It doesn't work

[shajiloo]

I have tried to recreate this attack for my Intrusion Detection course. However, I could not proceed after getting stuck with predicting the sequence number. Apparently, the new version of Ubuntu is equipped with sequence number randomization, making the prediction infeasible. Besides, how did you manage to launch the attack with the attacker outside the network? I would really appreciate it if you help me with my situation. Would you provide more details about the configuration of your VMs? What kind of OS and which version did you use in your attack?

[gregorysholl]

Hi, sorry for taking so long to reply. It's been a while since I did this assingment, so I had to find the actual assingment. I found the following information:

About the attacker VM:

• Ran Debian 7, Linux 3.2.

About the x-terminal VM:

• Ran Debian 7, Linux 3.2. However, it ran a patched Linux 3.2 kernel where TCP sequence number incremented in a predictable pattern.
• Ran rshd and rlogind.
• Trusted server.
• No firewall.
• TCP syncookies enabled.

About the server VM:

• Ran rlogind.
• Was trusted by x-terminal.
• TCP syncookies enabled.

[shajiloo]

• patched

Thank you for your response.

I just have a problem finding that patched Linux 3.2 kernel.

Do you still have it? Or do you have any idea where you got it?

[gregorysholl]

Hi. I'm sorry, but the VMs were created and configured by the teacher even before the assignment was given. All the information I provided in my last answer was all the information we had as well.