

Roll Number:2127220501101 Page No.:


Network Intrusion Detection System mode
• snort –d c:\log –h ipaddress/24 –c snort.conf This is a configuration file applies rule to
each packet to decide it an action based upon the rule type in the file.
• snort –d –h ipaddress/24 –l c:\log –c snort.conf This will configure snort to run in its
most basic NIDS form, logging packets that trigger rules specifies in the snort.conf

C:\Snort\bin\snort –v

C:\Snort\bin\snort –vd

Roll Number:2127220501101 Page No.:


C:\Snort\bin>snort –W

C:\Snort\bin>Snort -i 1 -c c:\snort\etc\anort.conf -T

Roll Number:2127220501101 Page No.:


Roll Number:2127220501101 Page No.:
C:\Snort\bin>Snort -i 1 -c c:\snort\etc\snort.conf -A

Roll Number:2127220501101 Page No.:


C:\Snort\bin\ snort –dev –l c:\log

C:\Snort\bin\snort –dev –l c:\log –h ipaddress/24

Roll Number:2127220501101 Page No.:


C:\Snort\bin\snort –l c:\log –b

snort –d –h ipaddress/24 –l c:\log –c snort.conf

Roll Number:2127220501101 Page No.:


INFERENCE:

1. Install Snort on a Linux system (e.g., Ubuntu) using sudo apt install snort.
2. Configure Snort with a custom rule, e.g., alert icmp any any -> any any (msg:"ICMP
Packet Detected"; sid:1000001;).
3. Start Snort in IDS mode with: snort -A console -q -c /etc/snort/snort.conf -i eth0.
4. Generate traffic (e.g., ping another device) to trigger the ICMP rule.
5. Observe alerts in the console or log file showing detection of suspicious packets.

RESULT:
Thus, the snort IDS Demonstration successfully.

Roll Number:2127220501101 Page No.:


CS22611 - CRYPTOGRAPHY AND NETWORK SECURITY LABORATORY
EXP.NO : 9
DATE :
Verification of Integrity Check (MD5 Tool).

AIM:
To demonstrate verification of integrity Check (MD5 Tool).

INSTALLATION PROCEDURE:

1.Open Web Browser: Launch any web browser such as Chrome, Firefox, or Edge.

2.Visit Official Website: Go to the official download page of the MD5 tool, e.g.,
https://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility/

3.Download Installer: Click on the appropriate download link to download the MD5 Checksum
Utility setup file (usually a .exe file).

4.Locate Installer File: After download completes, navigate to the folder where the installer file is
saved (commonly the Downloads folder).

5.Run the Installer: Double-click the installer file to begin the installation process.

6.Follow Setup Wizard: Accept the license agreement and follow the on-screen instructions to
complete the installation.

7.Launch the Tool: Once installed, open the MD5 utility software from the Start Menu or desktop
shortcut to begin using it.

STEPS:

Step 1: Open the Terminal

Press Ctrl + Alt + T to open the terminal in Ubuntu.

Step 2: Create a Sample File

First, create a sample text file for demonstration:

echo "Hello, this is a test file." > file.txt

You can verify the file's content using:

cat file.txt

Roll Number:2127220501101 Page No.:


Step 3: Generate MD5 Hash for the File

To compute the MD5 hash for file.txt and display it in the console, run:
md5sum file.txt

Example Output:

098f6bcd4621d373cade4e832627b4f6 file.txt
This 32-character hash is unique to the file. If the file changes, the hash will also change.

Step 4: Store the Hash in a .md5 File

To store the MD5 hash in a separate file (checksum.md5), use:

md5sum file.txt > checksum.md5

This command creates a checksum.md5 file that contains:

098f6bcd4621d373cade4e832627b4f6 file.txt

You can check its content using:

cat checksum.md5

Step 5: Verify File Integrity Automatically

To verify if file.txt is unchanged, run:

md5sum -c checksum.md5

Expected Output:

 If the file is intact:


 file.txt: OK
 If the file is modified:

file.txt: FAILED

Step 6: Test What Happens If the File Changes

To check if MD5 can detect changes, modify file.txt:

echo "This is a modified version." > file.txt

Now, re-run the verification:

md5sum -c checksum.md5

Roll Number:2127220501101 Page No.:


New Output (If the file is altered):

file.txt: FAILED
md5sum: WARNING: 1 computed checksum did NOT match

This indicates that file.txt has been modified or corrupted.

Step 7: Recalculate the MD5 Hash After Modification

Since the file changed, you must recalculate its MD5 hash:

md5sum file.txt > checksum.md5


Now, run the verification again:

md5sum -c checksum.md5
If no further modifications were made, it should return:

file.txt: OK

Roll Number:2127220501101 Page No.:


Roll Number:2127220501101 Page No.:
INFERENCE:

1. The MD5 tool was successfully installed on the system.


2. It allows generation of MD5 hash values for any file.
3. The tool helps verify file integrity by comparing generated and original hashes.
4. It is useful for detecting file corruption or tampering during downloads.

Result:

Thus, the Verification of Integrity Check (MD5 Tool) have been successfully completed.

Roll Number:2127220501101 Page No.:


CS22611 – CRYPTOGRAPHY AND NETWORK SECURITY LABORATORY

EXP.NO: 8​ SET UP A HONEYPOT AND MONITOR THE HONEYPOT ON NETWORK


DATE:​ ​ ​

AIM:

To deploy and monitor a honeypot within a network environment in order to detect and analyze
unauthorized access attempts, simulate vulnerable systems to study attack patterns, and enhance network
security by improving threat detection and incident response.

PROCEDURE:

INTRODUCTION:
Cowrie is an SSH and Telnet honeypot designed to log brute-force attacks and shell interactions performed
by attackers. This guide walks through setting up Cowrie on a Linux system, testing it, monitoring logs, and
removing it to restore normal SSH functionality.

INSTALLATION:

STEP 1: Update System & Install Dependencies


Run the following commands to update your system and install necessary dependencies:

sudo apt update && sudo apt upgrade -y

sudo apt install -y git python3-venv python3-pip python3-dev libssl-dev libffi-dev jq


iptables-persistent

Reg.No: 2127220501101 Page.No:


STEP 2: Clone and Set Up Cowrie
Access the system directory to download the Cowrie honeypot tool from its official GitHub repository and
the downloaded files are then assigned to the current user for configuration and setup using the commands
below:

cd /opt
sudo git clone https://github.com/cowrie/cowrie.git
sudo chown -R $USER:$USER cowrie
cd cowrie

STEP 3: Setup Python Virtual Environment


To set up a Python virtual environment to isolate Cowrie's dependencies from the system Python, preventing
conflicts.The following commands are

python3 -m venv cowrie-env


source cowrie-env/bin/activate
pip install --upgrade pip
pip install -r requirements.txt

Reg.No: 2127220501101 Page.No:


STEP 4: Configure Cowrie
configure Cowrie by copying the default configuration file to an active one for editing and specific settings
are then modified to enable the SSH and Telnet services, set the SSH port to 2222, and reduce the logging
verbosity from DEBUG to INFO. This ensures Cowrie runs with appropriate network services and
manageable log output for monitoring.

cp etc/cowrie.cfg.dist etc/cowrie.cfg
sed -i 's/#listen_port = 2222/listen_port = 2222/' etc/cowrie.cfg
sed -i 's/#enable_telnet = true/enable_telnet = true/' etc/cowrie.cfg
sed -i 's/loglevel = DEBUG/loglevel = INFO/' etc/cowrie.cfg

STEP 5: Fix Permissions


To prepare the required directory structure for Cowrie to function correctly. The log directory is used to store
all captured attacker activity, while the run directory holds runtime process files like PID files or sockets.
Setting appropriate permissions ensures Cowrie has the necessary access to create, read, and manage these
files during execution.

mkdir -p /opt/cowrie/var/log/cowrie
mkdir -p /opt/cowrie/var/run
chmod -R 755 /opt/cowrie/var/

STEP 6: Start Cowrie


Start the cowrie using the command below:

cd /opt/cowrie
bin/cowrie start

Check if Cowrie is running:

bin/cowrie status

Reg.No: 2127220501101 Page.No:


TESTING:

STEP 1:Verify That Cowrie is Listening on Port 2222


Use the command below to verify cowrie

ss -tulnp | grep 2222

STEP 2:Test SSH Honeypot


Try connecting to Cowrie:

ssh root@localhost -p 2222

If successful, you should see a fake SSH shell.

MONITORING COWRIE LOGS:

Reg.No: 2127220501101 Page.No:


View live logs:

tail -f /opt/cowrie/var/log/cowrie/cowrie.log

To see past logins:

cat /opt/cowrie/var/log/cowrie/cowrie.json

REMOVING COWRIE AND RESTORING NORMAL SSH:

STEP 1: Stop Cowrie


cd /opt/cowrie
bin/cowrie stop

STEP 2 : Remove IP Tables Rule (if Applied)


sudo iptables -t nat -D PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
sudo netfilter-persistent save

STEP 3: Restore OpenSSH (if Disabled)

Check if SSH is running:

sudo systemctl status ssh

If inactive, start it:

sudo systemctl start ssh

If OpenSSH was removed, reinstall it:

sudo apt install openssh-server -y


sudo systemctl enable ssh
sudo systemctl start ssh

RESULT:
​ Thus the Cowrie honeypot was successfully set up and configured to emulate SSH and Telnet
services, allowing it to attract and log unauthorized access attempts and recorded attacker behavior,
including commands and session activity, which provided valuable insights into intrusion methods.

Reg.No: 2127220501101 Page.No:

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy